sentinel

package
v5.89.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 20, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AlertRuleAnomalyBuiltIn added in v5.37.0 

type AlertRuleAnomalyBuiltIn struct {
	pulumi.CustomResourceState

	// The version of the Anomaly Security ML Analytics Settings.
	AnomalySettingsVersion pulumi.IntOutput `pulumi:"anomalySettingsVersion"`
	// The anomaly version of the Anomaly Alert Rule.
	AnomalyVersion pulumi.StringOutput `pulumi:"anomalyVersion"`
	// The description of the threshold observation.
	Description pulumi.StringOutput `pulumi:"description"`
	// The Display Name of the built-in Anomaly Alert Rule.
	//
	// > **Note:** One of `name` or `displayName` block must be specified.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Should the Built-in Anomaly Alert Rule be enabled?
	Enabled pulumi.BoolOutput `pulumi:"enabled"`
	// The frequency the Anomaly Alert Rule will be run.
	Frequency pulumi.StringOutput `pulumi:"frequency"`
	// The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// mode of the Built-in Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.
	Mode pulumi.StringOutput `pulumi:"mode"`
	// A list of `multiSelectObservation` blocks as defined below.
	MultiSelectObservations AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput `pulumi:"multiSelectObservations"`
	// The Name of the built-in Anomaly Alert Rule.
	Name pulumi.StringOutput `pulumi:"name"`
	// A list of `prioritizedExcludeObservation` blocks as defined below.
	PrioritizedExcludeObservations AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput `pulumi:"prioritizedExcludeObservations"`
	// A `requiredDataConnector` block as defined below.
	RequiredDataConnectors AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput `pulumi:"requiredDataConnectors"`
	// The ID of the anomaly settings definition Id.
	SettingsDefinitionId pulumi.StringOutput `pulumi:"settingsDefinitionId"`
	// A list of `singleSelectObservation` blocks as defined below.
	SingleSelectObservations AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput `pulumi:"singleSelectObservations"`
	// A list of categories of attacks by which to classify the rule.
	Tactics pulumi.StringArrayOutput `pulumi:"tactics"`
	// A list of techniques of attacks by which to classify the rule.
	Techniques pulumi.StringArrayOutput `pulumi:"techniques"`
	// A list of `thresholdObservation` blocks as defined below.
	ThresholdObservations AlertRuleAnomalyBuiltInThresholdObservationArrayOutput `pulumi:"thresholdObservations"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-law"),
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId:               exampleAnalyticsWorkspace.ID(),
			CustomerManagedKeyEnabled: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		_ = sentinel.GetAlertRuleAnomalyOutput(ctx, sentinel.GetAlertRuleAnomalyOutputArgs{
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("Potential data staging"),
		}, nil)
		_, err = sentinel.NewAlertRuleAnomalyBuiltIn(ctx, "example", &sentinel.AlertRuleAnomalyBuiltInArgs{
			DisplayName:             pulumi.String("Potential data staging"),
			LogAnalyticsWorkspaceId: exampleAnalyticsWorkspace.ID(),
			Mode:                    pulumi.String("Production"),
			Enabled:                 pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Built In Anomaly Alert Rules can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/alertRuleAnomalyBuiltIn:AlertRuleAnomalyBuiltIn example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/setting1 ```

func GetAlertRuleAnomalyBuiltIn added in v5.37.0 

func GetAlertRuleAnomalyBuiltIn(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleAnomalyBuiltInState, opts ...pulumi.ResourceOption) (*AlertRuleAnomalyBuiltIn, error)

GetAlertRuleAnomalyBuiltIn gets an existing AlertRuleAnomalyBuiltIn resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleAnomalyBuiltIn added in v5.37.0 

func NewAlertRuleAnomalyBuiltIn(ctx *pulumi.Context,
	name string, args *AlertRuleAnomalyBuiltInArgs, opts ...pulumi.ResourceOption) (*AlertRuleAnomalyBuiltIn, error)

NewAlertRuleAnomalyBuiltIn registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleAnomalyBuiltIn) ElementType added in v5.37.0 

func (*AlertRuleAnomalyBuiltIn) ElementType() reflect.Type

func (*AlertRuleAnomalyBuiltIn) ToAlertRuleAnomalyBuiltInOutput added in v5.37.0 

func (i *AlertRuleAnomalyBuiltIn) ToAlertRuleAnomalyBuiltInOutput() AlertRuleAnomalyBuiltInOutput

func (*AlertRuleAnomalyBuiltIn) ToAlertRuleAnomalyBuiltInOutputWithContext added in v5.37.0 

func (i *AlertRuleAnomalyBuiltIn) ToAlertRuleAnomalyBuiltInOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInOutput

type AlertRuleAnomalyBuiltInArgs added in v5.37.0 

type AlertRuleAnomalyBuiltInArgs struct {
	// The Display Name of the built-in Anomaly Alert Rule.
	//
	// > **Note:** One of `name` or `displayName` block must be specified.
	DisplayName pulumi.StringPtrInput
	// Should the Built-in Anomaly Alert Rule be enabled?
	Enabled pulumi.BoolInput
	// The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// mode of the Built-in Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.
	Mode pulumi.StringInput
	// The Name of the built-in Anomaly Alert Rule.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a AlertRuleAnomalyBuiltIn resource.

func (AlertRuleAnomalyBuiltInArgs) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInArgs) ElementType() reflect.Type

type AlertRuleAnomalyBuiltInArray added in v5.37.0 

type AlertRuleAnomalyBuiltInArray []AlertRuleAnomalyBuiltInInput

func (AlertRuleAnomalyBuiltInArray) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInArray) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInArray) ToAlertRuleAnomalyBuiltInArrayOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInArray) ToAlertRuleAnomalyBuiltInArrayOutput() AlertRuleAnomalyBuiltInArrayOutput

func (AlertRuleAnomalyBuiltInArray) ToAlertRuleAnomalyBuiltInArrayOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInArray) ToAlertRuleAnomalyBuiltInArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInArrayOutput

type AlertRuleAnomalyBuiltInArrayInput added in v5.37.0 

type AlertRuleAnomalyBuiltInArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInArrayOutput() AlertRuleAnomalyBuiltInArrayOutput
	ToAlertRuleAnomalyBuiltInArrayOutputWithContext(context.Context) AlertRuleAnomalyBuiltInArrayOutput
}

AlertRuleAnomalyBuiltInArrayInput is an input type that accepts AlertRuleAnomalyBuiltInArray and AlertRuleAnomalyBuiltInArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInArrayInput` via: 

AlertRuleAnomalyBuiltInArray{ AlertRuleAnomalyBuiltInArgs{...} }

type AlertRuleAnomalyBuiltInArrayOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInArrayOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInArrayOutput) Index added in v5.37.0 

func (o AlertRuleAnomalyBuiltInArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyBuiltInOutput

func (AlertRuleAnomalyBuiltInArrayOutput) ToAlertRuleAnomalyBuiltInArrayOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInArrayOutput) ToAlertRuleAnomalyBuiltInArrayOutput() AlertRuleAnomalyBuiltInArrayOutput

func (AlertRuleAnomalyBuiltInArrayOutput) ToAlertRuleAnomalyBuiltInArrayOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInArrayOutput) ToAlertRuleAnomalyBuiltInArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInArrayOutput

type AlertRuleAnomalyBuiltInInput added in v5.37.0 

type AlertRuleAnomalyBuiltInInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInOutput() AlertRuleAnomalyBuiltInOutput
	ToAlertRuleAnomalyBuiltInOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInOutput
}

type AlertRuleAnomalyBuiltInMap added in v5.37.0 

type AlertRuleAnomalyBuiltInMap map[string]AlertRuleAnomalyBuiltInInput

func (AlertRuleAnomalyBuiltInMap) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInMap) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInMap) ToAlertRuleAnomalyBuiltInMapOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInMap) ToAlertRuleAnomalyBuiltInMapOutput() AlertRuleAnomalyBuiltInMapOutput

func (AlertRuleAnomalyBuiltInMap) ToAlertRuleAnomalyBuiltInMapOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInMap) ToAlertRuleAnomalyBuiltInMapOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInMapOutput

type AlertRuleAnomalyBuiltInMapInput added in v5.37.0 

type AlertRuleAnomalyBuiltInMapInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInMapOutput() AlertRuleAnomalyBuiltInMapOutput
	ToAlertRuleAnomalyBuiltInMapOutputWithContext(context.Context) AlertRuleAnomalyBuiltInMapOutput
}

AlertRuleAnomalyBuiltInMapInput is an input type that accepts AlertRuleAnomalyBuiltInMap and AlertRuleAnomalyBuiltInMapOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInMapInput` via: 

AlertRuleAnomalyBuiltInMap{ "key": AlertRuleAnomalyBuiltInArgs{...} }

type AlertRuleAnomalyBuiltInMapOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInMapOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInMapOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInMapOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInMapOutput) MapIndex added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMapOutput) MapIndex(k pulumi.StringInput) AlertRuleAnomalyBuiltInOutput

func (AlertRuleAnomalyBuiltInMapOutput) ToAlertRuleAnomalyBuiltInMapOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMapOutput) ToAlertRuleAnomalyBuiltInMapOutput() AlertRuleAnomalyBuiltInMapOutput

func (AlertRuleAnomalyBuiltInMapOutput) ToAlertRuleAnomalyBuiltInMapOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMapOutput) ToAlertRuleAnomalyBuiltInMapOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInMapOutput

type AlertRuleAnomalyBuiltInMultiSelectObservation added in v5.37.0 

type AlertRuleAnomalyBuiltInMultiSelectObservation struct {
	// The description of the threshold observation.
	Description *string `pulumi:"description"`
	// The Name of the built-in Anomaly Alert Rule.
	Name *string `pulumi:"name"`
	// A list of supported values of the single select observation.
	SupportedValues []string `pulumi:"supportedValues"`
	// A list of values of the single select observation.
	Values []string `pulumi:"values"`
}

type AlertRuleAnomalyBuiltInMultiSelectObservationArgs added in v5.37.0 

type AlertRuleAnomalyBuiltInMultiSelectObservationArgs struct {
	// The description of the threshold observation.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// The Name of the built-in Anomaly Alert Rule.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// A list of supported values of the single select observation.
	SupportedValues pulumi.StringArrayInput `pulumi:"supportedValues"`
	// A list of values of the single select observation.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (AlertRuleAnomalyBuiltInMultiSelectObservationArgs) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInMultiSelectObservationArgs) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInMultiSelectObservationArgs) ToAlertRuleAnomalyBuiltInMultiSelectObservationOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInMultiSelectObservationArgs) ToAlertRuleAnomalyBuiltInMultiSelectObservationOutput() AlertRuleAnomalyBuiltInMultiSelectObservationOutput

func (AlertRuleAnomalyBuiltInMultiSelectObservationArgs) ToAlertRuleAnomalyBuiltInMultiSelectObservationOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInMultiSelectObservationArgs) ToAlertRuleAnomalyBuiltInMultiSelectObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInMultiSelectObservationOutput

type AlertRuleAnomalyBuiltInMultiSelectObservationArray added in v5.37.0 

type AlertRuleAnomalyBuiltInMultiSelectObservationArray []AlertRuleAnomalyBuiltInMultiSelectObservationInput

func (AlertRuleAnomalyBuiltInMultiSelectObservationArray) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInMultiSelectObservationArray) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInMultiSelectObservationArray) ToAlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInMultiSelectObservationArray) ToAlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput() AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput

func (AlertRuleAnomalyBuiltInMultiSelectObservationArray) ToAlertRuleAnomalyBuiltInMultiSelectObservationArrayOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInMultiSelectObservationArray) ToAlertRuleAnomalyBuiltInMultiSelectObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput

type AlertRuleAnomalyBuiltInMultiSelectObservationArrayInput added in v5.37.0 

type AlertRuleAnomalyBuiltInMultiSelectObservationArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput() AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput
	ToAlertRuleAnomalyBuiltInMultiSelectObservationArrayOutputWithContext(context.Context) AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput
}

AlertRuleAnomalyBuiltInMultiSelectObservationArrayInput is an input type that accepts AlertRuleAnomalyBuiltInMultiSelectObservationArray and AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInMultiSelectObservationArrayInput` via: 

AlertRuleAnomalyBuiltInMultiSelectObservationArray{ AlertRuleAnomalyBuiltInMultiSelectObservationArgs{...} }

type AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput) Index added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyBuiltInMultiSelectObservationOutput

func (AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput) ToAlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput) ToAlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput() AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput

func (AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput) ToAlertRuleAnomalyBuiltInMultiSelectObservationArrayOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput) ToAlertRuleAnomalyBuiltInMultiSelectObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput

type AlertRuleAnomalyBuiltInMultiSelectObservationInput added in v5.37.0 

type AlertRuleAnomalyBuiltInMultiSelectObservationInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInMultiSelectObservationOutput() AlertRuleAnomalyBuiltInMultiSelectObservationOutput
	ToAlertRuleAnomalyBuiltInMultiSelectObservationOutputWithContext(context.Context) AlertRuleAnomalyBuiltInMultiSelectObservationOutput
}

AlertRuleAnomalyBuiltInMultiSelectObservationInput is an input type that accepts AlertRuleAnomalyBuiltInMultiSelectObservationArgs and AlertRuleAnomalyBuiltInMultiSelectObservationOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInMultiSelectObservationInput` via: 

AlertRuleAnomalyBuiltInMultiSelectObservationArgs{...}

type AlertRuleAnomalyBuiltInMultiSelectObservationOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInMultiSelectObservationOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInMultiSelectObservationOutput) Description added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMultiSelectObservationOutput) Description() pulumi.StringPtrOutput

The description of the threshold observation.

func (AlertRuleAnomalyBuiltInMultiSelectObservationOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInMultiSelectObservationOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInMultiSelectObservationOutput) Name added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMultiSelectObservationOutput) Name() pulumi.StringPtrOutput

The Name of the built-in Anomaly Alert Rule.

func (AlertRuleAnomalyBuiltInMultiSelectObservationOutput) SupportedValues added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMultiSelectObservationOutput) SupportedValues() pulumi.StringArrayOutput

A list of supported values of the single select observation.

func (AlertRuleAnomalyBuiltInMultiSelectObservationOutput) ToAlertRuleAnomalyBuiltInMultiSelectObservationOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMultiSelectObservationOutput) ToAlertRuleAnomalyBuiltInMultiSelectObservationOutput() AlertRuleAnomalyBuiltInMultiSelectObservationOutput

func (AlertRuleAnomalyBuiltInMultiSelectObservationOutput) ToAlertRuleAnomalyBuiltInMultiSelectObservationOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMultiSelectObservationOutput) ToAlertRuleAnomalyBuiltInMultiSelectObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInMultiSelectObservationOutput

func (AlertRuleAnomalyBuiltInMultiSelectObservationOutput) Values added in v5.37.0 

func (o AlertRuleAnomalyBuiltInMultiSelectObservationOutput) Values() pulumi.StringArrayOutput

A list of values of the single select observation.

type AlertRuleAnomalyBuiltInOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInOutput) AnomalySettingsVersion added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) AnomalySettingsVersion() pulumi.IntOutput

The version of the Anomaly Security ML Analytics Settings.

func (AlertRuleAnomalyBuiltInOutput) AnomalyVersion added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) AnomalyVersion() pulumi.StringOutput

The anomaly version of the Anomaly Alert Rule.

func (AlertRuleAnomalyBuiltInOutput) Description added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) Description() pulumi.StringOutput

The description of the threshold observation.

func (AlertRuleAnomalyBuiltInOutput) DisplayName added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) DisplayName() pulumi.StringOutput

The Display Name of the built-in Anomaly Alert Rule.

> **Note:** One of `name` or `displayName` block must be specified.

func (AlertRuleAnomalyBuiltInOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInOutput) Enabled added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) Enabled() pulumi.BoolOutput

Should the Built-in Anomaly Alert Rule be enabled?

func (AlertRuleAnomalyBuiltInOutput) Frequency added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) Frequency() pulumi.StringOutput

The frequency the Anomaly Alert Rule will be run.

func (AlertRuleAnomalyBuiltInOutput) LogAnalyticsWorkspaceId added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.

func (AlertRuleAnomalyBuiltInOutput) Mode added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) Mode() pulumi.StringOutput

mode of the Built-in Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.

func (AlertRuleAnomalyBuiltInOutput) MultiSelectObservations added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) MultiSelectObservations() AlertRuleAnomalyBuiltInMultiSelectObservationArrayOutput

A list of `multiSelectObservation` blocks as defined below.

func (AlertRuleAnomalyBuiltInOutput) Name added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) Name() pulumi.StringOutput

The Name of the built-in Anomaly Alert Rule.

func (AlertRuleAnomalyBuiltInOutput) PrioritizedExcludeObservations added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) PrioritizedExcludeObservations() AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput

A list of `prioritizedExcludeObservation` blocks as defined below.

func (AlertRuleAnomalyBuiltInOutput) RequiredDataConnectors added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) RequiredDataConnectors() AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput

A `requiredDataConnector` block as defined below.

func (AlertRuleAnomalyBuiltInOutput) SettingsDefinitionId added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) SettingsDefinitionId() pulumi.StringOutput

The ID of the anomaly settings definition Id.

func (AlertRuleAnomalyBuiltInOutput) SingleSelectObservations added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) SingleSelectObservations() AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput

A list of `singleSelectObservation` blocks as defined below.

func (AlertRuleAnomalyBuiltInOutput) Tactics added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) Tactics() pulumi.StringArrayOutput

A list of categories of attacks by which to classify the rule.

func (AlertRuleAnomalyBuiltInOutput) Techniques added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) Techniques() pulumi.StringArrayOutput

A list of techniques of attacks by which to classify the rule.

func (AlertRuleAnomalyBuiltInOutput) ThresholdObservations added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) ThresholdObservations() AlertRuleAnomalyBuiltInThresholdObservationArrayOutput

A list of `thresholdObservation` blocks as defined below.

func (AlertRuleAnomalyBuiltInOutput) ToAlertRuleAnomalyBuiltInOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) ToAlertRuleAnomalyBuiltInOutput() AlertRuleAnomalyBuiltInOutput

func (AlertRuleAnomalyBuiltInOutput) ToAlertRuleAnomalyBuiltInOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInOutput) ToAlertRuleAnomalyBuiltInOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInOutput

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservation added in v5.37.0 

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservation struct {
	// The description of the threshold observation.
	Description *string `pulumi:"description"`
	// The excluded value per `description`.
	Exclude *string `pulumi:"exclude"`
	// The Name of the built-in Anomaly Alert Rule.
	Name *string `pulumi:"name"`
	// The prioritized value per `description`.
	Prioritize *string `pulumi:"prioritize"`
}

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs added in v5.37.0 

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs struct {
	// The description of the threshold observation.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// The excluded value per `description`.
	Exclude pulumi.StringPtrInput `pulumi:"exclude"`
	// The Name of the built-in Anomaly Alert Rule.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// The prioritized value per `description`.
	Prioritize pulumi.StringPtrInput `pulumi:"prioritize"`
}

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput() AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArray added in v5.37.0 

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArray []AlertRuleAnomalyBuiltInPrioritizedExcludeObservationInput

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArray) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArray) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArray) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArray) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput() AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArray) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArray) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayInput added in v5.37.0 

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput() AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput
	ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutputWithContext(context.Context) AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput
}

AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayInput is an input type that accepts AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArray and AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayInput` via: 

AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArray{ AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs{...} }

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput) Index added in v5.37.0 

func (o AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput() AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayOutput

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationInput added in v5.37.0 

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput() AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput
	ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutputWithContext(context.Context) AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput
}

AlertRuleAnomalyBuiltInPrioritizedExcludeObservationInput is an input type that accepts AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs and AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInPrioritizedExcludeObservationInput` via: 

AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs{...}

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) Description added in v5.37.0 

func (o AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) Description() pulumi.StringPtrOutput

The description of the threshold observation.

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) Exclude added in v5.37.0 

func (o AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) Exclude() pulumi.StringPtrOutput

The excluded value per `description`.

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) Name added in v5.37.0 

func (o AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) Name() pulumi.StringPtrOutput

The Name of the built-in Anomaly Alert Rule.

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) Prioritize added in v5.37.0 

func (o AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) Prioritize() pulumi.StringPtrOutput

The prioritized value per `description`.

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput() AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput

func (AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput) ToAlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInPrioritizedExcludeObservationOutput

type AlertRuleAnomalyBuiltInRequiredDataConnector added in v5.37.0 

type AlertRuleAnomalyBuiltInRequiredDataConnector struct {
	// The ID of the required Data Connector.
	ConnectorId *string `pulumi:"connectorId"`
	// A list of data types of the required Data Connector.
	DataTypes []string `pulumi:"dataTypes"`
}

type AlertRuleAnomalyBuiltInRequiredDataConnectorArgs added in v5.37.0 

type AlertRuleAnomalyBuiltInRequiredDataConnectorArgs struct {
	// The ID of the required Data Connector.
	ConnectorId pulumi.StringPtrInput `pulumi:"connectorId"`
	// A list of data types of the required Data Connector.
	DataTypes pulumi.StringArrayInput `pulumi:"dataTypes"`
}

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArgs) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArgs) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArgs) ToAlertRuleAnomalyBuiltInRequiredDataConnectorOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInRequiredDataConnectorArgs) ToAlertRuleAnomalyBuiltInRequiredDataConnectorOutput() AlertRuleAnomalyBuiltInRequiredDataConnectorOutput

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArgs) ToAlertRuleAnomalyBuiltInRequiredDataConnectorOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInRequiredDataConnectorArgs) ToAlertRuleAnomalyBuiltInRequiredDataConnectorOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInRequiredDataConnectorOutput

type AlertRuleAnomalyBuiltInRequiredDataConnectorArray added in v5.37.0 

type AlertRuleAnomalyBuiltInRequiredDataConnectorArray []AlertRuleAnomalyBuiltInRequiredDataConnectorInput

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArray) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArray) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArray) ToAlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInRequiredDataConnectorArray) ToAlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput() AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArray) ToAlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInRequiredDataConnectorArray) ToAlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput

type AlertRuleAnomalyBuiltInRequiredDataConnectorArrayInput added in v5.37.0 

type AlertRuleAnomalyBuiltInRequiredDataConnectorArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput() AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput
	ToAlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutputWithContext(context.Context) AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput
}

AlertRuleAnomalyBuiltInRequiredDataConnectorArrayInput is an input type that accepts AlertRuleAnomalyBuiltInRequiredDataConnectorArray and AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInRequiredDataConnectorArrayInput` via: 

AlertRuleAnomalyBuiltInRequiredDataConnectorArray{ AlertRuleAnomalyBuiltInRequiredDataConnectorArgs{...} }

type AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput) Index added in v5.37.0 

func (o AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyBuiltInRequiredDataConnectorOutput

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput) ToAlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput) ToAlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput() AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput

func (AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput) ToAlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput) ToAlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInRequiredDataConnectorArrayOutput

type AlertRuleAnomalyBuiltInRequiredDataConnectorInput added in v5.37.0 

type AlertRuleAnomalyBuiltInRequiredDataConnectorInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInRequiredDataConnectorOutput() AlertRuleAnomalyBuiltInRequiredDataConnectorOutput
	ToAlertRuleAnomalyBuiltInRequiredDataConnectorOutputWithContext(context.Context) AlertRuleAnomalyBuiltInRequiredDataConnectorOutput
}

AlertRuleAnomalyBuiltInRequiredDataConnectorInput is an input type that accepts AlertRuleAnomalyBuiltInRequiredDataConnectorArgs and AlertRuleAnomalyBuiltInRequiredDataConnectorOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInRequiredDataConnectorInput` via: 

AlertRuleAnomalyBuiltInRequiredDataConnectorArgs{...}

type AlertRuleAnomalyBuiltInRequiredDataConnectorOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInRequiredDataConnectorOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInRequiredDataConnectorOutput) ConnectorId added in v5.37.0 

func (o AlertRuleAnomalyBuiltInRequiredDataConnectorOutput) ConnectorId() pulumi.StringPtrOutput

The ID of the required Data Connector.

func (AlertRuleAnomalyBuiltInRequiredDataConnectorOutput) DataTypes added in v5.37.0 

func (o AlertRuleAnomalyBuiltInRequiredDataConnectorOutput) DataTypes() pulumi.StringArrayOutput

A list of data types of the required Data Connector.

func (AlertRuleAnomalyBuiltInRequiredDataConnectorOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInRequiredDataConnectorOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInRequiredDataConnectorOutput) ToAlertRuleAnomalyBuiltInRequiredDataConnectorOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInRequiredDataConnectorOutput) ToAlertRuleAnomalyBuiltInRequiredDataConnectorOutput() AlertRuleAnomalyBuiltInRequiredDataConnectorOutput

func (AlertRuleAnomalyBuiltInRequiredDataConnectorOutput) ToAlertRuleAnomalyBuiltInRequiredDataConnectorOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInRequiredDataConnectorOutput) ToAlertRuleAnomalyBuiltInRequiredDataConnectorOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInRequiredDataConnectorOutput

type AlertRuleAnomalyBuiltInSingleSelectObservation added in v5.37.0 

type AlertRuleAnomalyBuiltInSingleSelectObservation struct {
	// The description of the threshold observation.
	Description *string `pulumi:"description"`
	// The Name of the built-in Anomaly Alert Rule.
	Name *string `pulumi:"name"`
	// A list of supported values of the single select observation.
	SupportedValues []string `pulumi:"supportedValues"`
	// The value of the threshold observation.
	Value *string `pulumi:"value"`
}

type AlertRuleAnomalyBuiltInSingleSelectObservationArgs added in v5.37.0 

type AlertRuleAnomalyBuiltInSingleSelectObservationArgs struct {
	// The description of the threshold observation.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// The Name of the built-in Anomaly Alert Rule.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// A list of supported values of the single select observation.
	SupportedValues pulumi.StringArrayInput `pulumi:"supportedValues"`
	// The value of the threshold observation.
	Value pulumi.StringPtrInput `pulumi:"value"`
}

func (AlertRuleAnomalyBuiltInSingleSelectObservationArgs) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInSingleSelectObservationArgs) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInSingleSelectObservationArgs) ToAlertRuleAnomalyBuiltInSingleSelectObservationOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInSingleSelectObservationArgs) ToAlertRuleAnomalyBuiltInSingleSelectObservationOutput() AlertRuleAnomalyBuiltInSingleSelectObservationOutput

func (AlertRuleAnomalyBuiltInSingleSelectObservationArgs) ToAlertRuleAnomalyBuiltInSingleSelectObservationOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInSingleSelectObservationArgs) ToAlertRuleAnomalyBuiltInSingleSelectObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInSingleSelectObservationOutput

type AlertRuleAnomalyBuiltInSingleSelectObservationArray added in v5.37.0 

type AlertRuleAnomalyBuiltInSingleSelectObservationArray []AlertRuleAnomalyBuiltInSingleSelectObservationInput

func (AlertRuleAnomalyBuiltInSingleSelectObservationArray) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInSingleSelectObservationArray) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInSingleSelectObservationArray) ToAlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInSingleSelectObservationArray) ToAlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput() AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput

func (AlertRuleAnomalyBuiltInSingleSelectObservationArray) ToAlertRuleAnomalyBuiltInSingleSelectObservationArrayOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInSingleSelectObservationArray) ToAlertRuleAnomalyBuiltInSingleSelectObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput

type AlertRuleAnomalyBuiltInSingleSelectObservationArrayInput added in v5.37.0 

type AlertRuleAnomalyBuiltInSingleSelectObservationArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput() AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput
	ToAlertRuleAnomalyBuiltInSingleSelectObservationArrayOutputWithContext(context.Context) AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput
}

AlertRuleAnomalyBuiltInSingleSelectObservationArrayInput is an input type that accepts AlertRuleAnomalyBuiltInSingleSelectObservationArray and AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInSingleSelectObservationArrayInput` via: 

AlertRuleAnomalyBuiltInSingleSelectObservationArray{ AlertRuleAnomalyBuiltInSingleSelectObservationArgs{...} }

type AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput) Index added in v5.37.0 

func (o AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyBuiltInSingleSelectObservationOutput

func (AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput) ToAlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput) ToAlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput() AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput

func (AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput) ToAlertRuleAnomalyBuiltInSingleSelectObservationArrayOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput) ToAlertRuleAnomalyBuiltInSingleSelectObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInSingleSelectObservationArrayOutput

type AlertRuleAnomalyBuiltInSingleSelectObservationInput added in v5.37.0 

type AlertRuleAnomalyBuiltInSingleSelectObservationInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInSingleSelectObservationOutput() AlertRuleAnomalyBuiltInSingleSelectObservationOutput
	ToAlertRuleAnomalyBuiltInSingleSelectObservationOutputWithContext(context.Context) AlertRuleAnomalyBuiltInSingleSelectObservationOutput
}

AlertRuleAnomalyBuiltInSingleSelectObservationInput is an input type that accepts AlertRuleAnomalyBuiltInSingleSelectObservationArgs and AlertRuleAnomalyBuiltInSingleSelectObservationOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInSingleSelectObservationInput` via: 

AlertRuleAnomalyBuiltInSingleSelectObservationArgs{...}

type AlertRuleAnomalyBuiltInSingleSelectObservationOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInSingleSelectObservationOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInSingleSelectObservationOutput) Description added in v5.37.0 

func (o AlertRuleAnomalyBuiltInSingleSelectObservationOutput) Description() pulumi.StringPtrOutput

The description of the threshold observation.

func (AlertRuleAnomalyBuiltInSingleSelectObservationOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInSingleSelectObservationOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInSingleSelectObservationOutput) Name added in v5.37.0 

func (o AlertRuleAnomalyBuiltInSingleSelectObservationOutput) Name() pulumi.StringPtrOutput

The Name of the built-in Anomaly Alert Rule.

func (AlertRuleAnomalyBuiltInSingleSelectObservationOutput) SupportedValues added in v5.37.0 

func (o AlertRuleAnomalyBuiltInSingleSelectObservationOutput) SupportedValues() pulumi.StringArrayOutput

A list of supported values of the single select observation.

func (AlertRuleAnomalyBuiltInSingleSelectObservationOutput) ToAlertRuleAnomalyBuiltInSingleSelectObservationOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInSingleSelectObservationOutput) ToAlertRuleAnomalyBuiltInSingleSelectObservationOutput() AlertRuleAnomalyBuiltInSingleSelectObservationOutput

func (AlertRuleAnomalyBuiltInSingleSelectObservationOutput) ToAlertRuleAnomalyBuiltInSingleSelectObservationOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInSingleSelectObservationOutput) ToAlertRuleAnomalyBuiltInSingleSelectObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInSingleSelectObservationOutput

func (AlertRuleAnomalyBuiltInSingleSelectObservationOutput) Value added in v5.37.0 

func (o AlertRuleAnomalyBuiltInSingleSelectObservationOutput) Value() pulumi.StringPtrOutput

The value of the threshold observation.

type AlertRuleAnomalyBuiltInState added in v5.37.0 

type AlertRuleAnomalyBuiltInState struct {
	// The version of the Anomaly Security ML Analytics Settings.
	AnomalySettingsVersion pulumi.IntPtrInput
	// The anomaly version of the Anomaly Alert Rule.
	AnomalyVersion pulumi.StringPtrInput
	// The description of the threshold observation.
	Description pulumi.StringPtrInput
	// The Display Name of the built-in Anomaly Alert Rule.
	//
	// > **Note:** One of `name` or `displayName` block must be specified.
	DisplayName pulumi.StringPtrInput
	// Should the Built-in Anomaly Alert Rule be enabled?
	Enabled pulumi.BoolPtrInput
	// The frequency the Anomaly Alert Rule will be run.
	Frequency pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// mode of the Built-in Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.
	Mode pulumi.StringPtrInput
	// A list of `multiSelectObservation` blocks as defined below.
	MultiSelectObservations AlertRuleAnomalyBuiltInMultiSelectObservationArrayInput
	// The Name of the built-in Anomaly Alert Rule.
	Name pulumi.StringPtrInput
	// A list of `prioritizedExcludeObservation` blocks as defined below.
	PrioritizedExcludeObservations AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArrayInput
	// A `requiredDataConnector` block as defined below.
	RequiredDataConnectors AlertRuleAnomalyBuiltInRequiredDataConnectorArrayInput
	// The ID of the anomaly settings definition Id.
	SettingsDefinitionId pulumi.StringPtrInput
	// A list of `singleSelectObservation` blocks as defined below.
	SingleSelectObservations AlertRuleAnomalyBuiltInSingleSelectObservationArrayInput
	// A list of categories of attacks by which to classify the rule.
	Tactics pulumi.StringArrayInput
	// A list of techniques of attacks by which to classify the rule.
	Techniques pulumi.StringArrayInput
	// A list of `thresholdObservation` blocks as defined below.
	ThresholdObservations AlertRuleAnomalyBuiltInThresholdObservationArrayInput
}

func (AlertRuleAnomalyBuiltInState) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInState) ElementType() reflect.Type

type AlertRuleAnomalyBuiltInThresholdObservation added in v5.37.0 

type AlertRuleAnomalyBuiltInThresholdObservation struct {
	// The description of the threshold observation.
	Description *string `pulumi:"description"`
	// The max value of the threshold observation.
	Max *string `pulumi:"max"`
	// The min value of the threshold observation.
	Min *string `pulumi:"min"`
	// The Name of the built-in Anomaly Alert Rule.
	Name *string `pulumi:"name"`
	// The value of the threshold observation.
	Value *string `pulumi:"value"`
}

type AlertRuleAnomalyBuiltInThresholdObservationArgs added in v5.37.0 

type AlertRuleAnomalyBuiltInThresholdObservationArgs struct {
	// The description of the threshold observation.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// The max value of the threshold observation.
	Max pulumi.StringPtrInput `pulumi:"max"`
	// The min value of the threshold observation.
	Min pulumi.StringPtrInput `pulumi:"min"`
	// The Name of the built-in Anomaly Alert Rule.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// The value of the threshold observation.
	Value pulumi.StringPtrInput `pulumi:"value"`
}

func (AlertRuleAnomalyBuiltInThresholdObservationArgs) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInThresholdObservationArgs) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInThresholdObservationArgs) ToAlertRuleAnomalyBuiltInThresholdObservationOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInThresholdObservationArgs) ToAlertRuleAnomalyBuiltInThresholdObservationOutput() AlertRuleAnomalyBuiltInThresholdObservationOutput

func (AlertRuleAnomalyBuiltInThresholdObservationArgs) ToAlertRuleAnomalyBuiltInThresholdObservationOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInThresholdObservationArgs) ToAlertRuleAnomalyBuiltInThresholdObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInThresholdObservationOutput

type AlertRuleAnomalyBuiltInThresholdObservationArray added in v5.37.0 

type AlertRuleAnomalyBuiltInThresholdObservationArray []AlertRuleAnomalyBuiltInThresholdObservationInput

func (AlertRuleAnomalyBuiltInThresholdObservationArray) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInThresholdObservationArray) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInThresholdObservationArray) ToAlertRuleAnomalyBuiltInThresholdObservationArrayOutput added in v5.37.0 

func (i AlertRuleAnomalyBuiltInThresholdObservationArray) ToAlertRuleAnomalyBuiltInThresholdObservationArrayOutput() AlertRuleAnomalyBuiltInThresholdObservationArrayOutput

func (AlertRuleAnomalyBuiltInThresholdObservationArray) ToAlertRuleAnomalyBuiltInThresholdObservationArrayOutputWithContext added in v5.37.0 

func (i AlertRuleAnomalyBuiltInThresholdObservationArray) ToAlertRuleAnomalyBuiltInThresholdObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInThresholdObservationArrayOutput

type AlertRuleAnomalyBuiltInThresholdObservationArrayInput added in v5.37.0 

type AlertRuleAnomalyBuiltInThresholdObservationArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInThresholdObservationArrayOutput() AlertRuleAnomalyBuiltInThresholdObservationArrayOutput
	ToAlertRuleAnomalyBuiltInThresholdObservationArrayOutputWithContext(context.Context) AlertRuleAnomalyBuiltInThresholdObservationArrayOutput
}

AlertRuleAnomalyBuiltInThresholdObservationArrayInput is an input type that accepts AlertRuleAnomalyBuiltInThresholdObservationArray and AlertRuleAnomalyBuiltInThresholdObservationArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInThresholdObservationArrayInput` via: 

AlertRuleAnomalyBuiltInThresholdObservationArray{ AlertRuleAnomalyBuiltInThresholdObservationArgs{...} }

type AlertRuleAnomalyBuiltInThresholdObservationArrayOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInThresholdObservationArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInThresholdObservationArrayOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInThresholdObservationArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInThresholdObservationArrayOutput) Index added in v5.37.0 

func (o AlertRuleAnomalyBuiltInThresholdObservationArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyBuiltInThresholdObservationOutput

func (AlertRuleAnomalyBuiltInThresholdObservationArrayOutput) ToAlertRuleAnomalyBuiltInThresholdObservationArrayOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInThresholdObservationArrayOutput) ToAlertRuleAnomalyBuiltInThresholdObservationArrayOutput() AlertRuleAnomalyBuiltInThresholdObservationArrayOutput

func (AlertRuleAnomalyBuiltInThresholdObservationArrayOutput) ToAlertRuleAnomalyBuiltInThresholdObservationArrayOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInThresholdObservationArrayOutput) ToAlertRuleAnomalyBuiltInThresholdObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInThresholdObservationArrayOutput

type AlertRuleAnomalyBuiltInThresholdObservationInput added in v5.37.0 

type AlertRuleAnomalyBuiltInThresholdObservationInput interface {
	pulumi.Input

	ToAlertRuleAnomalyBuiltInThresholdObservationOutput() AlertRuleAnomalyBuiltInThresholdObservationOutput
	ToAlertRuleAnomalyBuiltInThresholdObservationOutputWithContext(context.Context) AlertRuleAnomalyBuiltInThresholdObservationOutput
}

AlertRuleAnomalyBuiltInThresholdObservationInput is an input type that accepts AlertRuleAnomalyBuiltInThresholdObservationArgs and AlertRuleAnomalyBuiltInThresholdObservationOutput values. You can construct a concrete instance of `AlertRuleAnomalyBuiltInThresholdObservationInput` via: 

AlertRuleAnomalyBuiltInThresholdObservationArgs{...}

type AlertRuleAnomalyBuiltInThresholdObservationOutput added in v5.37.0 

type AlertRuleAnomalyBuiltInThresholdObservationOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyBuiltInThresholdObservationOutput) Description added in v5.37.0 

func (o AlertRuleAnomalyBuiltInThresholdObservationOutput) Description() pulumi.StringPtrOutput

The description of the threshold observation.

func (AlertRuleAnomalyBuiltInThresholdObservationOutput) ElementType added in v5.37.0 

func (AlertRuleAnomalyBuiltInThresholdObservationOutput) ElementType() reflect.Type

func (AlertRuleAnomalyBuiltInThresholdObservationOutput) Max added in v5.37.0 

func (o AlertRuleAnomalyBuiltInThresholdObservationOutput) Max() pulumi.StringPtrOutput

The max value of the threshold observation.

func (AlertRuleAnomalyBuiltInThresholdObservationOutput) Min added in v5.37.0 

func (o AlertRuleAnomalyBuiltInThresholdObservationOutput) Min() pulumi.StringPtrOutput

The min value of the threshold observation.

func (AlertRuleAnomalyBuiltInThresholdObservationOutput) Name added in v5.37.0 

func (o AlertRuleAnomalyBuiltInThresholdObservationOutput) Name() pulumi.StringPtrOutput

The Name of the built-in Anomaly Alert Rule.

func (AlertRuleAnomalyBuiltInThresholdObservationOutput) ToAlertRuleAnomalyBuiltInThresholdObservationOutput added in v5.37.0 

func (o AlertRuleAnomalyBuiltInThresholdObservationOutput) ToAlertRuleAnomalyBuiltInThresholdObservationOutput() AlertRuleAnomalyBuiltInThresholdObservationOutput

func (AlertRuleAnomalyBuiltInThresholdObservationOutput) ToAlertRuleAnomalyBuiltInThresholdObservationOutputWithContext added in v5.37.0 

func (o AlertRuleAnomalyBuiltInThresholdObservationOutput) ToAlertRuleAnomalyBuiltInThresholdObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyBuiltInThresholdObservationOutput

func (AlertRuleAnomalyBuiltInThresholdObservationOutput) Value added in v5.37.0 

func (o AlertRuleAnomalyBuiltInThresholdObservationOutput) Value() pulumi.StringPtrOutput

The value of the threshold observation.

type AlertRuleAnomalyDuplicate added in v5.38.0 

type AlertRuleAnomalyDuplicate struct {
	pulumi.CustomResourceState

	// The version of the Anomaly Security ML Analytics Settings.
	AnomalySettingsVersion pulumi.IntOutput `pulumi:"anomalySettingsVersion"`
	// The anomaly version of the Anomaly Alert Rule.
	AnomalyVersion pulumi.StringOutput `pulumi:"anomalyVersion"`
	// The ID of the built-in Anomaly Alert Rule. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
	BuiltInRuleId pulumi.StringOutput `pulumi:"builtInRuleId"`
	// The description of the Anomaly Alert Rule.
	Description pulumi.StringOutput `pulumi:"description"`
	// The Display Name of the built-in Anomaly Alert Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Should the Duplicated Anomaly Alert Rule be enabled?
	Enabled pulumi.BoolOutput `pulumi:"enabled"`
	// The frequency the Anomaly Alert Rule will be run, such as "P1D".
	Frequency pulumi.StringOutput `pulumi:"frequency"`
	// Whether the current settings of the Anomaly Alert Rule equals default settings.
	IsDefaultSettings pulumi.BoolOutput `pulumi:"isDefaultSettings"`
	// The ID of the Log Analytics Workspace. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// mode of the Duplicated Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.
	Mode pulumi.StringOutput `pulumi:"mode"`
	// A list of `multiSelectObservation` blocks as defined below.
	MultiSelectObservations AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput `pulumi:"multiSelectObservations"`
	Name                    pulumi.StringOutput                                        `pulumi:"name"`
	// A list of `prioritizedExcludeObservation` blocks as defined below.
	PrioritizedExcludeObservations AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput `pulumi:"prioritizedExcludeObservations"`
	// A `requiredDataConnector` block as defined below.
	RequiredDataConnectors AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput `pulumi:"requiredDataConnectors"`
	// The ID of the anomaly settings definition Id.
	SettingsDefinitionId pulumi.StringOutput `pulumi:"settingsDefinitionId"`
	// A list of `singleSelectObservation` blocks as defined below.
	SingleSelectObservations AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput `pulumi:"singleSelectObservations"`
	// A list of categories of attacks by which to classify the rule.
	Tactics pulumi.StringArrayOutput `pulumi:"tactics"`
	// A list of techniques of attacks by which to classify the rule.
	Techniques pulumi.StringArrayOutput `pulumi:"techniques"`
	// A list of `thresholdObservation` blocks as defined below.
	//
	// > **NOTE:** un-specified `multiSelectObservation`, `singleSelectObservation`, `prioritizedExcludeObservation` and `thresholdObservation` will be inherited from the built-in Anomaly Alert Rule.
	ThresholdObservations AlertRuleAnomalyDuplicateThresholdObservationArrayOutput `pulumi:"thresholdObservations"`
}

Manages a Duplicated Anomaly Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-law"),
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId:               exampleAnalyticsWorkspace.ID(),
			CustomerManagedKeyEnabled: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		example := sentinel.GetAlertRuleAnomalyOutput(ctx, sentinel.GetAlertRuleAnomalyOutputArgs{
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("UEBA Anomalous Sign In"),
		}, nil)
		_, err = sentinel.NewAlertRuleAnomalyDuplicate(ctx, "example", &sentinel.AlertRuleAnomalyDuplicateArgs{
			DisplayName:             pulumi.String("example duplicated UEBA Anomalous Sign In"),
			LogAnalyticsWorkspaceId: exampleAnalyticsWorkspace.ID(),
			BuiltInRuleId: pulumi.String(example.ApplyT(func(example sentinel.GetAlertRuleAnomalyResult) (*string, error) {
				return &example.Id, nil
			}).(pulumi.StringPtrOutput)),
			Enabled: pulumi.Bool(true),
			Mode:    pulumi.String("Flighting"),
			ThresholdObservations: sentinel.AlertRuleAnomalyDuplicateThresholdObservationArray{
				&sentinel.AlertRuleAnomalyDuplicateThresholdObservationArgs{
					Name:  pulumi.String("Anomaly score threshold"),
					Value: pulumi.String("0.6"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Built In Anomaly Alert Rules can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/alertRuleAnomalyDuplicate:AlertRuleAnomalyDuplicate example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/setting1 ```

func GetAlertRuleAnomalyDuplicate added in v5.38.0 

func GetAlertRuleAnomalyDuplicate(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleAnomalyDuplicateState, opts ...pulumi.ResourceOption) (*AlertRuleAnomalyDuplicate, error)

GetAlertRuleAnomalyDuplicate gets an existing AlertRuleAnomalyDuplicate resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleAnomalyDuplicate added in v5.38.0 

func NewAlertRuleAnomalyDuplicate(ctx *pulumi.Context,
	name string, args *AlertRuleAnomalyDuplicateArgs, opts ...pulumi.ResourceOption) (*AlertRuleAnomalyDuplicate, error)

NewAlertRuleAnomalyDuplicate registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleAnomalyDuplicate) ElementType added in v5.38.0 

func (*AlertRuleAnomalyDuplicate) ElementType() reflect.Type

func (*AlertRuleAnomalyDuplicate) ToAlertRuleAnomalyDuplicateOutput added in v5.38.0 

func (i *AlertRuleAnomalyDuplicate) ToAlertRuleAnomalyDuplicateOutput() AlertRuleAnomalyDuplicateOutput

func (*AlertRuleAnomalyDuplicate) ToAlertRuleAnomalyDuplicateOutputWithContext added in v5.38.0 

func (i *AlertRuleAnomalyDuplicate) ToAlertRuleAnomalyDuplicateOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateOutput

type AlertRuleAnomalyDuplicateArgs added in v5.38.0 

type AlertRuleAnomalyDuplicateArgs struct {
	// The ID of the built-in Anomaly Alert Rule. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
	BuiltInRuleId pulumi.StringInput
	// The Display Name of the built-in Anomaly Alert Rule.
	DisplayName pulumi.StringInput
	// Should the Duplicated Anomaly Alert Rule be enabled?
	Enabled pulumi.BoolInput
	// The ID of the Log Analytics Workspace. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// mode of the Duplicated Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.
	Mode pulumi.StringInput
	// A list of `multiSelectObservation` blocks as defined below.
	MultiSelectObservations AlertRuleAnomalyDuplicateMultiSelectObservationArrayInput
	// A list of `prioritizedExcludeObservation` blocks as defined below.
	PrioritizedExcludeObservations AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayInput
	// A list of `singleSelectObservation` blocks as defined below.
	SingleSelectObservations AlertRuleAnomalyDuplicateSingleSelectObservationArrayInput
	// A list of `thresholdObservation` blocks as defined below.
	//
	// > **NOTE:** un-specified `multiSelectObservation`, `singleSelectObservation`, `prioritizedExcludeObservation` and `thresholdObservation` will be inherited from the built-in Anomaly Alert Rule.
	ThresholdObservations AlertRuleAnomalyDuplicateThresholdObservationArrayInput
}

The set of arguments for constructing a AlertRuleAnomalyDuplicate resource.

func (AlertRuleAnomalyDuplicateArgs) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateArgs) ElementType() reflect.Type

type AlertRuleAnomalyDuplicateArray added in v5.38.0 

type AlertRuleAnomalyDuplicateArray []AlertRuleAnomalyDuplicateInput

func (AlertRuleAnomalyDuplicateArray) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateArray) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateArray) ToAlertRuleAnomalyDuplicateArrayOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicateArray) ToAlertRuleAnomalyDuplicateArrayOutput() AlertRuleAnomalyDuplicateArrayOutput

func (AlertRuleAnomalyDuplicateArray) ToAlertRuleAnomalyDuplicateArrayOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicateArray) ToAlertRuleAnomalyDuplicateArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateArrayOutput

type AlertRuleAnomalyDuplicateArrayInput added in v5.38.0 

type AlertRuleAnomalyDuplicateArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicateArrayOutput() AlertRuleAnomalyDuplicateArrayOutput
	ToAlertRuleAnomalyDuplicateArrayOutputWithContext(context.Context) AlertRuleAnomalyDuplicateArrayOutput
}

AlertRuleAnomalyDuplicateArrayInput is an input type that accepts AlertRuleAnomalyDuplicateArray and AlertRuleAnomalyDuplicateArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicateArrayInput` via: 

AlertRuleAnomalyDuplicateArray{ AlertRuleAnomalyDuplicateArgs{...} }

type AlertRuleAnomalyDuplicateArrayOutput added in v5.38.0 

type AlertRuleAnomalyDuplicateArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicateArrayOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateArrayOutput) Index added in v5.38.0 

func (o AlertRuleAnomalyDuplicateArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyDuplicateOutput

func (AlertRuleAnomalyDuplicateArrayOutput) ToAlertRuleAnomalyDuplicateArrayOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicateArrayOutput) ToAlertRuleAnomalyDuplicateArrayOutput() AlertRuleAnomalyDuplicateArrayOutput

func (AlertRuleAnomalyDuplicateArrayOutput) ToAlertRuleAnomalyDuplicateArrayOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicateArrayOutput) ToAlertRuleAnomalyDuplicateArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateArrayOutput

type AlertRuleAnomalyDuplicateInput added in v5.38.0 

type AlertRuleAnomalyDuplicateInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicateOutput() AlertRuleAnomalyDuplicateOutput
	ToAlertRuleAnomalyDuplicateOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateOutput
}

type AlertRuleAnomalyDuplicateMap added in v5.38.0 

type AlertRuleAnomalyDuplicateMap map[string]AlertRuleAnomalyDuplicateInput

func (AlertRuleAnomalyDuplicateMap) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateMap) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateMap) ToAlertRuleAnomalyDuplicateMapOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicateMap) ToAlertRuleAnomalyDuplicateMapOutput() AlertRuleAnomalyDuplicateMapOutput

func (AlertRuleAnomalyDuplicateMap) ToAlertRuleAnomalyDuplicateMapOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicateMap) ToAlertRuleAnomalyDuplicateMapOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateMapOutput

type AlertRuleAnomalyDuplicateMapInput added in v5.38.0 

type AlertRuleAnomalyDuplicateMapInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicateMapOutput() AlertRuleAnomalyDuplicateMapOutput
	ToAlertRuleAnomalyDuplicateMapOutputWithContext(context.Context) AlertRuleAnomalyDuplicateMapOutput
}

AlertRuleAnomalyDuplicateMapInput is an input type that accepts AlertRuleAnomalyDuplicateMap and AlertRuleAnomalyDuplicateMapOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicateMapInput` via: 

AlertRuleAnomalyDuplicateMap{ "key": AlertRuleAnomalyDuplicateArgs{...} }

type AlertRuleAnomalyDuplicateMapOutput added in v5.38.0 

type AlertRuleAnomalyDuplicateMapOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicateMapOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateMapOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateMapOutput) MapIndex added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMapOutput) MapIndex(k pulumi.StringInput) AlertRuleAnomalyDuplicateOutput

func (AlertRuleAnomalyDuplicateMapOutput) ToAlertRuleAnomalyDuplicateMapOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMapOutput) ToAlertRuleAnomalyDuplicateMapOutput() AlertRuleAnomalyDuplicateMapOutput

func (AlertRuleAnomalyDuplicateMapOutput) ToAlertRuleAnomalyDuplicateMapOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMapOutput) ToAlertRuleAnomalyDuplicateMapOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateMapOutput

type AlertRuleAnomalyDuplicateMultiSelectObservation added in v5.38.0 

type AlertRuleAnomalyDuplicateMultiSelectObservation struct {
	// The description of the multi select observation.
	Description *string `pulumi:"description"`
	// The name of the multi select observation.
	Name string `pulumi:"name"`
	// A list of supported values of the multi select observation.
	SupportedValues []string `pulumi:"supportedValues"`
	// A list of values of the multi select observation.
	Values []string `pulumi:"values"`
}

type AlertRuleAnomalyDuplicateMultiSelectObservationArgs added in v5.38.0 

type AlertRuleAnomalyDuplicateMultiSelectObservationArgs struct {
	// The description of the multi select observation.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// The name of the multi select observation.
	Name pulumi.StringInput `pulumi:"name"`
	// A list of supported values of the multi select observation.
	SupportedValues pulumi.StringArrayInput `pulumi:"supportedValues"`
	// A list of values of the multi select observation.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (AlertRuleAnomalyDuplicateMultiSelectObservationArgs) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateMultiSelectObservationArgs) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateMultiSelectObservationArgs) ToAlertRuleAnomalyDuplicateMultiSelectObservationOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicateMultiSelectObservationArgs) ToAlertRuleAnomalyDuplicateMultiSelectObservationOutput() AlertRuleAnomalyDuplicateMultiSelectObservationOutput

func (AlertRuleAnomalyDuplicateMultiSelectObservationArgs) ToAlertRuleAnomalyDuplicateMultiSelectObservationOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicateMultiSelectObservationArgs) ToAlertRuleAnomalyDuplicateMultiSelectObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateMultiSelectObservationOutput

type AlertRuleAnomalyDuplicateMultiSelectObservationArray added in v5.38.0 

type AlertRuleAnomalyDuplicateMultiSelectObservationArray []AlertRuleAnomalyDuplicateMultiSelectObservationInput

func (AlertRuleAnomalyDuplicateMultiSelectObservationArray) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateMultiSelectObservationArray) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateMultiSelectObservationArray) ToAlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicateMultiSelectObservationArray) ToAlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput() AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput

func (AlertRuleAnomalyDuplicateMultiSelectObservationArray) ToAlertRuleAnomalyDuplicateMultiSelectObservationArrayOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicateMultiSelectObservationArray) ToAlertRuleAnomalyDuplicateMultiSelectObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput

type AlertRuleAnomalyDuplicateMultiSelectObservationArrayInput added in v5.38.0 

type AlertRuleAnomalyDuplicateMultiSelectObservationArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput() AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput
	ToAlertRuleAnomalyDuplicateMultiSelectObservationArrayOutputWithContext(context.Context) AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput
}

AlertRuleAnomalyDuplicateMultiSelectObservationArrayInput is an input type that accepts AlertRuleAnomalyDuplicateMultiSelectObservationArray and AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicateMultiSelectObservationArrayInput` via: 

AlertRuleAnomalyDuplicateMultiSelectObservationArray{ AlertRuleAnomalyDuplicateMultiSelectObservationArgs{...} }

type AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput added in v5.38.0 

type AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput) Index added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyDuplicateMultiSelectObservationOutput

func (AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput) ToAlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput) ToAlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput() AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput

func (AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput) ToAlertRuleAnomalyDuplicateMultiSelectObservationArrayOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput) ToAlertRuleAnomalyDuplicateMultiSelectObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput

type AlertRuleAnomalyDuplicateMultiSelectObservationInput added in v5.38.0 

type AlertRuleAnomalyDuplicateMultiSelectObservationInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicateMultiSelectObservationOutput() AlertRuleAnomalyDuplicateMultiSelectObservationOutput
	ToAlertRuleAnomalyDuplicateMultiSelectObservationOutputWithContext(context.Context) AlertRuleAnomalyDuplicateMultiSelectObservationOutput
}

AlertRuleAnomalyDuplicateMultiSelectObservationInput is an input type that accepts AlertRuleAnomalyDuplicateMultiSelectObservationArgs and AlertRuleAnomalyDuplicateMultiSelectObservationOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicateMultiSelectObservationInput` via: 

AlertRuleAnomalyDuplicateMultiSelectObservationArgs{...}

type AlertRuleAnomalyDuplicateMultiSelectObservationOutput added in v5.38.0 

type AlertRuleAnomalyDuplicateMultiSelectObservationOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicateMultiSelectObservationOutput) Description added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMultiSelectObservationOutput) Description() pulumi.StringPtrOutput

The description of the multi select observation.

func (AlertRuleAnomalyDuplicateMultiSelectObservationOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateMultiSelectObservationOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateMultiSelectObservationOutput) Name added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMultiSelectObservationOutput) Name() pulumi.StringOutput

The name of the multi select observation.

func (AlertRuleAnomalyDuplicateMultiSelectObservationOutput) SupportedValues added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMultiSelectObservationOutput) SupportedValues() pulumi.StringArrayOutput

A list of supported values of the multi select observation.

func (AlertRuleAnomalyDuplicateMultiSelectObservationOutput) ToAlertRuleAnomalyDuplicateMultiSelectObservationOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMultiSelectObservationOutput) ToAlertRuleAnomalyDuplicateMultiSelectObservationOutput() AlertRuleAnomalyDuplicateMultiSelectObservationOutput

func (AlertRuleAnomalyDuplicateMultiSelectObservationOutput) ToAlertRuleAnomalyDuplicateMultiSelectObservationOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMultiSelectObservationOutput) ToAlertRuleAnomalyDuplicateMultiSelectObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateMultiSelectObservationOutput

func (AlertRuleAnomalyDuplicateMultiSelectObservationOutput) Values added in v5.38.0 

func (o AlertRuleAnomalyDuplicateMultiSelectObservationOutput) Values() pulumi.StringArrayOutput

A list of values of the multi select observation.

type AlertRuleAnomalyDuplicateOutput added in v5.38.0 

type AlertRuleAnomalyDuplicateOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicateOutput) AnomalySettingsVersion added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) AnomalySettingsVersion() pulumi.IntOutput

The version of the Anomaly Security ML Analytics Settings.

func (AlertRuleAnomalyDuplicateOutput) AnomalyVersion added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) AnomalyVersion() pulumi.StringOutput

The anomaly version of the Anomaly Alert Rule.

func (AlertRuleAnomalyDuplicateOutput) BuiltInRuleId added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) BuiltInRuleId() pulumi.StringOutput

The ID of the built-in Anomaly Alert Rule. Changing this forces a new Duplicated Anomaly Alert Rule to be created.

func (AlertRuleAnomalyDuplicateOutput) Description added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) Description() pulumi.StringOutput

The description of the Anomaly Alert Rule.

func (AlertRuleAnomalyDuplicateOutput) DisplayName added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) DisplayName() pulumi.StringOutput

The Display Name of the built-in Anomaly Alert Rule.

func (AlertRuleAnomalyDuplicateOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateOutput) Enabled added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) Enabled() pulumi.BoolOutput

Should the Duplicated Anomaly Alert Rule be enabled?

func (AlertRuleAnomalyDuplicateOutput) Frequency added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) Frequency() pulumi.StringOutput

The frequency the Anomaly Alert Rule will be run, such as "P1D".

func (AlertRuleAnomalyDuplicateOutput) IsDefaultSettings added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) IsDefaultSettings() pulumi.BoolOutput

Whether the current settings of the Anomaly Alert Rule equals default settings.

func (AlertRuleAnomalyDuplicateOutput) LogAnalyticsWorkspaceId added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace. Changing this forces a new Duplicated Anomaly Alert Rule to be created.

func (AlertRuleAnomalyDuplicateOutput) Mode added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) Mode() pulumi.StringOutput

mode of the Duplicated Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.

func (AlertRuleAnomalyDuplicateOutput) MultiSelectObservations added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) MultiSelectObservations() AlertRuleAnomalyDuplicateMultiSelectObservationArrayOutput

A list of `multiSelectObservation` blocks as defined below.

func (AlertRuleAnomalyDuplicateOutput) Name added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) Name() pulumi.StringOutput

func (AlertRuleAnomalyDuplicateOutput) PrioritizedExcludeObservations added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) PrioritizedExcludeObservations() AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput

A list of `prioritizedExcludeObservation` blocks as defined below.

func (AlertRuleAnomalyDuplicateOutput) RequiredDataConnectors added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) RequiredDataConnectors() AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput

A `requiredDataConnector` block as defined below.

func (AlertRuleAnomalyDuplicateOutput) SettingsDefinitionId added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) SettingsDefinitionId() pulumi.StringOutput

The ID of the anomaly settings definition Id.

func (AlertRuleAnomalyDuplicateOutput) SingleSelectObservations added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) SingleSelectObservations() AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput

A list of `singleSelectObservation` blocks as defined below.

func (AlertRuleAnomalyDuplicateOutput) Tactics added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) Tactics() pulumi.StringArrayOutput

A list of categories of attacks by which to classify the rule.

func (AlertRuleAnomalyDuplicateOutput) Techniques added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) Techniques() pulumi.StringArrayOutput

A list of techniques of attacks by which to classify the rule.

func (AlertRuleAnomalyDuplicateOutput) ThresholdObservations added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) ThresholdObservations() AlertRuleAnomalyDuplicateThresholdObservationArrayOutput

A list of `thresholdObservation` blocks as defined below.

> **NOTE:** un-specified `multiSelectObservation`, `singleSelectObservation`, `prioritizedExcludeObservation` and `thresholdObservation` will be inherited from the built-in Anomaly Alert Rule.

func (AlertRuleAnomalyDuplicateOutput) ToAlertRuleAnomalyDuplicateOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) ToAlertRuleAnomalyDuplicateOutput() AlertRuleAnomalyDuplicateOutput

func (AlertRuleAnomalyDuplicateOutput) ToAlertRuleAnomalyDuplicateOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicateOutput) ToAlertRuleAnomalyDuplicateOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateOutput

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservation added in v5.38.0 

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservation struct {
	// The description of the prioritized exclude observation.
	Description *string `pulumi:"description"`
	// The excluded value per `description`.
	Exclude *string `pulumi:"exclude"`
	// The name of the prioritized exclude observation.
	Name string `pulumi:"name"`
	// The prioritized value per `description`.
	Prioritize *string `pulumi:"prioritize"`
}

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArgs added in v5.38.0 

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArgs struct {
	// The description of the prioritized exclude observation.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// The excluded value per `description`.
	Exclude pulumi.StringPtrInput `pulumi:"exclude"`
	// The name of the prioritized exclude observation.
	Name pulumi.StringInput `pulumi:"name"`
	// The prioritized value per `description`.
	Prioritize pulumi.StringPtrInput `pulumi:"prioritize"`
}

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArgs) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArgs) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArgs) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArgs) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput() AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArgs) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArgs) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArray added in v5.38.0 

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArray []AlertRuleAnomalyDuplicatePrioritizedExcludeObservationInput

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArray) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArray) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArray) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArray) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput() AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArray) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArray) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayInput added in v5.38.0 

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput() AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput
	ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutputWithContext(context.Context) AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput
}

AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayInput is an input type that accepts AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArray and AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayInput` via: 

AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArray{ AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArgs{...} }

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput added in v5.38.0 

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput) Index added in v5.38.0 

func (o AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput() AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayOutput

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationInput added in v5.38.0 

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput() AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput
	ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutputWithContext(context.Context) AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput
}

AlertRuleAnomalyDuplicatePrioritizedExcludeObservationInput is an input type that accepts AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArgs and AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicatePrioritizedExcludeObservationInput` via: 

AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArgs{...}

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput added in v5.38.0 

type AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) Description added in v5.38.0 

func (o AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) Description() pulumi.StringPtrOutput

The description of the prioritized exclude observation.

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) Exclude added in v5.38.0 

func (o AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) Exclude() pulumi.StringPtrOutput

The excluded value per `description`.

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) Name added in v5.38.0 

func (o AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) Name() pulumi.StringOutput

The name of the prioritized exclude observation.

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) Prioritize added in v5.38.0 

func (o AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) Prioritize() pulumi.StringPtrOutput

The prioritized value per `description`.

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput() AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput

func (AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput) ToAlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicatePrioritizedExcludeObservationOutput

type AlertRuleAnomalyDuplicateRequiredDataConnector added in v5.38.0 

type AlertRuleAnomalyDuplicateRequiredDataConnector struct {
	// The ID of the required Data Connector.
	ConnectorId *string `pulumi:"connectorId"`
	// A list of data types of the required Data Connector.
	DataTypes []string `pulumi:"dataTypes"`
}

type AlertRuleAnomalyDuplicateRequiredDataConnectorArgs added in v5.38.0 

type AlertRuleAnomalyDuplicateRequiredDataConnectorArgs struct {
	// The ID of the required Data Connector.
	ConnectorId pulumi.StringPtrInput `pulumi:"connectorId"`
	// A list of data types of the required Data Connector.
	DataTypes pulumi.StringArrayInput `pulumi:"dataTypes"`
}

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArgs) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArgs) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArgs) ToAlertRuleAnomalyDuplicateRequiredDataConnectorOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicateRequiredDataConnectorArgs) ToAlertRuleAnomalyDuplicateRequiredDataConnectorOutput() AlertRuleAnomalyDuplicateRequiredDataConnectorOutput

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArgs) ToAlertRuleAnomalyDuplicateRequiredDataConnectorOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicateRequiredDataConnectorArgs) ToAlertRuleAnomalyDuplicateRequiredDataConnectorOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateRequiredDataConnectorOutput

type AlertRuleAnomalyDuplicateRequiredDataConnectorArray added in v5.38.0 

type AlertRuleAnomalyDuplicateRequiredDataConnectorArray []AlertRuleAnomalyDuplicateRequiredDataConnectorInput

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArray) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArray) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArray) ToAlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicateRequiredDataConnectorArray) ToAlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput() AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArray) ToAlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicateRequiredDataConnectorArray) ToAlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput

type AlertRuleAnomalyDuplicateRequiredDataConnectorArrayInput added in v5.38.0 

type AlertRuleAnomalyDuplicateRequiredDataConnectorArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput() AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput
	ToAlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutputWithContext(context.Context) AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput
}

AlertRuleAnomalyDuplicateRequiredDataConnectorArrayInput is an input type that accepts AlertRuleAnomalyDuplicateRequiredDataConnectorArray and AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicateRequiredDataConnectorArrayInput` via: 

AlertRuleAnomalyDuplicateRequiredDataConnectorArray{ AlertRuleAnomalyDuplicateRequiredDataConnectorArgs{...} }

type AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput added in v5.38.0 

type AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput) Index added in v5.38.0 

func (o AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyDuplicateRequiredDataConnectorOutput

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput) ToAlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput) ToAlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput() AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput

func (AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput) ToAlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput) ToAlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateRequiredDataConnectorArrayOutput

type AlertRuleAnomalyDuplicateRequiredDataConnectorInput added in v5.38.0 

type AlertRuleAnomalyDuplicateRequiredDataConnectorInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicateRequiredDataConnectorOutput() AlertRuleAnomalyDuplicateRequiredDataConnectorOutput
	ToAlertRuleAnomalyDuplicateRequiredDataConnectorOutputWithContext(context.Context) AlertRuleAnomalyDuplicateRequiredDataConnectorOutput
}

AlertRuleAnomalyDuplicateRequiredDataConnectorInput is an input type that accepts AlertRuleAnomalyDuplicateRequiredDataConnectorArgs and AlertRuleAnomalyDuplicateRequiredDataConnectorOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicateRequiredDataConnectorInput` via: 

AlertRuleAnomalyDuplicateRequiredDataConnectorArgs{...}

type AlertRuleAnomalyDuplicateRequiredDataConnectorOutput added in v5.38.0 

type AlertRuleAnomalyDuplicateRequiredDataConnectorOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicateRequiredDataConnectorOutput) ConnectorId added in v5.38.0 

func (o AlertRuleAnomalyDuplicateRequiredDataConnectorOutput) ConnectorId() pulumi.StringPtrOutput

The ID of the required Data Connector.

func (AlertRuleAnomalyDuplicateRequiredDataConnectorOutput) DataTypes added in v5.38.0 

func (o AlertRuleAnomalyDuplicateRequiredDataConnectorOutput) DataTypes() pulumi.StringArrayOutput

A list of data types of the required Data Connector.

func (AlertRuleAnomalyDuplicateRequiredDataConnectorOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateRequiredDataConnectorOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateRequiredDataConnectorOutput) ToAlertRuleAnomalyDuplicateRequiredDataConnectorOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicateRequiredDataConnectorOutput) ToAlertRuleAnomalyDuplicateRequiredDataConnectorOutput() AlertRuleAnomalyDuplicateRequiredDataConnectorOutput

func (AlertRuleAnomalyDuplicateRequiredDataConnectorOutput) ToAlertRuleAnomalyDuplicateRequiredDataConnectorOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicateRequiredDataConnectorOutput) ToAlertRuleAnomalyDuplicateRequiredDataConnectorOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateRequiredDataConnectorOutput

type AlertRuleAnomalyDuplicateSingleSelectObservation added in v5.38.0 

type AlertRuleAnomalyDuplicateSingleSelectObservation struct {
	// The description of the single select observation.
	Description *string `pulumi:"description"`
	// The name of the single select observation.
	Name string `pulumi:"name"`
	// A list of supported values of the single select observation.
	SupportedValues []string `pulumi:"supportedValues"`
	// The value of the multi select observation.
	Value string `pulumi:"value"`
}

type AlertRuleAnomalyDuplicateSingleSelectObservationArgs added in v5.38.0 

type AlertRuleAnomalyDuplicateSingleSelectObservationArgs struct {
	// The description of the single select observation.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// The name of the single select observation.
	Name pulumi.StringInput `pulumi:"name"`
	// A list of supported values of the single select observation.
	SupportedValues pulumi.StringArrayInput `pulumi:"supportedValues"`
	// The value of the multi select observation.
	Value pulumi.StringInput `pulumi:"value"`
}

func (AlertRuleAnomalyDuplicateSingleSelectObservationArgs) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateSingleSelectObservationArgs) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateSingleSelectObservationArgs) ToAlertRuleAnomalyDuplicateSingleSelectObservationOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicateSingleSelectObservationArgs) ToAlertRuleAnomalyDuplicateSingleSelectObservationOutput() AlertRuleAnomalyDuplicateSingleSelectObservationOutput

func (AlertRuleAnomalyDuplicateSingleSelectObservationArgs) ToAlertRuleAnomalyDuplicateSingleSelectObservationOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicateSingleSelectObservationArgs) ToAlertRuleAnomalyDuplicateSingleSelectObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateSingleSelectObservationOutput

type AlertRuleAnomalyDuplicateSingleSelectObservationArray added in v5.38.0 

type AlertRuleAnomalyDuplicateSingleSelectObservationArray []AlertRuleAnomalyDuplicateSingleSelectObservationInput

func (AlertRuleAnomalyDuplicateSingleSelectObservationArray) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateSingleSelectObservationArray) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateSingleSelectObservationArray) ToAlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicateSingleSelectObservationArray) ToAlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput() AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput

func (AlertRuleAnomalyDuplicateSingleSelectObservationArray) ToAlertRuleAnomalyDuplicateSingleSelectObservationArrayOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicateSingleSelectObservationArray) ToAlertRuleAnomalyDuplicateSingleSelectObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput

type AlertRuleAnomalyDuplicateSingleSelectObservationArrayInput added in v5.38.0 

type AlertRuleAnomalyDuplicateSingleSelectObservationArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput() AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput
	ToAlertRuleAnomalyDuplicateSingleSelectObservationArrayOutputWithContext(context.Context) AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput
}

AlertRuleAnomalyDuplicateSingleSelectObservationArrayInput is an input type that accepts AlertRuleAnomalyDuplicateSingleSelectObservationArray and AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicateSingleSelectObservationArrayInput` via: 

AlertRuleAnomalyDuplicateSingleSelectObservationArray{ AlertRuleAnomalyDuplicateSingleSelectObservationArgs{...} }

type AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput added in v5.38.0 

type AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput) Index added in v5.38.0 

func (o AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyDuplicateSingleSelectObservationOutput

func (AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput) ToAlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput) ToAlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput() AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput

func (AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput) ToAlertRuleAnomalyDuplicateSingleSelectObservationArrayOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput) ToAlertRuleAnomalyDuplicateSingleSelectObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateSingleSelectObservationArrayOutput

type AlertRuleAnomalyDuplicateSingleSelectObservationInput added in v5.38.0 

type AlertRuleAnomalyDuplicateSingleSelectObservationInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicateSingleSelectObservationOutput() AlertRuleAnomalyDuplicateSingleSelectObservationOutput
	ToAlertRuleAnomalyDuplicateSingleSelectObservationOutputWithContext(context.Context) AlertRuleAnomalyDuplicateSingleSelectObservationOutput
}

AlertRuleAnomalyDuplicateSingleSelectObservationInput is an input type that accepts AlertRuleAnomalyDuplicateSingleSelectObservationArgs and AlertRuleAnomalyDuplicateSingleSelectObservationOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicateSingleSelectObservationInput` via: 

AlertRuleAnomalyDuplicateSingleSelectObservationArgs{...}

type AlertRuleAnomalyDuplicateSingleSelectObservationOutput added in v5.38.0 

type AlertRuleAnomalyDuplicateSingleSelectObservationOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicateSingleSelectObservationOutput) Description added in v5.38.0 

func (o AlertRuleAnomalyDuplicateSingleSelectObservationOutput) Description() pulumi.StringPtrOutput

The description of the single select observation.

func (AlertRuleAnomalyDuplicateSingleSelectObservationOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateSingleSelectObservationOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateSingleSelectObservationOutput) Name added in v5.38.0 

func (o AlertRuleAnomalyDuplicateSingleSelectObservationOutput) Name() pulumi.StringOutput

The name of the single select observation.

func (AlertRuleAnomalyDuplicateSingleSelectObservationOutput) SupportedValues added in v5.38.0 

func (o AlertRuleAnomalyDuplicateSingleSelectObservationOutput) SupportedValues() pulumi.StringArrayOutput

A list of supported values of the single select observation.

func (AlertRuleAnomalyDuplicateSingleSelectObservationOutput) ToAlertRuleAnomalyDuplicateSingleSelectObservationOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicateSingleSelectObservationOutput) ToAlertRuleAnomalyDuplicateSingleSelectObservationOutput() AlertRuleAnomalyDuplicateSingleSelectObservationOutput

func (AlertRuleAnomalyDuplicateSingleSelectObservationOutput) ToAlertRuleAnomalyDuplicateSingleSelectObservationOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicateSingleSelectObservationOutput) ToAlertRuleAnomalyDuplicateSingleSelectObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateSingleSelectObservationOutput

func (AlertRuleAnomalyDuplicateSingleSelectObservationOutput) Value added in v5.38.0 

func (o AlertRuleAnomalyDuplicateSingleSelectObservationOutput) Value() pulumi.StringOutput

The value of the multi select observation.

type AlertRuleAnomalyDuplicateState added in v5.38.0 

type AlertRuleAnomalyDuplicateState struct {
	// The version of the Anomaly Security ML Analytics Settings.
	AnomalySettingsVersion pulumi.IntPtrInput
	// The anomaly version of the Anomaly Alert Rule.
	AnomalyVersion pulumi.StringPtrInput
	// The ID of the built-in Anomaly Alert Rule. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
	BuiltInRuleId pulumi.StringPtrInput
	// The description of the Anomaly Alert Rule.
	Description pulumi.StringPtrInput
	// The Display Name of the built-in Anomaly Alert Rule.
	DisplayName pulumi.StringPtrInput
	// Should the Duplicated Anomaly Alert Rule be enabled?
	Enabled pulumi.BoolPtrInput
	// The frequency the Anomaly Alert Rule will be run, such as "P1D".
	Frequency pulumi.StringPtrInput
	// Whether the current settings of the Anomaly Alert Rule equals default settings.
	IsDefaultSettings pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// mode of the Duplicated Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.
	Mode pulumi.StringPtrInput
	// A list of `multiSelectObservation` blocks as defined below.
	MultiSelectObservations AlertRuleAnomalyDuplicateMultiSelectObservationArrayInput
	Name                    pulumi.StringPtrInput
	// A list of `prioritizedExcludeObservation` blocks as defined below.
	PrioritizedExcludeObservations AlertRuleAnomalyDuplicatePrioritizedExcludeObservationArrayInput
	// A `requiredDataConnector` block as defined below.
	RequiredDataConnectors AlertRuleAnomalyDuplicateRequiredDataConnectorArrayInput
	// The ID of the anomaly settings definition Id.
	SettingsDefinitionId pulumi.StringPtrInput
	// A list of `singleSelectObservation` blocks as defined below.
	SingleSelectObservations AlertRuleAnomalyDuplicateSingleSelectObservationArrayInput
	// A list of categories of attacks by which to classify the rule.
	Tactics pulumi.StringArrayInput
	// A list of techniques of attacks by which to classify the rule.
	Techniques pulumi.StringArrayInput
	// A list of `thresholdObservation` blocks as defined below.
	//
	// > **NOTE:** un-specified `multiSelectObservation`, `singleSelectObservation`, `prioritizedExcludeObservation` and `thresholdObservation` will be inherited from the built-in Anomaly Alert Rule.
	ThresholdObservations AlertRuleAnomalyDuplicateThresholdObservationArrayInput
}

func (AlertRuleAnomalyDuplicateState) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateState) ElementType() reflect.Type

type AlertRuleAnomalyDuplicateThresholdObservation added in v5.38.0 

type AlertRuleAnomalyDuplicateThresholdObservation struct {
	// The description of the threshold observation.
	Description *string `pulumi:"description"`
	// The max value of the threshold observation.
	Max *string `pulumi:"max"`
	// The min value of the threshold observation.
	Min *string `pulumi:"min"`
	// The name of the threshold observation.
	Name string `pulumi:"name"`
	// The value of the threshold observation.
	Value string `pulumi:"value"`
}

type AlertRuleAnomalyDuplicateThresholdObservationArgs added in v5.38.0 

type AlertRuleAnomalyDuplicateThresholdObservationArgs struct {
	// The description of the threshold observation.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// The max value of the threshold observation.
	Max pulumi.StringPtrInput `pulumi:"max"`
	// The min value of the threshold observation.
	Min pulumi.StringPtrInput `pulumi:"min"`
	// The name of the threshold observation.
	Name pulumi.StringInput `pulumi:"name"`
	// The value of the threshold observation.
	Value pulumi.StringInput `pulumi:"value"`
}

func (AlertRuleAnomalyDuplicateThresholdObservationArgs) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateThresholdObservationArgs) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateThresholdObservationArgs) ToAlertRuleAnomalyDuplicateThresholdObservationOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicateThresholdObservationArgs) ToAlertRuleAnomalyDuplicateThresholdObservationOutput() AlertRuleAnomalyDuplicateThresholdObservationOutput

func (AlertRuleAnomalyDuplicateThresholdObservationArgs) ToAlertRuleAnomalyDuplicateThresholdObservationOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicateThresholdObservationArgs) ToAlertRuleAnomalyDuplicateThresholdObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateThresholdObservationOutput

type AlertRuleAnomalyDuplicateThresholdObservationArray added in v5.38.0 

type AlertRuleAnomalyDuplicateThresholdObservationArray []AlertRuleAnomalyDuplicateThresholdObservationInput

func (AlertRuleAnomalyDuplicateThresholdObservationArray) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateThresholdObservationArray) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateThresholdObservationArray) ToAlertRuleAnomalyDuplicateThresholdObservationArrayOutput added in v5.38.0 

func (i AlertRuleAnomalyDuplicateThresholdObservationArray) ToAlertRuleAnomalyDuplicateThresholdObservationArrayOutput() AlertRuleAnomalyDuplicateThresholdObservationArrayOutput

func (AlertRuleAnomalyDuplicateThresholdObservationArray) ToAlertRuleAnomalyDuplicateThresholdObservationArrayOutputWithContext added in v5.38.0 

func (i AlertRuleAnomalyDuplicateThresholdObservationArray) ToAlertRuleAnomalyDuplicateThresholdObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateThresholdObservationArrayOutput

type AlertRuleAnomalyDuplicateThresholdObservationArrayInput added in v5.38.0 

type AlertRuleAnomalyDuplicateThresholdObservationArrayInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicateThresholdObservationArrayOutput() AlertRuleAnomalyDuplicateThresholdObservationArrayOutput
	ToAlertRuleAnomalyDuplicateThresholdObservationArrayOutputWithContext(context.Context) AlertRuleAnomalyDuplicateThresholdObservationArrayOutput
}

AlertRuleAnomalyDuplicateThresholdObservationArrayInput is an input type that accepts AlertRuleAnomalyDuplicateThresholdObservationArray and AlertRuleAnomalyDuplicateThresholdObservationArrayOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicateThresholdObservationArrayInput` via: 

AlertRuleAnomalyDuplicateThresholdObservationArray{ AlertRuleAnomalyDuplicateThresholdObservationArgs{...} }

type AlertRuleAnomalyDuplicateThresholdObservationArrayOutput added in v5.38.0 

type AlertRuleAnomalyDuplicateThresholdObservationArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicateThresholdObservationArrayOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateThresholdObservationArrayOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateThresholdObservationArrayOutput) Index added in v5.38.0 

func (o AlertRuleAnomalyDuplicateThresholdObservationArrayOutput) Index(i pulumi.IntInput) AlertRuleAnomalyDuplicateThresholdObservationOutput

func (AlertRuleAnomalyDuplicateThresholdObservationArrayOutput) ToAlertRuleAnomalyDuplicateThresholdObservationArrayOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicateThresholdObservationArrayOutput) ToAlertRuleAnomalyDuplicateThresholdObservationArrayOutput() AlertRuleAnomalyDuplicateThresholdObservationArrayOutput

func (AlertRuleAnomalyDuplicateThresholdObservationArrayOutput) ToAlertRuleAnomalyDuplicateThresholdObservationArrayOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicateThresholdObservationArrayOutput) ToAlertRuleAnomalyDuplicateThresholdObservationArrayOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateThresholdObservationArrayOutput

type AlertRuleAnomalyDuplicateThresholdObservationInput added in v5.38.0 

type AlertRuleAnomalyDuplicateThresholdObservationInput interface {
	pulumi.Input

	ToAlertRuleAnomalyDuplicateThresholdObservationOutput() AlertRuleAnomalyDuplicateThresholdObservationOutput
	ToAlertRuleAnomalyDuplicateThresholdObservationOutputWithContext(context.Context) AlertRuleAnomalyDuplicateThresholdObservationOutput
}

AlertRuleAnomalyDuplicateThresholdObservationInput is an input type that accepts AlertRuleAnomalyDuplicateThresholdObservationArgs and AlertRuleAnomalyDuplicateThresholdObservationOutput values. You can construct a concrete instance of `AlertRuleAnomalyDuplicateThresholdObservationInput` via: 

AlertRuleAnomalyDuplicateThresholdObservationArgs{...}

type AlertRuleAnomalyDuplicateThresholdObservationOutput added in v5.38.0 

type AlertRuleAnomalyDuplicateThresholdObservationOutput struct{ *pulumi.OutputState }

func (AlertRuleAnomalyDuplicateThresholdObservationOutput) Description added in v5.38.0 

func (o AlertRuleAnomalyDuplicateThresholdObservationOutput) Description() pulumi.StringPtrOutput

The description of the threshold observation.

func (AlertRuleAnomalyDuplicateThresholdObservationOutput) ElementType added in v5.38.0 

func (AlertRuleAnomalyDuplicateThresholdObservationOutput) ElementType() reflect.Type

func (AlertRuleAnomalyDuplicateThresholdObservationOutput) Max added in v5.38.0 

func (o AlertRuleAnomalyDuplicateThresholdObservationOutput) Max() pulumi.StringPtrOutput

The max value of the threshold observation.

func (AlertRuleAnomalyDuplicateThresholdObservationOutput) Min added in v5.38.0 

func (o AlertRuleAnomalyDuplicateThresholdObservationOutput) Min() pulumi.StringPtrOutput

The min value of the threshold observation.

func (AlertRuleAnomalyDuplicateThresholdObservationOutput) Name added in v5.38.0 

func (o AlertRuleAnomalyDuplicateThresholdObservationOutput) Name() pulumi.StringOutput

The name of the threshold observation.

func (AlertRuleAnomalyDuplicateThresholdObservationOutput) ToAlertRuleAnomalyDuplicateThresholdObservationOutput added in v5.38.0 

func (o AlertRuleAnomalyDuplicateThresholdObservationOutput) ToAlertRuleAnomalyDuplicateThresholdObservationOutput() AlertRuleAnomalyDuplicateThresholdObservationOutput

func (AlertRuleAnomalyDuplicateThresholdObservationOutput) ToAlertRuleAnomalyDuplicateThresholdObservationOutputWithContext added in v5.38.0 

func (o AlertRuleAnomalyDuplicateThresholdObservationOutput) ToAlertRuleAnomalyDuplicateThresholdObservationOutputWithContext(ctx context.Context) AlertRuleAnomalyDuplicateThresholdObservationOutput

func (AlertRuleAnomalyDuplicateThresholdObservationOutput) Value added in v5.38.0 

func (o AlertRuleAnomalyDuplicateThresholdObservationOutput) Value() pulumi.StringOutput

The value of the threshold observation.

type AlertRuleFusion 

type AlertRuleFusion struct {
	pulumi.CustomResourceState

	// The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringOutput `pulumi:"alertRuleTemplateGuid"`
	// Should this Sentinel Fusion Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// One or more `source` blocks as defined below.
	Sources AlertRuleFusionSourceArrayOutput `pulumi:"sources"`
}

Manages a Sentinel Fusion Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "example", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            example.Location,
			ResourceGroupName:   example.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleFusion(ctx, "example", &sentinel.AlertRuleFusionArgs{
			Name:                    pulumi.String("example-fusion-alert-rule"),
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			AlertRuleTemplateGuid:   pulumi.String("f71aba3d-28fb-450b-b192-4e76a83015c8"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Fusion Alert Rules can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/alertRuleFusion:AlertRuleFusion example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1 ```

func GetAlertRuleFusion 

func GetAlertRuleFusion(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleFusionState, opts ...pulumi.ResourceOption) (*AlertRuleFusion, error)

GetAlertRuleFusion gets an existing AlertRuleFusion resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleFusion 

func NewAlertRuleFusion(ctx *pulumi.Context,
	name string, args *AlertRuleFusionArgs, opts ...pulumi.ResourceOption) (*AlertRuleFusion, error)

NewAlertRuleFusion registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleFusion) ElementType 

func (*AlertRuleFusion) ElementType() reflect.Type

func (*AlertRuleFusion) ToAlertRuleFusionOutput 

func (i *AlertRuleFusion) ToAlertRuleFusionOutput() AlertRuleFusionOutput

func (*AlertRuleFusion) ToAlertRuleFusionOutputWithContext 

func (i *AlertRuleFusion) ToAlertRuleFusionOutputWithContext(ctx context.Context) AlertRuleFusionOutput

type AlertRuleFusionArgs 

type AlertRuleFusionArgs struct {
	// The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringInput
	// Should this Sentinel Fusion Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	Name pulumi.StringPtrInput
	// One or more `source` blocks as defined below.
	Sources AlertRuleFusionSourceArrayInput
}

The set of arguments for constructing a AlertRuleFusion resource.

func (AlertRuleFusionArgs) ElementType 

func (AlertRuleFusionArgs) ElementType() reflect.Type

type AlertRuleFusionArray 

type AlertRuleFusionArray []AlertRuleFusionInput

func (AlertRuleFusionArray) ElementType 

func (AlertRuleFusionArray) ElementType() reflect.Type

func (AlertRuleFusionArray) ToAlertRuleFusionArrayOutput 

func (i AlertRuleFusionArray) ToAlertRuleFusionArrayOutput() AlertRuleFusionArrayOutput

func (AlertRuleFusionArray) ToAlertRuleFusionArrayOutputWithContext 

func (i AlertRuleFusionArray) ToAlertRuleFusionArrayOutputWithContext(ctx context.Context) AlertRuleFusionArrayOutput

type AlertRuleFusionArrayInput 

type AlertRuleFusionArrayInput interface {
	pulumi.Input

	ToAlertRuleFusionArrayOutput() AlertRuleFusionArrayOutput
	ToAlertRuleFusionArrayOutputWithContext(context.Context) AlertRuleFusionArrayOutput
}

AlertRuleFusionArrayInput is an input type that accepts AlertRuleFusionArray and AlertRuleFusionArrayOutput values. You can construct a concrete instance of `AlertRuleFusionArrayInput` via: 

AlertRuleFusionArray{ AlertRuleFusionArgs{...} }

type AlertRuleFusionArrayOutput 

type AlertRuleFusionArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionArrayOutput) ElementType 

func (AlertRuleFusionArrayOutput) ElementType() reflect.Type

func (AlertRuleFusionArrayOutput) Index 

func (o AlertRuleFusionArrayOutput) Index(i pulumi.IntInput) AlertRuleFusionOutput

func (AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutput 

func (o AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutput() AlertRuleFusionArrayOutput

func (AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutputWithContext 

func (o AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutputWithContext(ctx context.Context) AlertRuleFusionArrayOutput

type AlertRuleFusionInput 

type AlertRuleFusionInput interface {
	pulumi.Input

	ToAlertRuleFusionOutput() AlertRuleFusionOutput
	ToAlertRuleFusionOutputWithContext(ctx context.Context) AlertRuleFusionOutput
}

type AlertRuleFusionMap 

type AlertRuleFusionMap map[string]AlertRuleFusionInput

func (AlertRuleFusionMap) ElementType 

func (AlertRuleFusionMap) ElementType() reflect.Type

func (AlertRuleFusionMap) ToAlertRuleFusionMapOutput 

func (i AlertRuleFusionMap) ToAlertRuleFusionMapOutput() AlertRuleFusionMapOutput

func (AlertRuleFusionMap) ToAlertRuleFusionMapOutputWithContext 

func (i AlertRuleFusionMap) ToAlertRuleFusionMapOutputWithContext(ctx context.Context) AlertRuleFusionMapOutput

type AlertRuleFusionMapInput 

type AlertRuleFusionMapInput interface {
	pulumi.Input

	ToAlertRuleFusionMapOutput() AlertRuleFusionMapOutput
	ToAlertRuleFusionMapOutputWithContext(context.Context) AlertRuleFusionMapOutput
}

AlertRuleFusionMapInput is an input type that accepts AlertRuleFusionMap and AlertRuleFusionMapOutput values. You can construct a concrete instance of `AlertRuleFusionMapInput` via: 

AlertRuleFusionMap{ "key": AlertRuleFusionArgs{...} }

type AlertRuleFusionMapOutput 

type AlertRuleFusionMapOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionMapOutput) ElementType 

func (AlertRuleFusionMapOutput) ElementType() reflect.Type

func (AlertRuleFusionMapOutput) MapIndex 

func (o AlertRuleFusionMapOutput) MapIndex(k pulumi.StringInput) AlertRuleFusionOutput

func (AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutput 

func (o AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutput() AlertRuleFusionMapOutput

func (AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutputWithContext 

func (o AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutputWithContext(ctx context.Context) AlertRuleFusionMapOutput

type AlertRuleFusionOutput 

type AlertRuleFusionOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionOutput) AlertRuleTemplateGuid added in v5.5.0 

func (o AlertRuleFusionOutput) AlertRuleTemplateGuid() pulumi.StringOutput

The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.

func (AlertRuleFusionOutput) ElementType 

func (AlertRuleFusionOutput) ElementType() reflect.Type

func (AlertRuleFusionOutput) Enabled added in v5.5.0 

func (o AlertRuleFusionOutput) Enabled() pulumi.BoolPtrOutput

Should this Sentinel Fusion Alert Rule be enabled? Defaults to `true`.

func (AlertRuleFusionOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o AlertRuleFusionOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created.

func (AlertRuleFusionOutput) Name added in v5.5.0 

func (o AlertRuleFusionOutput) Name() pulumi.StringOutput

The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.

func (AlertRuleFusionOutput) Sources added in v5.25.0 

func (o AlertRuleFusionOutput) Sources() AlertRuleFusionSourceArrayOutput

One or more `source` blocks as defined below.

func (AlertRuleFusionOutput) ToAlertRuleFusionOutput 

func (o AlertRuleFusionOutput) ToAlertRuleFusionOutput() AlertRuleFusionOutput

func (AlertRuleFusionOutput) ToAlertRuleFusionOutputWithContext 

func (o AlertRuleFusionOutput) ToAlertRuleFusionOutputWithContext(ctx context.Context) AlertRuleFusionOutput

type AlertRuleFusionSource added in v5.25.0 

type AlertRuleFusionSource struct {
	// Whether this source signal is enabled or disabled in Fusion detection? Defaults to `true`.
	Enabled *bool `pulumi:"enabled"`
	// The name of the Fusion source signal. Refer to Fusion alert rule template for supported values.
	Name string `pulumi:"name"`
	// One or more `subType` blocks as defined below.
	SubTypes []AlertRuleFusionSourceSubType `pulumi:"subTypes"`
}

type AlertRuleFusionSourceArgs added in v5.25.0 

type AlertRuleFusionSourceArgs struct {
	// Whether this source signal is enabled or disabled in Fusion detection? Defaults to `true`.
	Enabled pulumi.BoolPtrInput `pulumi:"enabled"`
	// The name of the Fusion source signal. Refer to Fusion alert rule template for supported values.
	Name pulumi.StringInput `pulumi:"name"`
	// One or more `subType` blocks as defined below.
	SubTypes AlertRuleFusionSourceSubTypeArrayInput `pulumi:"subTypes"`
}

func (AlertRuleFusionSourceArgs) ElementType added in v5.25.0 

func (AlertRuleFusionSourceArgs) ElementType() reflect.Type

func (AlertRuleFusionSourceArgs) ToAlertRuleFusionSourceOutput added in v5.25.0 

func (i AlertRuleFusionSourceArgs) ToAlertRuleFusionSourceOutput() AlertRuleFusionSourceOutput

func (AlertRuleFusionSourceArgs) ToAlertRuleFusionSourceOutputWithContext added in v5.25.0 

func (i AlertRuleFusionSourceArgs) ToAlertRuleFusionSourceOutputWithContext(ctx context.Context) AlertRuleFusionSourceOutput

type AlertRuleFusionSourceArray added in v5.25.0 

type AlertRuleFusionSourceArray []AlertRuleFusionSourceInput

func (AlertRuleFusionSourceArray) ElementType added in v5.25.0 

func (AlertRuleFusionSourceArray) ElementType() reflect.Type

func (AlertRuleFusionSourceArray) ToAlertRuleFusionSourceArrayOutput added in v5.25.0 

func (i AlertRuleFusionSourceArray) ToAlertRuleFusionSourceArrayOutput() AlertRuleFusionSourceArrayOutput

func (AlertRuleFusionSourceArray) ToAlertRuleFusionSourceArrayOutputWithContext added in v5.25.0 

func (i AlertRuleFusionSourceArray) ToAlertRuleFusionSourceArrayOutputWithContext(ctx context.Context) AlertRuleFusionSourceArrayOutput

type AlertRuleFusionSourceArrayInput added in v5.25.0 

type AlertRuleFusionSourceArrayInput interface {
	pulumi.Input

	ToAlertRuleFusionSourceArrayOutput() AlertRuleFusionSourceArrayOutput
	ToAlertRuleFusionSourceArrayOutputWithContext(context.Context) AlertRuleFusionSourceArrayOutput
}

AlertRuleFusionSourceArrayInput is an input type that accepts AlertRuleFusionSourceArray and AlertRuleFusionSourceArrayOutput values. You can construct a concrete instance of `AlertRuleFusionSourceArrayInput` via: 

AlertRuleFusionSourceArray{ AlertRuleFusionSourceArgs{...} }

type AlertRuleFusionSourceArrayOutput added in v5.25.0 

type AlertRuleFusionSourceArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionSourceArrayOutput) ElementType added in v5.25.0 

func (AlertRuleFusionSourceArrayOutput) ElementType() reflect.Type

func (AlertRuleFusionSourceArrayOutput) Index added in v5.25.0 

func (o AlertRuleFusionSourceArrayOutput) Index(i pulumi.IntInput) AlertRuleFusionSourceOutput

func (AlertRuleFusionSourceArrayOutput) ToAlertRuleFusionSourceArrayOutput added in v5.25.0 

func (o AlertRuleFusionSourceArrayOutput) ToAlertRuleFusionSourceArrayOutput() AlertRuleFusionSourceArrayOutput

func (AlertRuleFusionSourceArrayOutput) ToAlertRuleFusionSourceArrayOutputWithContext added in v5.25.0 

func (o AlertRuleFusionSourceArrayOutput) ToAlertRuleFusionSourceArrayOutputWithContext(ctx context.Context) AlertRuleFusionSourceArrayOutput

type AlertRuleFusionSourceInput added in v5.25.0 

type AlertRuleFusionSourceInput interface {
	pulumi.Input

	ToAlertRuleFusionSourceOutput() AlertRuleFusionSourceOutput
	ToAlertRuleFusionSourceOutputWithContext(context.Context) AlertRuleFusionSourceOutput
}

AlertRuleFusionSourceInput is an input type that accepts AlertRuleFusionSourceArgs and AlertRuleFusionSourceOutput values. You can construct a concrete instance of `AlertRuleFusionSourceInput` via: 

AlertRuleFusionSourceArgs{...}

type AlertRuleFusionSourceOutput added in v5.25.0 

type AlertRuleFusionSourceOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionSourceOutput) ElementType added in v5.25.0 

func (AlertRuleFusionSourceOutput) ElementType() reflect.Type

func (AlertRuleFusionSourceOutput) Enabled added in v5.25.0 

func (o AlertRuleFusionSourceOutput) Enabled() pulumi.BoolPtrOutput

Whether this source signal is enabled or disabled in Fusion detection? Defaults to `true`.

func (AlertRuleFusionSourceOutput) Name added in v5.25.0 

func (o AlertRuleFusionSourceOutput) Name() pulumi.StringOutput

The name of the Fusion source signal. Refer to Fusion alert rule template for supported values.

func (AlertRuleFusionSourceOutput) SubTypes added in v5.25.0 

func (o AlertRuleFusionSourceOutput) SubTypes() AlertRuleFusionSourceSubTypeArrayOutput

One or more `subType` blocks as defined below.

func (AlertRuleFusionSourceOutput) ToAlertRuleFusionSourceOutput added in v5.25.0 

func (o AlertRuleFusionSourceOutput) ToAlertRuleFusionSourceOutput() AlertRuleFusionSourceOutput

func (AlertRuleFusionSourceOutput) ToAlertRuleFusionSourceOutputWithContext added in v5.25.0 

func (o AlertRuleFusionSourceOutput) ToAlertRuleFusionSourceOutputWithContext(ctx context.Context) AlertRuleFusionSourceOutput

type AlertRuleFusionSourceSubType added in v5.25.0 

type AlertRuleFusionSourceSubType struct {
	// Whether this source subtype under source signal is enabled or disabled in Fusion detection. Defaults to `true`.
	Enabled *bool `pulumi:"enabled"`
	// The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values.
	Name string `pulumi:"name"`
	// A list of severities that are enabled for this source subtype consumed in Fusion detection. Possible values for each element are `High`, `Medium`, `Low`, `Informational`.
	SeveritiesAlloweds []string `pulumi:"severitiesAlloweds"`
}

type AlertRuleFusionSourceSubTypeArgs added in v5.25.0 

type AlertRuleFusionSourceSubTypeArgs struct {
	// Whether this source subtype under source signal is enabled or disabled in Fusion detection. Defaults to `true`.
	Enabled pulumi.BoolPtrInput `pulumi:"enabled"`
	// The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values.
	Name pulumi.StringInput `pulumi:"name"`
	// A list of severities that are enabled for this source subtype consumed in Fusion detection. Possible values for each element are `High`, `Medium`, `Low`, `Informational`.
	SeveritiesAlloweds pulumi.StringArrayInput `pulumi:"severitiesAlloweds"`
}

func (AlertRuleFusionSourceSubTypeArgs) ElementType added in v5.25.0 

func (AlertRuleFusionSourceSubTypeArgs) ElementType() reflect.Type

func (AlertRuleFusionSourceSubTypeArgs) ToAlertRuleFusionSourceSubTypeOutput added in v5.25.0 

func (i AlertRuleFusionSourceSubTypeArgs) ToAlertRuleFusionSourceSubTypeOutput() AlertRuleFusionSourceSubTypeOutput

func (AlertRuleFusionSourceSubTypeArgs) ToAlertRuleFusionSourceSubTypeOutputWithContext added in v5.25.0 

func (i AlertRuleFusionSourceSubTypeArgs) ToAlertRuleFusionSourceSubTypeOutputWithContext(ctx context.Context) AlertRuleFusionSourceSubTypeOutput

type AlertRuleFusionSourceSubTypeArray added in v5.25.0 

type AlertRuleFusionSourceSubTypeArray []AlertRuleFusionSourceSubTypeInput

func (AlertRuleFusionSourceSubTypeArray) ElementType added in v5.25.0 

func (AlertRuleFusionSourceSubTypeArray) ElementType() reflect.Type

func (AlertRuleFusionSourceSubTypeArray) ToAlertRuleFusionSourceSubTypeArrayOutput added in v5.25.0 

func (i AlertRuleFusionSourceSubTypeArray) ToAlertRuleFusionSourceSubTypeArrayOutput() AlertRuleFusionSourceSubTypeArrayOutput

func (AlertRuleFusionSourceSubTypeArray) ToAlertRuleFusionSourceSubTypeArrayOutputWithContext added in v5.25.0 

func (i AlertRuleFusionSourceSubTypeArray) ToAlertRuleFusionSourceSubTypeArrayOutputWithContext(ctx context.Context) AlertRuleFusionSourceSubTypeArrayOutput

type AlertRuleFusionSourceSubTypeArrayInput added in v5.25.0 

type AlertRuleFusionSourceSubTypeArrayInput interface {
	pulumi.Input

	ToAlertRuleFusionSourceSubTypeArrayOutput() AlertRuleFusionSourceSubTypeArrayOutput
	ToAlertRuleFusionSourceSubTypeArrayOutputWithContext(context.Context) AlertRuleFusionSourceSubTypeArrayOutput
}

AlertRuleFusionSourceSubTypeArrayInput is an input type that accepts AlertRuleFusionSourceSubTypeArray and AlertRuleFusionSourceSubTypeArrayOutput values. You can construct a concrete instance of `AlertRuleFusionSourceSubTypeArrayInput` via: 

AlertRuleFusionSourceSubTypeArray{ AlertRuleFusionSourceSubTypeArgs{...} }

type AlertRuleFusionSourceSubTypeArrayOutput added in v5.25.0 

type AlertRuleFusionSourceSubTypeArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionSourceSubTypeArrayOutput) ElementType added in v5.25.0 

func (AlertRuleFusionSourceSubTypeArrayOutput) ElementType() reflect.Type

func (AlertRuleFusionSourceSubTypeArrayOutput) Index added in v5.25.0 

func (o AlertRuleFusionSourceSubTypeArrayOutput) Index(i pulumi.IntInput) AlertRuleFusionSourceSubTypeOutput

func (AlertRuleFusionSourceSubTypeArrayOutput) ToAlertRuleFusionSourceSubTypeArrayOutput added in v5.25.0 

func (o AlertRuleFusionSourceSubTypeArrayOutput) ToAlertRuleFusionSourceSubTypeArrayOutput() AlertRuleFusionSourceSubTypeArrayOutput

func (AlertRuleFusionSourceSubTypeArrayOutput) ToAlertRuleFusionSourceSubTypeArrayOutputWithContext added in v5.25.0 

func (o AlertRuleFusionSourceSubTypeArrayOutput) ToAlertRuleFusionSourceSubTypeArrayOutputWithContext(ctx context.Context) AlertRuleFusionSourceSubTypeArrayOutput

type AlertRuleFusionSourceSubTypeInput added in v5.25.0 

type AlertRuleFusionSourceSubTypeInput interface {
	pulumi.Input

	ToAlertRuleFusionSourceSubTypeOutput() AlertRuleFusionSourceSubTypeOutput
	ToAlertRuleFusionSourceSubTypeOutputWithContext(context.Context) AlertRuleFusionSourceSubTypeOutput
}

AlertRuleFusionSourceSubTypeInput is an input type that accepts AlertRuleFusionSourceSubTypeArgs and AlertRuleFusionSourceSubTypeOutput values. You can construct a concrete instance of `AlertRuleFusionSourceSubTypeInput` via: 

AlertRuleFusionSourceSubTypeArgs{...}

type AlertRuleFusionSourceSubTypeOutput added in v5.25.0 

type AlertRuleFusionSourceSubTypeOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionSourceSubTypeOutput) ElementType added in v5.25.0 

func (AlertRuleFusionSourceSubTypeOutput) ElementType() reflect.Type

func (AlertRuleFusionSourceSubTypeOutput) Enabled added in v5.25.0 

func (o AlertRuleFusionSourceSubTypeOutput) Enabled() pulumi.BoolPtrOutput

Whether this source subtype under source signal is enabled or disabled in Fusion detection. Defaults to `true`.

func (AlertRuleFusionSourceSubTypeOutput) Name added in v5.25.0 

func (o AlertRuleFusionSourceSubTypeOutput) Name() pulumi.StringOutput

The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values.

func (AlertRuleFusionSourceSubTypeOutput) SeveritiesAlloweds added in v5.25.0 

func (o AlertRuleFusionSourceSubTypeOutput) SeveritiesAlloweds() pulumi.StringArrayOutput

A list of severities that are enabled for this source subtype consumed in Fusion detection. Possible values for each element are `High`, `Medium`, `Low`, `Informational`.

func (AlertRuleFusionSourceSubTypeOutput) ToAlertRuleFusionSourceSubTypeOutput added in v5.25.0 

func (o AlertRuleFusionSourceSubTypeOutput) ToAlertRuleFusionSourceSubTypeOutput() AlertRuleFusionSourceSubTypeOutput

func (AlertRuleFusionSourceSubTypeOutput) ToAlertRuleFusionSourceSubTypeOutputWithContext added in v5.25.0 

func (o AlertRuleFusionSourceSubTypeOutput) ToAlertRuleFusionSourceSubTypeOutputWithContext(ctx context.Context) AlertRuleFusionSourceSubTypeOutput

type AlertRuleFusionState 

type AlertRuleFusionState struct {
	// The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// Should this Sentinel Fusion Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	Name pulumi.StringPtrInput
	// One or more `source` blocks as defined below.
	Sources AlertRuleFusionSourceArrayInput
}

func (AlertRuleFusionState) ElementType 

func (AlertRuleFusionState) ElementType() reflect.Type

type AlertRuleMachineLearningBehaviorAnalytics 

type AlertRuleMachineLearningBehaviorAnalytics struct {
	pulumi.CustomResourceState

	// The GUID of the alert rule template which is used for this Sentinel Machine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringOutput `pulumi:"alertRuleTemplateGuid"`
	// Should this Sentinel Machine Learning Behavior Analytics Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The ID of the Log Analytics Workspace this SentinelMachine Learning Behavior Analytics Alert Rule belongs to. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this SentinelMachine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a Sentinel Machine Learning Behavior Analytics Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleMachineLearningBehaviorAnalytics(ctx, "example", &sentinel.AlertRuleMachineLearningBehaviorAnalyticsArgs{
			Name:                    pulumi.String("example-ml-alert-rule"),
			LogAnalyticsWorkspaceId: exampleAnalyticsWorkspace.ID(),
			AlertRuleTemplateGuid:   pulumi.String("737a2ce1-70a3-4968-9e90-3e6aca836abf"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Machine Learning Behavior Analytics Rules can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/alertRuleMachineLearningBehaviorAnalytics:AlertRuleMachineLearningBehaviorAnalytics example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1 ```

func GetAlertRuleMachineLearningBehaviorAnalytics 

func GetAlertRuleMachineLearningBehaviorAnalytics(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleMachineLearningBehaviorAnalyticsState, opts ...pulumi.ResourceOption) (*AlertRuleMachineLearningBehaviorAnalytics, error)

GetAlertRuleMachineLearningBehaviorAnalytics gets an existing AlertRuleMachineLearningBehaviorAnalytics resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleMachineLearningBehaviorAnalytics 

func NewAlertRuleMachineLearningBehaviorAnalytics(ctx *pulumi.Context,
	name string, args *AlertRuleMachineLearningBehaviorAnalyticsArgs, opts ...pulumi.ResourceOption) (*AlertRuleMachineLearningBehaviorAnalytics, error)

NewAlertRuleMachineLearningBehaviorAnalytics registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleMachineLearningBehaviorAnalytics) ElementType 

func (*AlertRuleMachineLearningBehaviorAnalytics) ElementType() reflect.Type

func (*AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutput 

func (i *AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutput() AlertRuleMachineLearningBehaviorAnalyticsOutput

func (*AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext 

func (i *AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsOutput

type AlertRuleMachineLearningBehaviorAnalyticsArgs 

type AlertRuleMachineLearningBehaviorAnalyticsArgs struct {
	// The GUID of the alert rule template which is used for this Sentinel Machine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringInput
	// Should this Sentinel Machine Learning Behavior Analytics Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this SentinelMachine Learning Behavior Analytics Alert Rule belongs to. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this SentinelMachine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a AlertRuleMachineLearningBehaviorAnalytics resource.

func (AlertRuleMachineLearningBehaviorAnalyticsArgs) ElementType 

func (AlertRuleMachineLearningBehaviorAnalyticsArgs) ElementType() reflect.Type

type AlertRuleMachineLearningBehaviorAnalyticsArray 

type AlertRuleMachineLearningBehaviorAnalyticsArray []AlertRuleMachineLearningBehaviorAnalyticsInput

func (AlertRuleMachineLearningBehaviorAnalyticsArray) ElementType 

func (AlertRuleMachineLearningBehaviorAnalyticsArray) ElementType() reflect.Type

func (AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput 

func (i AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput() AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

func (AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext 

func (i AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

type AlertRuleMachineLearningBehaviorAnalyticsArrayInput 

type AlertRuleMachineLearningBehaviorAnalyticsArrayInput interface {
	pulumi.Input

	ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput() AlertRuleMachineLearningBehaviorAnalyticsArrayOutput
	ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext(context.Context) AlertRuleMachineLearningBehaviorAnalyticsArrayOutput
}

AlertRuleMachineLearningBehaviorAnalyticsArrayInput is an input type that accepts AlertRuleMachineLearningBehaviorAnalyticsArray and AlertRuleMachineLearningBehaviorAnalyticsArrayOutput values. You can construct a concrete instance of `AlertRuleMachineLearningBehaviorAnalyticsArrayInput` via: 

AlertRuleMachineLearningBehaviorAnalyticsArray{ AlertRuleMachineLearningBehaviorAnalyticsArgs{...} }

type AlertRuleMachineLearningBehaviorAnalyticsArrayOutput 

type AlertRuleMachineLearningBehaviorAnalyticsArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ElementType 

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ElementType() reflect.Type

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) Index 

func (o AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) Index(i pulumi.IntInput) AlertRuleMachineLearningBehaviorAnalyticsOutput

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput 

func (o AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput() AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext 

func (o AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

type AlertRuleMachineLearningBehaviorAnalyticsInput 

type AlertRuleMachineLearningBehaviorAnalyticsInput interface {
	pulumi.Input

	ToAlertRuleMachineLearningBehaviorAnalyticsOutput() AlertRuleMachineLearningBehaviorAnalyticsOutput
	ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsOutput
}

type AlertRuleMachineLearningBehaviorAnalyticsMap 

type AlertRuleMachineLearningBehaviorAnalyticsMap map[string]AlertRuleMachineLearningBehaviorAnalyticsInput

func (AlertRuleMachineLearningBehaviorAnalyticsMap) ElementType 

func (AlertRuleMachineLearningBehaviorAnalyticsMap) ElementType() reflect.Type

func (AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput 

func (i AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput() AlertRuleMachineLearningBehaviorAnalyticsMapOutput

func (AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext 

func (i AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsMapOutput

type AlertRuleMachineLearningBehaviorAnalyticsMapInput 

type AlertRuleMachineLearningBehaviorAnalyticsMapInput interface {
	pulumi.Input

	ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput() AlertRuleMachineLearningBehaviorAnalyticsMapOutput
	ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext(context.Context) AlertRuleMachineLearningBehaviorAnalyticsMapOutput
}

AlertRuleMachineLearningBehaviorAnalyticsMapInput is an input type that accepts AlertRuleMachineLearningBehaviorAnalyticsMap and AlertRuleMachineLearningBehaviorAnalyticsMapOutput values. You can construct a concrete instance of `AlertRuleMachineLearningBehaviorAnalyticsMapInput` via: 

AlertRuleMachineLearningBehaviorAnalyticsMap{ "key": AlertRuleMachineLearningBehaviorAnalyticsArgs{...} }

type AlertRuleMachineLearningBehaviorAnalyticsMapOutput 

type AlertRuleMachineLearningBehaviorAnalyticsMapOutput struct{ *pulumi.OutputState }

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ElementType 

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ElementType() reflect.Type

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) MapIndex 

func (o AlertRuleMachineLearningBehaviorAnalyticsMapOutput) MapIndex(k pulumi.StringInput) AlertRuleMachineLearningBehaviorAnalyticsOutput

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput 

func (o AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput() AlertRuleMachineLearningBehaviorAnalyticsMapOutput

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext 

func (o AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsMapOutput

type AlertRuleMachineLearningBehaviorAnalyticsOutput 

type AlertRuleMachineLearningBehaviorAnalyticsOutput struct{ *pulumi.OutputState }

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) AlertRuleTemplateGuid added in v5.5.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsOutput) AlertRuleTemplateGuid() pulumi.StringOutput

The GUID of the alert rule template which is used for this Sentinel Machine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) ElementType 

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) ElementType() reflect.Type

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) Enabled added in v5.5.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsOutput) Enabled() pulumi.BoolPtrOutput

Should this Sentinel Machine Learning Behavior Analytics Alert Rule be enabled? Defaults to `true`.

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace this SentinelMachine Learning Behavior Analytics Alert Rule belongs to. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) Name added in v5.5.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsOutput) Name() pulumi.StringOutput

The name which should be used for this SentinelMachine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutput 

func (o AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutput() AlertRuleMachineLearningBehaviorAnalyticsOutput

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext 

func (o AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsOutput

type AlertRuleMachineLearningBehaviorAnalyticsState 

type AlertRuleMachineLearningBehaviorAnalyticsState struct {
	// The GUID of the alert rule template which is used for this Sentinel Machine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// Should this Sentinel Machine Learning Behavior Analytics Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this SentinelMachine Learning Behavior Analytics Alert Rule belongs to. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this SentinelMachine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	Name pulumi.StringPtrInput
}

func (AlertRuleMachineLearningBehaviorAnalyticsState) ElementType 

func (AlertRuleMachineLearningBehaviorAnalyticsState) ElementType() reflect.Type

type AlertRuleMsSecurityIncident 

type AlertRuleMsSecurityIncident struct {
	pulumi.CustomResourceState

	// The GUID of the alert rule template which is used to create this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrOutput `pulumi:"alertRuleTemplateGuid"`
	// The description of this Sentinel MS Security Incident Alert Rule.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The friendly name of this Sentinel MS Security Incident Alert Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Only create incidents when the alert display name doesn't contain text from this list.
	DisplayNameExcludeFilters pulumi.StringArrayOutput `pulumi:"displayNameExcludeFilters"`
	// Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.
	DisplayNameFilters pulumi.StringArrayOutput `pulumi:"displayNameFilters"`
	// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT`, `Microsoft Cloud App Security`, `Microsoft Defender Advanced Threat Protection` and `Office 365 Advanced Threat Protection`.
	ProductFilter pulumi.StringOutput `pulumi:"productFilter"`
	// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
	//
	// > **NOTE** At least one of the severity filters need to be set.
	SeverityFilters pulumi.StringArrayOutput `pulumi:"severityFilters"`
}

Manages a Sentinel MS Security Incident Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleMsSecurityIncident(ctx, "example", &sentinel.AlertRuleMsSecurityIncidentArgs{
			Name:                    pulumi.String("example-ms-security-incident-alert-rule"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			ProductFilter:           pulumi.String("Microsoft Cloud App Security"),
			DisplayName:             pulumi.String("example rule"),
			SeverityFilters: pulumi.StringArray{
				pulumi.String("High"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel MS Security Incident Alert Rules can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/alertRuleMsSecurityIncident:AlertRuleMsSecurityIncident example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1 ```

func GetAlertRuleMsSecurityIncident 

func GetAlertRuleMsSecurityIncident(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleMsSecurityIncidentState, opts ...pulumi.ResourceOption) (*AlertRuleMsSecurityIncident, error)

GetAlertRuleMsSecurityIncident gets an existing AlertRuleMsSecurityIncident resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleMsSecurityIncident 

func NewAlertRuleMsSecurityIncident(ctx *pulumi.Context,
	name string, args *AlertRuleMsSecurityIncidentArgs, opts ...pulumi.ResourceOption) (*AlertRuleMsSecurityIncident, error)

NewAlertRuleMsSecurityIncident registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleMsSecurityIncident) ElementType 

func (*AlertRuleMsSecurityIncident) ElementType() reflect.Type

func (*AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutput 

func (i *AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutput() AlertRuleMsSecurityIncidentOutput

func (*AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutputWithContext 

func (i *AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentOutput

type AlertRuleMsSecurityIncidentArgs 

type AlertRuleMsSecurityIncidentArgs struct {
	// The GUID of the alert rule template which is used to create this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The description of this Sentinel MS Security Incident Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel MS Security Incident Alert Rule.
	DisplayName pulumi.StringInput
	// Only create incidents when the alert display name doesn't contain text from this list.
	DisplayNameExcludeFilters pulumi.StringArrayInput
	// Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.
	DisplayNameFilters pulumi.StringArrayInput
	// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT`, `Microsoft Cloud App Security`, `Microsoft Defender Advanced Threat Protection` and `Office 365 Advanced Threat Protection`.
	ProductFilter pulumi.StringInput
	// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
	//
	// > **NOTE** At least one of the severity filters need to be set.
	SeverityFilters pulumi.StringArrayInput
}

The set of arguments for constructing a AlertRuleMsSecurityIncident resource.

func (AlertRuleMsSecurityIncidentArgs) ElementType 

func (AlertRuleMsSecurityIncidentArgs) ElementType() reflect.Type

type AlertRuleMsSecurityIncidentArray 

type AlertRuleMsSecurityIncidentArray []AlertRuleMsSecurityIncidentInput

func (AlertRuleMsSecurityIncidentArray) ElementType 

func (AlertRuleMsSecurityIncidentArray) ElementType() reflect.Type

func (AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutput 

func (i AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutput() AlertRuleMsSecurityIncidentArrayOutput

func (AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutputWithContext 

func (i AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentArrayOutput

type AlertRuleMsSecurityIncidentArrayInput 

type AlertRuleMsSecurityIncidentArrayInput interface {
	pulumi.Input

	ToAlertRuleMsSecurityIncidentArrayOutput() AlertRuleMsSecurityIncidentArrayOutput
	ToAlertRuleMsSecurityIncidentArrayOutputWithContext(context.Context) AlertRuleMsSecurityIncidentArrayOutput
}

AlertRuleMsSecurityIncidentArrayInput is an input type that accepts AlertRuleMsSecurityIncidentArray and AlertRuleMsSecurityIncidentArrayOutput values. You can construct a concrete instance of `AlertRuleMsSecurityIncidentArrayInput` via: 

AlertRuleMsSecurityIncidentArray{ AlertRuleMsSecurityIncidentArgs{...} }

type AlertRuleMsSecurityIncidentArrayOutput 

type AlertRuleMsSecurityIncidentArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleMsSecurityIncidentArrayOutput) ElementType 

func (AlertRuleMsSecurityIncidentArrayOutput) ElementType() reflect.Type

func (AlertRuleMsSecurityIncidentArrayOutput) Index 

func (o AlertRuleMsSecurityIncidentArrayOutput) Index(i pulumi.IntInput) AlertRuleMsSecurityIncidentOutput

func (AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutput 

func (o AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutput() AlertRuleMsSecurityIncidentArrayOutput

func (AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutputWithContext 

func (o AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentArrayOutput

type AlertRuleMsSecurityIncidentInput 

type AlertRuleMsSecurityIncidentInput interface {
	pulumi.Input

	ToAlertRuleMsSecurityIncidentOutput() AlertRuleMsSecurityIncidentOutput
	ToAlertRuleMsSecurityIncidentOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentOutput
}

type AlertRuleMsSecurityIncidentMap 

type AlertRuleMsSecurityIncidentMap map[string]AlertRuleMsSecurityIncidentInput

func (AlertRuleMsSecurityIncidentMap) ElementType 

func (AlertRuleMsSecurityIncidentMap) ElementType() reflect.Type

func (AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutput 

func (i AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutput() AlertRuleMsSecurityIncidentMapOutput

func (AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutputWithContext 

func (i AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentMapOutput

type AlertRuleMsSecurityIncidentMapInput 

type AlertRuleMsSecurityIncidentMapInput interface {
	pulumi.Input

	ToAlertRuleMsSecurityIncidentMapOutput() AlertRuleMsSecurityIncidentMapOutput
	ToAlertRuleMsSecurityIncidentMapOutputWithContext(context.Context) AlertRuleMsSecurityIncidentMapOutput
}

AlertRuleMsSecurityIncidentMapInput is an input type that accepts AlertRuleMsSecurityIncidentMap and AlertRuleMsSecurityIncidentMapOutput values. You can construct a concrete instance of `AlertRuleMsSecurityIncidentMapInput` via: 

AlertRuleMsSecurityIncidentMap{ "key": AlertRuleMsSecurityIncidentArgs{...} }

type AlertRuleMsSecurityIncidentMapOutput 

type AlertRuleMsSecurityIncidentMapOutput struct{ *pulumi.OutputState }

func (AlertRuleMsSecurityIncidentMapOutput) ElementType 

func (AlertRuleMsSecurityIncidentMapOutput) ElementType() reflect.Type

func (AlertRuleMsSecurityIncidentMapOutput) MapIndex 

func (o AlertRuleMsSecurityIncidentMapOutput) MapIndex(k pulumi.StringInput) AlertRuleMsSecurityIncidentOutput

func (AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutput 

func (o AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutput() AlertRuleMsSecurityIncidentMapOutput

func (AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutputWithContext 

func (o AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentMapOutput

type AlertRuleMsSecurityIncidentOutput 

type AlertRuleMsSecurityIncidentOutput struct{ *pulumi.OutputState }

func (AlertRuleMsSecurityIncidentOutput) AlertRuleTemplateGuid added in v5.5.0 

func (o AlertRuleMsSecurityIncidentOutput) AlertRuleTemplateGuid() pulumi.StringPtrOutput

The GUID of the alert rule template which is used to create this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.

func (AlertRuleMsSecurityIncidentOutput) Description added in v5.5.0 

func (o AlertRuleMsSecurityIncidentOutput) Description() pulumi.StringPtrOutput

The description of this Sentinel MS Security Incident Alert Rule.

func (AlertRuleMsSecurityIncidentOutput) DisplayName added in v5.5.0 

func (o AlertRuleMsSecurityIncidentOutput) DisplayName() pulumi.StringOutput

The friendly name of this Sentinel MS Security Incident Alert Rule.

func (AlertRuleMsSecurityIncidentOutput) DisplayNameExcludeFilters added in v5.5.0 

func (o AlertRuleMsSecurityIncidentOutput) DisplayNameExcludeFilters() pulumi.StringArrayOutput

Only create incidents when the alert display name doesn't contain text from this list.

func (AlertRuleMsSecurityIncidentOutput) DisplayNameFilters added in v5.5.0 

func (o AlertRuleMsSecurityIncidentOutput) DisplayNameFilters() pulumi.StringArrayOutput

Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.

func (AlertRuleMsSecurityIncidentOutput) ElementType 

func (AlertRuleMsSecurityIncidentOutput) ElementType() reflect.Type

func (AlertRuleMsSecurityIncidentOutput) Enabled added in v5.5.0 

func (o AlertRuleMsSecurityIncidentOutput) Enabled() pulumi.BoolPtrOutput

Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.

func (AlertRuleMsSecurityIncidentOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o AlertRuleMsSecurityIncidentOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.

func (AlertRuleMsSecurityIncidentOutput) Name added in v5.5.0 

func (o AlertRuleMsSecurityIncidentOutput) Name() pulumi.StringOutput

The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.

func (AlertRuleMsSecurityIncidentOutput) ProductFilter added in v5.5.0 

func (o AlertRuleMsSecurityIncidentOutput) ProductFilter() pulumi.StringOutput

The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT`, `Microsoft Cloud App Security`, `Microsoft Defender Advanced Threat Protection` and `Office 365 Advanced Threat Protection`.

func (AlertRuleMsSecurityIncidentOutput) SeverityFilters added in v5.5.0 

func (o AlertRuleMsSecurityIncidentOutput) SeverityFilters() pulumi.StringArrayOutput

Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.

> **NOTE** At least one of the severity filters need to be set.

func (AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutput 

func (o AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutput() AlertRuleMsSecurityIncidentOutput

func (AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutputWithContext 

func (o AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentOutput

type AlertRuleMsSecurityIncidentState 

type AlertRuleMsSecurityIncidentState struct {
	// The GUID of the alert rule template which is used to create this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The description of this Sentinel MS Security Incident Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel MS Security Incident Alert Rule.
	DisplayName pulumi.StringPtrInput
	// Only create incidents when the alert display name doesn't contain text from this list.
	DisplayNameExcludeFilters pulumi.StringArrayInput
	// Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.
	DisplayNameFilters pulumi.StringArrayInput
	// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT`, `Microsoft Cloud App Security`, `Microsoft Defender Advanced Threat Protection` and `Office 365 Advanced Threat Protection`.
	ProductFilter pulumi.StringPtrInput
	// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
	//
	// > **NOTE** At least one of the severity filters need to be set.
	SeverityFilters pulumi.StringArrayInput
}

func (AlertRuleMsSecurityIncidentState) ElementType 

func (AlertRuleMsSecurityIncidentState) ElementType() reflect.Type

type AlertRuleNrt added in v5.18.0 

type AlertRuleNrt struct {
	pulumi.CustomResourceState

	// An `alertDetailsOverride` block as defined below.
	AlertDetailsOverrides AlertRuleNrtAlertDetailsOverrideArrayOutput `pulumi:"alertDetailsOverrides"`
	// The GUID of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrOutput `pulumi:"alertRuleTemplateGuid"`
	// The version of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
	AlertRuleTemplateVersion pulumi.StringPtrOutput `pulumi:"alertRuleTemplateVersion"`
	// A map of string key-value pairs of columns to be attached to this Sentinel NRT Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
	CustomDetails pulumi.StringMapOutput `pulumi:"customDetails"`
	// The description of this Sentinel NRT Alert Rule.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The friendly name of this Sentinel NRT Alert Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Should the Sentinel NRT Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// A list of `entityMapping` blocks as defined below.
	EntityMappings AlertRuleNrtEntityMappingArrayOutput `pulumi:"entityMappings"`
	// A `eventGrouping` block as defined below.
	//
	// > **NOTE:** `eventGrouping` will be required in the next major version of the AzureRM Provider.
	EventGrouping AlertRuleNrtEventGroupingOutput `pulumi:"eventGrouping"`
	// A `incident` block as defined below.
	Incident AlertRuleNrtIncidentOutput `pulumi:"incident"`
	// The ID of the Log Analytics Workspace this Sentinel NRT Alert Rule belongs to. Changing this forces a new Sentinel NRT Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The query of this Sentinel NRT Alert Rule.
	Query pulumi.StringOutput `pulumi:"query"`
	// A list of `sentinelEntityMapping` blocks as defined below.
	//
	// > **NOTE:** `entityMapping` and `sentinelEntityMapping` together can't exceed 5.
	SentinelEntityMappings AlertRuleNrtSentinelEntityMappingArrayOutput `pulumi:"sentinelEntityMappings"`
	// The alert severity of this Sentinel NRT Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringOutput `pulumi:"severity"`
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	SuppressionDuration pulumi.StringPtrOutput `pulumi:"suppressionDuration"`
	// Should the Sentinel NRT Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrOutput `pulumi:"suppressionEnabled"`
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `ImpairProcessControl`, `InhibitResponseFunction`, `InitialAccess`, `LateralMovement`, `Persistence`, `PreAttack`, `PrivilegeEscalation`, `Reconnaissance` and `ResourceDevelopment`.
	Tactics pulumi.StringArrayOutput `pulumi:"tactics"`
	// A list of techniques of attacks by which to classify the rule.
	Techniques pulumi.StringArrayOutput `pulumi:"techniques"`
}

Manages a Sentinel NRT Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("pergb2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleNrt(ctx, "example", &sentinel.AlertRuleNrtArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("example"),
			Severity:                pulumi.String("High"),
			Query:                   pulumi.String("AzureActivity |\n  where OperationName == \"Create or Update Virtual Machine\" or OperationName ==\"Create Deployment\" |\n  where ActivityStatus == \"Succeeded\" |\n  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller\n"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel NRT Alert Rules can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/alertRuleNrt:AlertRuleNrt example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1 ```

func GetAlertRuleNrt added in v5.18.0 

func GetAlertRuleNrt(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleNrtState, opts ...pulumi.ResourceOption) (*AlertRuleNrt, error)

GetAlertRuleNrt gets an existing AlertRuleNrt resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleNrt added in v5.18.0 

func NewAlertRuleNrt(ctx *pulumi.Context,
	name string, args *AlertRuleNrtArgs, opts ...pulumi.ResourceOption) (*AlertRuleNrt, error)

NewAlertRuleNrt registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleNrt) ElementType added in v5.18.0 

func (*AlertRuleNrt) ElementType() reflect.Type

func (*AlertRuleNrt) ToAlertRuleNrtOutput added in v5.18.0 

func (i *AlertRuleNrt) ToAlertRuleNrtOutput() AlertRuleNrtOutput

func (*AlertRuleNrt) ToAlertRuleNrtOutputWithContext added in v5.18.0 

func (i *AlertRuleNrt) ToAlertRuleNrtOutputWithContext(ctx context.Context) AlertRuleNrtOutput

type AlertRuleNrtAlertDetailsOverride added in v5.18.0 

type AlertRuleNrtAlertDetailsOverride struct {
	// The format containing columns name(s) to override the description of this Sentinel Alert Rule.
	DescriptionFormat *string `pulumi:"descriptionFormat"`
	// The format containing columns name(s) to override the name of this Sentinel Alert Rule.
	DisplayNameFormat *string `pulumi:"displayNameFormat"`
	// A list of `dynamicProperty` blocks as defined below.
	DynamicProperties []AlertRuleNrtAlertDetailsOverrideDynamicProperty `pulumi:"dynamicProperties"`
	// The column name to take the alert severity from.
	SeverityColumnName *string `pulumi:"severityColumnName"`
	// The column name to take the alert tactics from.
	TacticsColumnName *string `pulumi:"tacticsColumnName"`
}

type AlertRuleNrtAlertDetailsOverrideArgs added in v5.18.0 

type AlertRuleNrtAlertDetailsOverrideArgs struct {
	// The format containing columns name(s) to override the description of this Sentinel Alert Rule.
	DescriptionFormat pulumi.StringPtrInput `pulumi:"descriptionFormat"`
	// The format containing columns name(s) to override the name of this Sentinel Alert Rule.
	DisplayNameFormat pulumi.StringPtrInput `pulumi:"displayNameFormat"`
	// A list of `dynamicProperty` blocks as defined below.
	DynamicProperties AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayInput `pulumi:"dynamicProperties"`
	// The column name to take the alert severity from.
	SeverityColumnName pulumi.StringPtrInput `pulumi:"severityColumnName"`
	// The column name to take the alert tactics from.
	TacticsColumnName pulumi.StringPtrInput `pulumi:"tacticsColumnName"`
}

func (AlertRuleNrtAlertDetailsOverrideArgs) ElementType added in v5.18.0 

func (AlertRuleNrtAlertDetailsOverrideArgs) ElementType() reflect.Type

func (AlertRuleNrtAlertDetailsOverrideArgs) ToAlertRuleNrtAlertDetailsOverrideOutput added in v5.18.0 

func (i AlertRuleNrtAlertDetailsOverrideArgs) ToAlertRuleNrtAlertDetailsOverrideOutput() AlertRuleNrtAlertDetailsOverrideOutput

func (AlertRuleNrtAlertDetailsOverrideArgs) ToAlertRuleNrtAlertDetailsOverrideOutputWithContext added in v5.18.0 

func (i AlertRuleNrtAlertDetailsOverrideArgs) ToAlertRuleNrtAlertDetailsOverrideOutputWithContext(ctx context.Context) AlertRuleNrtAlertDetailsOverrideOutput

type AlertRuleNrtAlertDetailsOverrideArray added in v5.18.0 

type AlertRuleNrtAlertDetailsOverrideArray []AlertRuleNrtAlertDetailsOverrideInput

func (AlertRuleNrtAlertDetailsOverrideArray) ElementType added in v5.18.0 

func (AlertRuleNrtAlertDetailsOverrideArray) ElementType() reflect.Type

func (AlertRuleNrtAlertDetailsOverrideArray) ToAlertRuleNrtAlertDetailsOverrideArrayOutput added in v5.18.0 

func (i AlertRuleNrtAlertDetailsOverrideArray) ToAlertRuleNrtAlertDetailsOverrideArrayOutput() AlertRuleNrtAlertDetailsOverrideArrayOutput

func (AlertRuleNrtAlertDetailsOverrideArray) ToAlertRuleNrtAlertDetailsOverrideArrayOutputWithContext added in v5.18.0 

func (i AlertRuleNrtAlertDetailsOverrideArray) ToAlertRuleNrtAlertDetailsOverrideArrayOutputWithContext(ctx context.Context) AlertRuleNrtAlertDetailsOverrideArrayOutput

type AlertRuleNrtAlertDetailsOverrideArrayInput added in v5.18.0 

type AlertRuleNrtAlertDetailsOverrideArrayInput interface {
	pulumi.Input

	ToAlertRuleNrtAlertDetailsOverrideArrayOutput() AlertRuleNrtAlertDetailsOverrideArrayOutput
	ToAlertRuleNrtAlertDetailsOverrideArrayOutputWithContext(context.Context) AlertRuleNrtAlertDetailsOverrideArrayOutput
}

AlertRuleNrtAlertDetailsOverrideArrayInput is an input type that accepts AlertRuleNrtAlertDetailsOverrideArray and AlertRuleNrtAlertDetailsOverrideArrayOutput values. You can construct a concrete instance of `AlertRuleNrtAlertDetailsOverrideArrayInput` via: 

AlertRuleNrtAlertDetailsOverrideArray{ AlertRuleNrtAlertDetailsOverrideArgs{...} }

type AlertRuleNrtAlertDetailsOverrideArrayOutput added in v5.18.0 

type AlertRuleNrtAlertDetailsOverrideArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtAlertDetailsOverrideArrayOutput) ElementType added in v5.18.0 

func (AlertRuleNrtAlertDetailsOverrideArrayOutput) ElementType() reflect.Type

func (AlertRuleNrtAlertDetailsOverrideArrayOutput) Index added in v5.18.0 

func (o AlertRuleNrtAlertDetailsOverrideArrayOutput) Index(i pulumi.IntInput) AlertRuleNrtAlertDetailsOverrideOutput

func (AlertRuleNrtAlertDetailsOverrideArrayOutput) ToAlertRuleNrtAlertDetailsOverrideArrayOutput added in v5.18.0 

func (o AlertRuleNrtAlertDetailsOverrideArrayOutput) ToAlertRuleNrtAlertDetailsOverrideArrayOutput() AlertRuleNrtAlertDetailsOverrideArrayOutput

func (AlertRuleNrtAlertDetailsOverrideArrayOutput) ToAlertRuleNrtAlertDetailsOverrideArrayOutputWithContext added in v5.18.0 

func (o AlertRuleNrtAlertDetailsOverrideArrayOutput) ToAlertRuleNrtAlertDetailsOverrideArrayOutputWithContext(ctx context.Context) AlertRuleNrtAlertDetailsOverrideArrayOutput

type AlertRuleNrtAlertDetailsOverrideDynamicProperty added in v5.35.0 

type AlertRuleNrtAlertDetailsOverrideDynamicProperty struct {
	// The name of the dynamic property. Possible Values are `AlertLink`, `ConfidenceLevel`, `ConfidenceScore`, `ExtendedLinks`, `ProductComponentName`, `ProductName`, `ProviderName`, `RemediationSteps` and `Techniques`.
	Name string `pulumi:"name"`
	// The value of the dynamic property. Pssible Values are `Caller`, `dcount_ResourceId` and `EventSubmissionTimestamp`.
	Value string `pulumi:"value"`
}

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyArgs added in v5.35.0 

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyArgs struct {
	// The name of the dynamic property. Possible Values are `AlertLink`, `ConfidenceLevel`, `ConfidenceScore`, `ExtendedLinks`, `ProductComponentName`, `ProductName`, `ProviderName`, `RemediationSteps` and `Techniques`.
	Name pulumi.StringInput `pulumi:"name"`
	// The value of the dynamic property. Pssible Values are `Caller`, `dcount_ResourceId` and `EventSubmissionTimestamp`.
	Value pulumi.StringInput `pulumi:"value"`
}

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArgs) ElementType added in v5.35.0 

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArgs) ElementType() reflect.Type

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArgs) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput added in v5.35.0 

func (i AlertRuleNrtAlertDetailsOverrideDynamicPropertyArgs) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput() AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArgs) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyOutputWithContext added in v5.35.0 

func (i AlertRuleNrtAlertDetailsOverrideDynamicPropertyArgs) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyOutputWithContext(ctx context.Context) AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyArray added in v5.35.0 

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyArray []AlertRuleNrtAlertDetailsOverrideDynamicPropertyInput

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArray) ElementType added in v5.35.0 

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArray) ElementType() reflect.Type

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArray) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput added in v5.35.0 

func (i AlertRuleNrtAlertDetailsOverrideDynamicPropertyArray) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput() AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArray) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutputWithContext added in v5.35.0 

func (i AlertRuleNrtAlertDetailsOverrideDynamicPropertyArray) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutputWithContext(ctx context.Context) AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayInput added in v5.35.0 

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayInput interface {
	pulumi.Input

	ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput() AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput
	ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutputWithContext(context.Context) AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput
}

AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayInput is an input type that accepts AlertRuleNrtAlertDetailsOverrideDynamicPropertyArray and AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput values. You can construct a concrete instance of `AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayInput` via: 

AlertRuleNrtAlertDetailsOverrideDynamicPropertyArray{ AlertRuleNrtAlertDetailsOverrideDynamicPropertyArgs{...} }

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput added in v5.35.0 

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput) ElementType added in v5.35.0 

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput) ElementType() reflect.Type

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput) Index added in v5.35.0 

func (o AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput) Index(i pulumi.IntInput) AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput added in v5.35.0 

func (o AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput() AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutputWithContext added in v5.35.0 

func (o AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutputWithContext(ctx context.Context) AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyInput added in v5.35.0 

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyInput interface {
	pulumi.Input

	ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput() AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput
	ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyOutputWithContext(context.Context) AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput
}

AlertRuleNrtAlertDetailsOverrideDynamicPropertyInput is an input type that accepts AlertRuleNrtAlertDetailsOverrideDynamicPropertyArgs and AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput values. You can construct a concrete instance of `AlertRuleNrtAlertDetailsOverrideDynamicPropertyInput` via: 

AlertRuleNrtAlertDetailsOverrideDynamicPropertyArgs{...}

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput added in v5.35.0 

type AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput) ElementType added in v5.35.0 

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput) ElementType() reflect.Type

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput) Name added in v5.35.0 

func (o AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput) Name() pulumi.StringOutput

The name of the dynamic property. Possible Values are `AlertLink`, `ConfidenceLevel`, `ConfidenceScore`, `ExtendedLinks`, `ProductComponentName`, `ProductName`, `ProviderName`, `RemediationSteps` and `Techniques`.

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput added in v5.35.0 

func (o AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput() AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyOutputWithContext added in v5.35.0 

func (o AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput) ToAlertRuleNrtAlertDetailsOverrideDynamicPropertyOutputWithContext(ctx context.Context) AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput

func (AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput) Value added in v5.35.0 

func (o AlertRuleNrtAlertDetailsOverrideDynamicPropertyOutput) Value() pulumi.StringOutput

The value of the dynamic property. Pssible Values are `Caller`, `dcount_ResourceId` and `EventSubmissionTimestamp`.

type AlertRuleNrtAlertDetailsOverrideInput added in v5.18.0 

type AlertRuleNrtAlertDetailsOverrideInput interface {
	pulumi.Input

	ToAlertRuleNrtAlertDetailsOverrideOutput() AlertRuleNrtAlertDetailsOverrideOutput
	ToAlertRuleNrtAlertDetailsOverrideOutputWithContext(context.Context) AlertRuleNrtAlertDetailsOverrideOutput
}

AlertRuleNrtAlertDetailsOverrideInput is an input type that accepts AlertRuleNrtAlertDetailsOverrideArgs and AlertRuleNrtAlertDetailsOverrideOutput values. You can construct a concrete instance of `AlertRuleNrtAlertDetailsOverrideInput` via: 

AlertRuleNrtAlertDetailsOverrideArgs{...}

type AlertRuleNrtAlertDetailsOverrideOutput added in v5.18.0 

type AlertRuleNrtAlertDetailsOverrideOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtAlertDetailsOverrideOutput) DescriptionFormat added in v5.18.0 

func (o AlertRuleNrtAlertDetailsOverrideOutput) DescriptionFormat() pulumi.StringPtrOutput

The format containing columns name(s) to override the description of this Sentinel Alert Rule.

func (AlertRuleNrtAlertDetailsOverrideOutput) DisplayNameFormat added in v5.18.0 

func (o AlertRuleNrtAlertDetailsOverrideOutput) DisplayNameFormat() pulumi.StringPtrOutput

The format containing columns name(s) to override the name of this Sentinel Alert Rule.

func (AlertRuleNrtAlertDetailsOverrideOutput) DynamicProperties added in v5.35.0 

func (o AlertRuleNrtAlertDetailsOverrideOutput) DynamicProperties() AlertRuleNrtAlertDetailsOverrideDynamicPropertyArrayOutput

A list of `dynamicProperty` blocks as defined below.

func (AlertRuleNrtAlertDetailsOverrideOutput) ElementType added in v5.18.0 

func (AlertRuleNrtAlertDetailsOverrideOutput) ElementType() reflect.Type

func (AlertRuleNrtAlertDetailsOverrideOutput) SeverityColumnName added in v5.18.0 

func (o AlertRuleNrtAlertDetailsOverrideOutput) SeverityColumnName() pulumi.StringPtrOutput

The column name to take the alert severity from.

func (AlertRuleNrtAlertDetailsOverrideOutput) TacticsColumnName added in v5.18.0 

func (o AlertRuleNrtAlertDetailsOverrideOutput) TacticsColumnName() pulumi.StringPtrOutput

The column name to take the alert tactics from.

func (AlertRuleNrtAlertDetailsOverrideOutput) ToAlertRuleNrtAlertDetailsOverrideOutput added in v5.18.0 

func (o AlertRuleNrtAlertDetailsOverrideOutput) ToAlertRuleNrtAlertDetailsOverrideOutput() AlertRuleNrtAlertDetailsOverrideOutput

func (AlertRuleNrtAlertDetailsOverrideOutput) ToAlertRuleNrtAlertDetailsOverrideOutputWithContext added in v5.18.0 

func (o AlertRuleNrtAlertDetailsOverrideOutput) ToAlertRuleNrtAlertDetailsOverrideOutputWithContext(ctx context.Context) AlertRuleNrtAlertDetailsOverrideOutput

type AlertRuleNrtArgs added in v5.18.0 

type AlertRuleNrtArgs struct {
	// An `alertDetailsOverride` block as defined below.
	AlertDetailsOverrides AlertRuleNrtAlertDetailsOverrideArrayInput
	// The GUID of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The version of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
	AlertRuleTemplateVersion pulumi.StringPtrInput
	// A map of string key-value pairs of columns to be attached to this Sentinel NRT Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
	CustomDetails pulumi.StringMapInput
	// The description of this Sentinel NRT Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel NRT Alert Rule.
	DisplayName pulumi.StringInput
	// Should the Sentinel NRT Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// A list of `entityMapping` blocks as defined below.
	EntityMappings AlertRuleNrtEntityMappingArrayInput
	// A `eventGrouping` block as defined below.
	//
	// > **NOTE:** `eventGrouping` will be required in the next major version of the AzureRM Provider.
	EventGrouping AlertRuleNrtEventGroupingPtrInput
	// A `incident` block as defined below.
	Incident AlertRuleNrtIncidentPtrInput
	// The ID of the Log Analytics Workspace this Sentinel NRT Alert Rule belongs to. Changing this forces a new Sentinel NRT Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The query of this Sentinel NRT Alert Rule.
	Query pulumi.StringInput
	// A list of `sentinelEntityMapping` blocks as defined below.
	//
	// > **NOTE:** `entityMapping` and `sentinelEntityMapping` together can't exceed 5.
	SentinelEntityMappings AlertRuleNrtSentinelEntityMappingArrayInput
	// The alert severity of this Sentinel NRT Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringInput
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	SuppressionDuration pulumi.StringPtrInput
	// Should the Sentinel NRT Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrInput
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `ImpairProcessControl`, `InhibitResponseFunction`, `InitialAccess`, `LateralMovement`, `Persistence`, `PreAttack`, `PrivilegeEscalation`, `Reconnaissance` and `ResourceDevelopment`.
	Tactics pulumi.StringArrayInput
	// A list of techniques of attacks by which to classify the rule.
	Techniques pulumi.StringArrayInput
}

The set of arguments for constructing a AlertRuleNrt resource.

func (AlertRuleNrtArgs) ElementType added in v5.18.0 

func (AlertRuleNrtArgs) ElementType() reflect.Type

type AlertRuleNrtArray added in v5.18.0 

type AlertRuleNrtArray []AlertRuleNrtInput

func (AlertRuleNrtArray) ElementType added in v5.18.0 

func (AlertRuleNrtArray) ElementType() reflect.Type

func (AlertRuleNrtArray) ToAlertRuleNrtArrayOutput added in v5.18.0 

func (i AlertRuleNrtArray) ToAlertRuleNrtArrayOutput() AlertRuleNrtArrayOutput

func (AlertRuleNrtArray) ToAlertRuleNrtArrayOutputWithContext added in v5.18.0 

func (i AlertRuleNrtArray) ToAlertRuleNrtArrayOutputWithContext(ctx context.Context) AlertRuleNrtArrayOutput

type AlertRuleNrtArrayInput added in v5.18.0 

type AlertRuleNrtArrayInput interface {
	pulumi.Input

	ToAlertRuleNrtArrayOutput() AlertRuleNrtArrayOutput
	ToAlertRuleNrtArrayOutputWithContext(context.Context) AlertRuleNrtArrayOutput
}

AlertRuleNrtArrayInput is an input type that accepts AlertRuleNrtArray and AlertRuleNrtArrayOutput values. You can construct a concrete instance of `AlertRuleNrtArrayInput` via: 

AlertRuleNrtArray{ AlertRuleNrtArgs{...} }

type AlertRuleNrtArrayOutput added in v5.18.0 

type AlertRuleNrtArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtArrayOutput) ElementType added in v5.18.0 

func (AlertRuleNrtArrayOutput) ElementType() reflect.Type

func (AlertRuleNrtArrayOutput) Index added in v5.18.0 

func (o AlertRuleNrtArrayOutput) Index(i pulumi.IntInput) AlertRuleNrtOutput

func (AlertRuleNrtArrayOutput) ToAlertRuleNrtArrayOutput added in v5.18.0 

func (o AlertRuleNrtArrayOutput) ToAlertRuleNrtArrayOutput() AlertRuleNrtArrayOutput

func (AlertRuleNrtArrayOutput) ToAlertRuleNrtArrayOutputWithContext added in v5.18.0 

func (o AlertRuleNrtArrayOutput) ToAlertRuleNrtArrayOutputWithContext(ctx context.Context) AlertRuleNrtArrayOutput

type AlertRuleNrtEntityMapping added in v5.18.0 

type AlertRuleNrtEntityMapping struct {
	// The type of the entity. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	EntityType string `pulumi:"entityType"`
	// A list of `fieldMapping` blocks as defined below.
	FieldMappings []AlertRuleNrtEntityMappingFieldMapping `pulumi:"fieldMappings"`
}

type AlertRuleNrtEntityMappingArgs added in v5.18.0 

type AlertRuleNrtEntityMappingArgs struct {
	// The type of the entity. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	EntityType pulumi.StringInput `pulumi:"entityType"`
	// A list of `fieldMapping` blocks as defined below.
	FieldMappings AlertRuleNrtEntityMappingFieldMappingArrayInput `pulumi:"fieldMappings"`
}

func (AlertRuleNrtEntityMappingArgs) ElementType added in v5.18.0 

func (AlertRuleNrtEntityMappingArgs) ElementType() reflect.Type

func (AlertRuleNrtEntityMappingArgs) ToAlertRuleNrtEntityMappingOutput added in v5.18.0 

func (i AlertRuleNrtEntityMappingArgs) ToAlertRuleNrtEntityMappingOutput() AlertRuleNrtEntityMappingOutput

func (AlertRuleNrtEntityMappingArgs) ToAlertRuleNrtEntityMappingOutputWithContext added in v5.18.0 

func (i AlertRuleNrtEntityMappingArgs) ToAlertRuleNrtEntityMappingOutputWithContext(ctx context.Context) AlertRuleNrtEntityMappingOutput

type AlertRuleNrtEntityMappingArray added in v5.18.0 

type AlertRuleNrtEntityMappingArray []AlertRuleNrtEntityMappingInput

func (AlertRuleNrtEntityMappingArray) ElementType added in v5.18.0 

func (AlertRuleNrtEntityMappingArray) ElementType() reflect.Type

func (AlertRuleNrtEntityMappingArray) ToAlertRuleNrtEntityMappingArrayOutput added in v5.18.0 

func (i AlertRuleNrtEntityMappingArray) ToAlertRuleNrtEntityMappingArrayOutput() AlertRuleNrtEntityMappingArrayOutput

func (AlertRuleNrtEntityMappingArray) ToAlertRuleNrtEntityMappingArrayOutputWithContext added in v5.18.0 

func (i AlertRuleNrtEntityMappingArray) ToAlertRuleNrtEntityMappingArrayOutputWithContext(ctx context.Context) AlertRuleNrtEntityMappingArrayOutput

type AlertRuleNrtEntityMappingArrayInput added in v5.18.0 

type AlertRuleNrtEntityMappingArrayInput interface {
	pulumi.Input

	ToAlertRuleNrtEntityMappingArrayOutput() AlertRuleNrtEntityMappingArrayOutput
	ToAlertRuleNrtEntityMappingArrayOutputWithContext(context.Context) AlertRuleNrtEntityMappingArrayOutput
}

AlertRuleNrtEntityMappingArrayInput is an input type that accepts AlertRuleNrtEntityMappingArray and AlertRuleNrtEntityMappingArrayOutput values. You can construct a concrete instance of `AlertRuleNrtEntityMappingArrayInput` via: 

AlertRuleNrtEntityMappingArray{ AlertRuleNrtEntityMappingArgs{...} }

type AlertRuleNrtEntityMappingArrayOutput added in v5.18.0 

type AlertRuleNrtEntityMappingArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtEntityMappingArrayOutput) ElementType added in v5.18.0 

func (AlertRuleNrtEntityMappingArrayOutput) ElementType() reflect.Type

func (AlertRuleNrtEntityMappingArrayOutput) Index added in v5.18.0 

func (o AlertRuleNrtEntityMappingArrayOutput) Index(i pulumi.IntInput) AlertRuleNrtEntityMappingOutput

func (AlertRuleNrtEntityMappingArrayOutput) ToAlertRuleNrtEntityMappingArrayOutput added in v5.18.0 

func (o AlertRuleNrtEntityMappingArrayOutput) ToAlertRuleNrtEntityMappingArrayOutput() AlertRuleNrtEntityMappingArrayOutput

func (AlertRuleNrtEntityMappingArrayOutput) ToAlertRuleNrtEntityMappingArrayOutputWithContext added in v5.18.0 

func (o AlertRuleNrtEntityMappingArrayOutput) ToAlertRuleNrtEntityMappingArrayOutputWithContext(ctx context.Context) AlertRuleNrtEntityMappingArrayOutput

type AlertRuleNrtEntityMappingFieldMapping added in v5.18.0 

type AlertRuleNrtEntityMappingFieldMapping struct {
	// The column name to be mapped to the identifier.
	ColumnName string `pulumi:"columnName"`
	// The identifier of the entity.
	Identifier string `pulumi:"identifier"`
}

type AlertRuleNrtEntityMappingFieldMappingArgs added in v5.18.0 

type AlertRuleNrtEntityMappingFieldMappingArgs struct {
	// The column name to be mapped to the identifier.
	ColumnName pulumi.StringInput `pulumi:"columnName"`
	// The identifier of the entity.
	Identifier pulumi.StringInput `pulumi:"identifier"`
}

func (AlertRuleNrtEntityMappingFieldMappingArgs) ElementType added in v5.18.0 

func (AlertRuleNrtEntityMappingFieldMappingArgs) ElementType() reflect.Type

func (AlertRuleNrtEntityMappingFieldMappingArgs) ToAlertRuleNrtEntityMappingFieldMappingOutput added in v5.18.0 

func (i AlertRuleNrtEntityMappingFieldMappingArgs) ToAlertRuleNrtEntityMappingFieldMappingOutput() AlertRuleNrtEntityMappingFieldMappingOutput

func (AlertRuleNrtEntityMappingFieldMappingArgs) ToAlertRuleNrtEntityMappingFieldMappingOutputWithContext added in v5.18.0 

func (i AlertRuleNrtEntityMappingFieldMappingArgs) ToAlertRuleNrtEntityMappingFieldMappingOutputWithContext(ctx context.Context) AlertRuleNrtEntityMappingFieldMappingOutput

type AlertRuleNrtEntityMappingFieldMappingArray added in v5.18.0 

type AlertRuleNrtEntityMappingFieldMappingArray []AlertRuleNrtEntityMappingFieldMappingInput

func (AlertRuleNrtEntityMappingFieldMappingArray) ElementType added in v5.18.0 

func (AlertRuleNrtEntityMappingFieldMappingArray) ElementType() reflect.Type

func (AlertRuleNrtEntityMappingFieldMappingArray) ToAlertRuleNrtEntityMappingFieldMappingArrayOutput added in v5.18.0 

func (i AlertRuleNrtEntityMappingFieldMappingArray) ToAlertRuleNrtEntityMappingFieldMappingArrayOutput() AlertRuleNrtEntityMappingFieldMappingArrayOutput

func (AlertRuleNrtEntityMappingFieldMappingArray) ToAlertRuleNrtEntityMappingFieldMappingArrayOutputWithContext added in v5.18.0 

func (i AlertRuleNrtEntityMappingFieldMappingArray) ToAlertRuleNrtEntityMappingFieldMappingArrayOutputWithContext(ctx context.Context) AlertRuleNrtEntityMappingFieldMappingArrayOutput

type AlertRuleNrtEntityMappingFieldMappingArrayInput added in v5.18.0 

type AlertRuleNrtEntityMappingFieldMappingArrayInput interface {
	pulumi.Input

	ToAlertRuleNrtEntityMappingFieldMappingArrayOutput() AlertRuleNrtEntityMappingFieldMappingArrayOutput
	ToAlertRuleNrtEntityMappingFieldMappingArrayOutputWithContext(context.Context) AlertRuleNrtEntityMappingFieldMappingArrayOutput
}

AlertRuleNrtEntityMappingFieldMappingArrayInput is an input type that accepts AlertRuleNrtEntityMappingFieldMappingArray and AlertRuleNrtEntityMappingFieldMappingArrayOutput values. You can construct a concrete instance of `AlertRuleNrtEntityMappingFieldMappingArrayInput` via: 

AlertRuleNrtEntityMappingFieldMappingArray{ AlertRuleNrtEntityMappingFieldMappingArgs{...} }

type AlertRuleNrtEntityMappingFieldMappingArrayOutput added in v5.18.0 

type AlertRuleNrtEntityMappingFieldMappingArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtEntityMappingFieldMappingArrayOutput) ElementType added in v5.18.0 

func (AlertRuleNrtEntityMappingFieldMappingArrayOutput) ElementType() reflect.Type

func (AlertRuleNrtEntityMappingFieldMappingArrayOutput) Index added in v5.18.0 

func (o AlertRuleNrtEntityMappingFieldMappingArrayOutput) Index(i pulumi.IntInput) AlertRuleNrtEntityMappingFieldMappingOutput

func (AlertRuleNrtEntityMappingFieldMappingArrayOutput) ToAlertRuleNrtEntityMappingFieldMappingArrayOutput added in v5.18.0 

func (o AlertRuleNrtEntityMappingFieldMappingArrayOutput) ToAlertRuleNrtEntityMappingFieldMappingArrayOutput() AlertRuleNrtEntityMappingFieldMappingArrayOutput

func (AlertRuleNrtEntityMappingFieldMappingArrayOutput) ToAlertRuleNrtEntityMappingFieldMappingArrayOutputWithContext added in v5.18.0 

func (o AlertRuleNrtEntityMappingFieldMappingArrayOutput) ToAlertRuleNrtEntityMappingFieldMappingArrayOutputWithContext(ctx context.Context) AlertRuleNrtEntityMappingFieldMappingArrayOutput

type AlertRuleNrtEntityMappingFieldMappingInput added in v5.18.0 

type AlertRuleNrtEntityMappingFieldMappingInput interface {
	pulumi.Input

	ToAlertRuleNrtEntityMappingFieldMappingOutput() AlertRuleNrtEntityMappingFieldMappingOutput
	ToAlertRuleNrtEntityMappingFieldMappingOutputWithContext(context.Context) AlertRuleNrtEntityMappingFieldMappingOutput
}

AlertRuleNrtEntityMappingFieldMappingInput is an input type that accepts AlertRuleNrtEntityMappingFieldMappingArgs and AlertRuleNrtEntityMappingFieldMappingOutput values. You can construct a concrete instance of `AlertRuleNrtEntityMappingFieldMappingInput` via: 

AlertRuleNrtEntityMappingFieldMappingArgs{...}

type AlertRuleNrtEntityMappingFieldMappingOutput added in v5.18.0 

type AlertRuleNrtEntityMappingFieldMappingOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtEntityMappingFieldMappingOutput) ColumnName added in v5.18.0 

func (o AlertRuleNrtEntityMappingFieldMappingOutput) ColumnName() pulumi.StringOutput

The column name to be mapped to the identifier.

func (AlertRuleNrtEntityMappingFieldMappingOutput) ElementType added in v5.18.0 

func (AlertRuleNrtEntityMappingFieldMappingOutput) ElementType() reflect.Type

func (AlertRuleNrtEntityMappingFieldMappingOutput) Identifier added in v5.18.0 

func (o AlertRuleNrtEntityMappingFieldMappingOutput) Identifier() pulumi.StringOutput

The identifier of the entity.

func (AlertRuleNrtEntityMappingFieldMappingOutput) ToAlertRuleNrtEntityMappingFieldMappingOutput added in v5.18.0 

func (o AlertRuleNrtEntityMappingFieldMappingOutput) ToAlertRuleNrtEntityMappingFieldMappingOutput() AlertRuleNrtEntityMappingFieldMappingOutput

func (AlertRuleNrtEntityMappingFieldMappingOutput) ToAlertRuleNrtEntityMappingFieldMappingOutputWithContext added in v5.18.0 

func (o AlertRuleNrtEntityMappingFieldMappingOutput) ToAlertRuleNrtEntityMappingFieldMappingOutputWithContext(ctx context.Context) AlertRuleNrtEntityMappingFieldMappingOutput

type AlertRuleNrtEntityMappingInput added in v5.18.0 

type AlertRuleNrtEntityMappingInput interface {
	pulumi.Input

	ToAlertRuleNrtEntityMappingOutput() AlertRuleNrtEntityMappingOutput
	ToAlertRuleNrtEntityMappingOutputWithContext(context.Context) AlertRuleNrtEntityMappingOutput
}

AlertRuleNrtEntityMappingInput is an input type that accepts AlertRuleNrtEntityMappingArgs and AlertRuleNrtEntityMappingOutput values. You can construct a concrete instance of `AlertRuleNrtEntityMappingInput` via: 

AlertRuleNrtEntityMappingArgs{...}

type AlertRuleNrtEntityMappingOutput added in v5.18.0 

type AlertRuleNrtEntityMappingOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtEntityMappingOutput) ElementType added in v5.18.0 

func (AlertRuleNrtEntityMappingOutput) ElementType() reflect.Type

func (AlertRuleNrtEntityMappingOutput) EntityType added in v5.18.0 

func (o AlertRuleNrtEntityMappingOutput) EntityType() pulumi.StringOutput

The type of the entity. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.

func (AlertRuleNrtEntityMappingOutput) FieldMappings added in v5.18.0 

func (o AlertRuleNrtEntityMappingOutput) FieldMappings() AlertRuleNrtEntityMappingFieldMappingArrayOutput

A list of `fieldMapping` blocks as defined below.

func (AlertRuleNrtEntityMappingOutput) ToAlertRuleNrtEntityMappingOutput added in v5.18.0 

func (o AlertRuleNrtEntityMappingOutput) ToAlertRuleNrtEntityMappingOutput() AlertRuleNrtEntityMappingOutput

func (AlertRuleNrtEntityMappingOutput) ToAlertRuleNrtEntityMappingOutputWithContext added in v5.18.0 

func (o AlertRuleNrtEntityMappingOutput) ToAlertRuleNrtEntityMappingOutputWithContext(ctx context.Context) AlertRuleNrtEntityMappingOutput

type AlertRuleNrtEventGrouping added in v5.35.0 

type AlertRuleNrtEventGrouping struct {
	// The aggregation type of grouping the events. Possible values are `AlertPerResult` and `SingleAlert`.
	AggregationMethod string `pulumi:"aggregationMethod"`
}

type AlertRuleNrtEventGroupingArgs added in v5.35.0 

type AlertRuleNrtEventGroupingArgs struct {
	// The aggregation type of grouping the events. Possible values are `AlertPerResult` and `SingleAlert`.
	AggregationMethod pulumi.StringInput `pulumi:"aggregationMethod"`
}

func (AlertRuleNrtEventGroupingArgs) ElementType added in v5.35.0 

func (AlertRuleNrtEventGroupingArgs) ElementType() reflect.Type

func (AlertRuleNrtEventGroupingArgs) ToAlertRuleNrtEventGroupingOutput added in v5.35.0 

func (i AlertRuleNrtEventGroupingArgs) ToAlertRuleNrtEventGroupingOutput() AlertRuleNrtEventGroupingOutput

func (AlertRuleNrtEventGroupingArgs) ToAlertRuleNrtEventGroupingOutputWithContext added in v5.35.0 

func (i AlertRuleNrtEventGroupingArgs) ToAlertRuleNrtEventGroupingOutputWithContext(ctx context.Context) AlertRuleNrtEventGroupingOutput

func (AlertRuleNrtEventGroupingArgs) ToAlertRuleNrtEventGroupingPtrOutput added in v5.35.0 

func (i AlertRuleNrtEventGroupingArgs) ToAlertRuleNrtEventGroupingPtrOutput() AlertRuleNrtEventGroupingPtrOutput

func (AlertRuleNrtEventGroupingArgs) ToAlertRuleNrtEventGroupingPtrOutputWithContext added in v5.35.0 

func (i AlertRuleNrtEventGroupingArgs) ToAlertRuleNrtEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleNrtEventGroupingPtrOutput

type AlertRuleNrtEventGroupingInput added in v5.35.0 

type AlertRuleNrtEventGroupingInput interface {
	pulumi.Input

	ToAlertRuleNrtEventGroupingOutput() AlertRuleNrtEventGroupingOutput
	ToAlertRuleNrtEventGroupingOutputWithContext(context.Context) AlertRuleNrtEventGroupingOutput
}

AlertRuleNrtEventGroupingInput is an input type that accepts AlertRuleNrtEventGroupingArgs and AlertRuleNrtEventGroupingOutput values. You can construct a concrete instance of `AlertRuleNrtEventGroupingInput` via: 

AlertRuleNrtEventGroupingArgs{...}

type AlertRuleNrtEventGroupingOutput added in v5.35.0 

type AlertRuleNrtEventGroupingOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtEventGroupingOutput) AggregationMethod added in v5.35.0 

func (o AlertRuleNrtEventGroupingOutput) AggregationMethod() pulumi.StringOutput

The aggregation type of grouping the events. Possible values are `AlertPerResult` and `SingleAlert`.

func (AlertRuleNrtEventGroupingOutput) ElementType added in v5.35.0 

func (AlertRuleNrtEventGroupingOutput) ElementType() reflect.Type

func (AlertRuleNrtEventGroupingOutput) ToAlertRuleNrtEventGroupingOutput added in v5.35.0 

func (o AlertRuleNrtEventGroupingOutput) ToAlertRuleNrtEventGroupingOutput() AlertRuleNrtEventGroupingOutput

func (AlertRuleNrtEventGroupingOutput) ToAlertRuleNrtEventGroupingOutputWithContext added in v5.35.0 

func (o AlertRuleNrtEventGroupingOutput) ToAlertRuleNrtEventGroupingOutputWithContext(ctx context.Context) AlertRuleNrtEventGroupingOutput

func (AlertRuleNrtEventGroupingOutput) ToAlertRuleNrtEventGroupingPtrOutput added in v5.35.0 

func (o AlertRuleNrtEventGroupingOutput) ToAlertRuleNrtEventGroupingPtrOutput() AlertRuleNrtEventGroupingPtrOutput

func (AlertRuleNrtEventGroupingOutput) ToAlertRuleNrtEventGroupingPtrOutputWithContext added in v5.35.0 

func (o AlertRuleNrtEventGroupingOutput) ToAlertRuleNrtEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleNrtEventGroupingPtrOutput

type AlertRuleNrtEventGroupingPtrInput added in v5.35.0 

type AlertRuleNrtEventGroupingPtrInput interface {
	pulumi.Input

	ToAlertRuleNrtEventGroupingPtrOutput() AlertRuleNrtEventGroupingPtrOutput
	ToAlertRuleNrtEventGroupingPtrOutputWithContext(context.Context) AlertRuleNrtEventGroupingPtrOutput
}

AlertRuleNrtEventGroupingPtrInput is an input type that accepts AlertRuleNrtEventGroupingArgs, AlertRuleNrtEventGroupingPtr and AlertRuleNrtEventGroupingPtrOutput values. You can construct a concrete instance of `AlertRuleNrtEventGroupingPtrInput` via: 

        AlertRuleNrtEventGroupingArgs{...}

or:

        nil

func AlertRuleNrtEventGroupingPtr added in v5.35.0 

func AlertRuleNrtEventGroupingPtr(v *AlertRuleNrtEventGroupingArgs) AlertRuleNrtEventGroupingPtrInput

type AlertRuleNrtEventGroupingPtrOutput added in v5.35.0 

type AlertRuleNrtEventGroupingPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtEventGroupingPtrOutput) AggregationMethod added in v5.35.0 

func (o AlertRuleNrtEventGroupingPtrOutput) AggregationMethod() pulumi.StringPtrOutput

The aggregation type of grouping the events. Possible values are `AlertPerResult` and `SingleAlert`.

func (AlertRuleNrtEventGroupingPtrOutput) Elem added in v5.35.0 

func (o AlertRuleNrtEventGroupingPtrOutput) Elem() AlertRuleNrtEventGroupingOutput

func (AlertRuleNrtEventGroupingPtrOutput) ElementType added in v5.35.0 

func (AlertRuleNrtEventGroupingPtrOutput) ElementType() reflect.Type

func (AlertRuleNrtEventGroupingPtrOutput) ToAlertRuleNrtEventGroupingPtrOutput added in v5.35.0 

func (o AlertRuleNrtEventGroupingPtrOutput) ToAlertRuleNrtEventGroupingPtrOutput() AlertRuleNrtEventGroupingPtrOutput

func (AlertRuleNrtEventGroupingPtrOutput) ToAlertRuleNrtEventGroupingPtrOutputWithContext added in v5.35.0 

func (o AlertRuleNrtEventGroupingPtrOutput) ToAlertRuleNrtEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleNrtEventGroupingPtrOutput

type AlertRuleNrtIncident added in v5.18.0 

type AlertRuleNrtIncident struct {
	// Whether to create an incident from alerts triggered by this Sentinel NRT Alert Rule?
	CreateIncidentEnabled bool `pulumi:"createIncidentEnabled"`
	// A `grouping` block as defined below.
	Grouping AlertRuleNrtIncidentGrouping `pulumi:"grouping"`
}

type AlertRuleNrtIncidentArgs added in v5.18.0 

type AlertRuleNrtIncidentArgs struct {
	// Whether to create an incident from alerts triggered by this Sentinel NRT Alert Rule?
	CreateIncidentEnabled pulumi.BoolInput `pulumi:"createIncidentEnabled"`
	// A `grouping` block as defined below.
	Grouping AlertRuleNrtIncidentGroupingInput `pulumi:"grouping"`
}

func (AlertRuleNrtIncidentArgs) ElementType added in v5.18.0 

func (AlertRuleNrtIncidentArgs) ElementType() reflect.Type

func (AlertRuleNrtIncidentArgs) ToAlertRuleNrtIncidentOutput added in v5.18.0 

func (i AlertRuleNrtIncidentArgs) ToAlertRuleNrtIncidentOutput() AlertRuleNrtIncidentOutput

func (AlertRuleNrtIncidentArgs) ToAlertRuleNrtIncidentOutputWithContext added in v5.18.0 

func (i AlertRuleNrtIncidentArgs) ToAlertRuleNrtIncidentOutputWithContext(ctx context.Context) AlertRuleNrtIncidentOutput

func (AlertRuleNrtIncidentArgs) ToAlertRuleNrtIncidentPtrOutput added in v5.18.0 

func (i AlertRuleNrtIncidentArgs) ToAlertRuleNrtIncidentPtrOutput() AlertRuleNrtIncidentPtrOutput

func (AlertRuleNrtIncidentArgs) ToAlertRuleNrtIncidentPtrOutputWithContext added in v5.18.0 

func (i AlertRuleNrtIncidentArgs) ToAlertRuleNrtIncidentPtrOutputWithContext(ctx context.Context) AlertRuleNrtIncidentPtrOutput

type AlertRuleNrtIncidentGrouping added in v5.18.0 

type AlertRuleNrtIncidentGrouping struct {
	// A list of alert details to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `DisplayName` and `Severity`.
	ByAlertDetails []string `pulumi:"byAlertDetails"`
	// A list of custom details keys to group by, only when the `entityMatchingMethod` is `Selected`. Only keys defined in the `customDetails` may be used.
	ByCustomDetails []string `pulumi:"byCustomDetails"`
	// A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	ByEntities []string `pulumi:"byEntities"`
	// Enable grouping incidents created from alerts triggered by this Sentinel NRT Alert Rule. Defaults to `true`.
	Enabled *bool `pulumi:"enabled"`
	// The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.
	EntityMatchingMethod *string `pulumi:"entityMatchingMethod"`
	// Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.
	LookbackDuration *string `pulumi:"lookbackDuration"`
	// Whether to re-open closed matching incidents? Defaults to `false`.
	ReopenClosedIncidents *bool `pulumi:"reopenClosedIncidents"`
}

type AlertRuleNrtIncidentGroupingArgs added in v5.18.0 

type AlertRuleNrtIncidentGroupingArgs struct {
	// A list of alert details to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `DisplayName` and `Severity`.
	ByAlertDetails pulumi.StringArrayInput `pulumi:"byAlertDetails"`
	// A list of custom details keys to group by, only when the `entityMatchingMethod` is `Selected`. Only keys defined in the `customDetails` may be used.
	ByCustomDetails pulumi.StringArrayInput `pulumi:"byCustomDetails"`
	// A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	ByEntities pulumi.StringArrayInput `pulumi:"byEntities"`
	// Enable grouping incidents created from alerts triggered by this Sentinel NRT Alert Rule. Defaults to `true`.
	Enabled pulumi.BoolPtrInput `pulumi:"enabled"`
	// The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.
	EntityMatchingMethod pulumi.StringPtrInput `pulumi:"entityMatchingMethod"`
	// Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.
	LookbackDuration pulumi.StringPtrInput `pulumi:"lookbackDuration"`
	// Whether to re-open closed matching incidents? Defaults to `false`.
	ReopenClosedIncidents pulumi.BoolPtrInput `pulumi:"reopenClosedIncidents"`
}

func (AlertRuleNrtIncidentGroupingArgs) ElementType added in v5.18.0 

func (AlertRuleNrtIncidentGroupingArgs) ElementType() reflect.Type

func (AlertRuleNrtIncidentGroupingArgs) ToAlertRuleNrtIncidentGroupingOutput added in v5.18.0 

func (i AlertRuleNrtIncidentGroupingArgs) ToAlertRuleNrtIncidentGroupingOutput() AlertRuleNrtIncidentGroupingOutput

func (AlertRuleNrtIncidentGroupingArgs) ToAlertRuleNrtIncidentGroupingOutputWithContext added in v5.18.0 

func (i AlertRuleNrtIncidentGroupingArgs) ToAlertRuleNrtIncidentGroupingOutputWithContext(ctx context.Context) AlertRuleNrtIncidentGroupingOutput

func (AlertRuleNrtIncidentGroupingArgs) ToAlertRuleNrtIncidentGroupingPtrOutput added in v5.18.0 

func (i AlertRuleNrtIncidentGroupingArgs) ToAlertRuleNrtIncidentGroupingPtrOutput() AlertRuleNrtIncidentGroupingPtrOutput

func (AlertRuleNrtIncidentGroupingArgs) ToAlertRuleNrtIncidentGroupingPtrOutputWithContext added in v5.18.0 

func (i AlertRuleNrtIncidentGroupingArgs) ToAlertRuleNrtIncidentGroupingPtrOutputWithContext(ctx context.Context) AlertRuleNrtIncidentGroupingPtrOutput

type AlertRuleNrtIncidentGroupingInput added in v5.18.0 

type AlertRuleNrtIncidentGroupingInput interface {
	pulumi.Input

	ToAlertRuleNrtIncidentGroupingOutput() AlertRuleNrtIncidentGroupingOutput
	ToAlertRuleNrtIncidentGroupingOutputWithContext(context.Context) AlertRuleNrtIncidentGroupingOutput
}

AlertRuleNrtIncidentGroupingInput is an input type that accepts AlertRuleNrtIncidentGroupingArgs and AlertRuleNrtIncidentGroupingOutput values. You can construct a concrete instance of `AlertRuleNrtIncidentGroupingInput` via: 

AlertRuleNrtIncidentGroupingArgs{...}

type AlertRuleNrtIncidentGroupingOutput added in v5.18.0 

type AlertRuleNrtIncidentGroupingOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtIncidentGroupingOutput) ByAlertDetails added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingOutput) ByAlertDetails() pulumi.StringArrayOutput

A list of alert details to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `DisplayName` and `Severity`.

func (AlertRuleNrtIncidentGroupingOutput) ByCustomDetails added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingOutput) ByCustomDetails() pulumi.StringArrayOutput

A list of custom details keys to group by, only when the `entityMatchingMethod` is `Selected`. Only keys defined in the `customDetails` may be used.

func (AlertRuleNrtIncidentGroupingOutput) ByEntities added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingOutput) ByEntities() pulumi.StringArrayOutput

A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.

func (AlertRuleNrtIncidentGroupingOutput) ElementType added in v5.18.0 

func (AlertRuleNrtIncidentGroupingOutput) ElementType() reflect.Type

func (AlertRuleNrtIncidentGroupingOutput) Enabled added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingOutput) Enabled() pulumi.BoolPtrOutput

Enable grouping incidents created from alerts triggered by this Sentinel NRT Alert Rule. Defaults to `true`.

func (AlertRuleNrtIncidentGroupingOutput) EntityMatchingMethod added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingOutput) EntityMatchingMethod() pulumi.StringPtrOutput

The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.

func (AlertRuleNrtIncidentGroupingOutput) LookbackDuration added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingOutput) LookbackDuration() pulumi.StringPtrOutput

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.

func (AlertRuleNrtIncidentGroupingOutput) ReopenClosedIncidents added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingOutput) ReopenClosedIncidents() pulumi.BoolPtrOutput

Whether to re-open closed matching incidents? Defaults to `false`.

func (AlertRuleNrtIncidentGroupingOutput) ToAlertRuleNrtIncidentGroupingOutput added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingOutput) ToAlertRuleNrtIncidentGroupingOutput() AlertRuleNrtIncidentGroupingOutput

func (AlertRuleNrtIncidentGroupingOutput) ToAlertRuleNrtIncidentGroupingOutputWithContext added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingOutput) ToAlertRuleNrtIncidentGroupingOutputWithContext(ctx context.Context) AlertRuleNrtIncidentGroupingOutput

func (AlertRuleNrtIncidentGroupingOutput) ToAlertRuleNrtIncidentGroupingPtrOutput added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingOutput) ToAlertRuleNrtIncidentGroupingPtrOutput() AlertRuleNrtIncidentGroupingPtrOutput

func (AlertRuleNrtIncidentGroupingOutput) ToAlertRuleNrtIncidentGroupingPtrOutputWithContext added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingOutput) ToAlertRuleNrtIncidentGroupingPtrOutputWithContext(ctx context.Context) AlertRuleNrtIncidentGroupingPtrOutput

type AlertRuleNrtIncidentGroupingPtrInput added in v5.18.0 

type AlertRuleNrtIncidentGroupingPtrInput interface {
	pulumi.Input

	ToAlertRuleNrtIncidentGroupingPtrOutput() AlertRuleNrtIncidentGroupingPtrOutput
	ToAlertRuleNrtIncidentGroupingPtrOutputWithContext(context.Context) AlertRuleNrtIncidentGroupingPtrOutput
}

AlertRuleNrtIncidentGroupingPtrInput is an input type that accepts AlertRuleNrtIncidentGroupingArgs, AlertRuleNrtIncidentGroupingPtr and AlertRuleNrtIncidentGroupingPtrOutput values. You can construct a concrete instance of `AlertRuleNrtIncidentGroupingPtrInput` via: 

        AlertRuleNrtIncidentGroupingArgs{...}

or:

        nil

func AlertRuleNrtIncidentGroupingPtr added in v5.18.0 

func AlertRuleNrtIncidentGroupingPtr(v *AlertRuleNrtIncidentGroupingArgs) AlertRuleNrtIncidentGroupingPtrInput

type AlertRuleNrtIncidentGroupingPtrOutput added in v5.18.0 

type AlertRuleNrtIncidentGroupingPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtIncidentGroupingPtrOutput) ByAlertDetails added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingPtrOutput) ByAlertDetails() pulumi.StringArrayOutput

A list of alert details to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `DisplayName` and `Severity`.

func (AlertRuleNrtIncidentGroupingPtrOutput) ByCustomDetails added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingPtrOutput) ByCustomDetails() pulumi.StringArrayOutput

A list of custom details keys to group by, only when the `entityMatchingMethod` is `Selected`. Only keys defined in the `customDetails` may be used.

func (AlertRuleNrtIncidentGroupingPtrOutput) ByEntities added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingPtrOutput) ByEntities() pulumi.StringArrayOutput

A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.

func (AlertRuleNrtIncidentGroupingPtrOutput) Elem added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingPtrOutput) Elem() AlertRuleNrtIncidentGroupingOutput

func (AlertRuleNrtIncidentGroupingPtrOutput) ElementType added in v5.18.0 

func (AlertRuleNrtIncidentGroupingPtrOutput) ElementType() reflect.Type

func (AlertRuleNrtIncidentGroupingPtrOutput) Enabled added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingPtrOutput) Enabled() pulumi.BoolPtrOutput

Enable grouping incidents created from alerts triggered by this Sentinel NRT Alert Rule. Defaults to `true`.

func (AlertRuleNrtIncidentGroupingPtrOutput) EntityMatchingMethod added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingPtrOutput) EntityMatchingMethod() pulumi.StringPtrOutput

The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.

func (AlertRuleNrtIncidentGroupingPtrOutput) LookbackDuration added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingPtrOutput) LookbackDuration() pulumi.StringPtrOutput

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.

func (AlertRuleNrtIncidentGroupingPtrOutput) ReopenClosedIncidents added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingPtrOutput) ReopenClosedIncidents() pulumi.BoolPtrOutput

Whether to re-open closed matching incidents? Defaults to `false`.

func (AlertRuleNrtIncidentGroupingPtrOutput) ToAlertRuleNrtIncidentGroupingPtrOutput added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingPtrOutput) ToAlertRuleNrtIncidentGroupingPtrOutput() AlertRuleNrtIncidentGroupingPtrOutput

func (AlertRuleNrtIncidentGroupingPtrOutput) ToAlertRuleNrtIncidentGroupingPtrOutputWithContext added in v5.18.0 

func (o AlertRuleNrtIncidentGroupingPtrOutput) ToAlertRuleNrtIncidentGroupingPtrOutputWithContext(ctx context.Context) AlertRuleNrtIncidentGroupingPtrOutput

type AlertRuleNrtIncidentInput added in v5.18.0 

type AlertRuleNrtIncidentInput interface {
	pulumi.Input

	ToAlertRuleNrtIncidentOutput() AlertRuleNrtIncidentOutput
	ToAlertRuleNrtIncidentOutputWithContext(context.Context) AlertRuleNrtIncidentOutput
}

AlertRuleNrtIncidentInput is an input type that accepts AlertRuleNrtIncidentArgs and AlertRuleNrtIncidentOutput values. You can construct a concrete instance of `AlertRuleNrtIncidentInput` via: 

AlertRuleNrtIncidentArgs{...}

type AlertRuleNrtIncidentOutput added in v5.18.0 

type AlertRuleNrtIncidentOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtIncidentOutput) CreateIncidentEnabled added in v5.18.0 

func (o AlertRuleNrtIncidentOutput) CreateIncidentEnabled() pulumi.BoolOutput

Whether to create an incident from alerts triggered by this Sentinel NRT Alert Rule?

func (AlertRuleNrtIncidentOutput) ElementType added in v5.18.0 

func (AlertRuleNrtIncidentOutput) ElementType() reflect.Type

func (AlertRuleNrtIncidentOutput) Grouping added in v5.18.0 

func (o AlertRuleNrtIncidentOutput) Grouping() AlertRuleNrtIncidentGroupingOutput

A `grouping` block as defined below.

func (AlertRuleNrtIncidentOutput) ToAlertRuleNrtIncidentOutput added in v5.18.0 

func (o AlertRuleNrtIncidentOutput) ToAlertRuleNrtIncidentOutput() AlertRuleNrtIncidentOutput

func (AlertRuleNrtIncidentOutput) ToAlertRuleNrtIncidentOutputWithContext added in v5.18.0 

func (o AlertRuleNrtIncidentOutput) ToAlertRuleNrtIncidentOutputWithContext(ctx context.Context) AlertRuleNrtIncidentOutput

func (AlertRuleNrtIncidentOutput) ToAlertRuleNrtIncidentPtrOutput added in v5.18.0 

func (o AlertRuleNrtIncidentOutput) ToAlertRuleNrtIncidentPtrOutput() AlertRuleNrtIncidentPtrOutput

func (AlertRuleNrtIncidentOutput) ToAlertRuleNrtIncidentPtrOutputWithContext added in v5.18.0 

func (o AlertRuleNrtIncidentOutput) ToAlertRuleNrtIncidentPtrOutputWithContext(ctx context.Context) AlertRuleNrtIncidentPtrOutput

type AlertRuleNrtIncidentPtrInput added in v5.18.0 

type AlertRuleNrtIncidentPtrInput interface {
	pulumi.Input

	ToAlertRuleNrtIncidentPtrOutput() AlertRuleNrtIncidentPtrOutput
	ToAlertRuleNrtIncidentPtrOutputWithContext(context.Context) AlertRuleNrtIncidentPtrOutput
}

AlertRuleNrtIncidentPtrInput is an input type that accepts AlertRuleNrtIncidentArgs, AlertRuleNrtIncidentPtr and AlertRuleNrtIncidentPtrOutput values. You can construct a concrete instance of `AlertRuleNrtIncidentPtrInput` via: 

        AlertRuleNrtIncidentArgs{...}

or:

        nil

func AlertRuleNrtIncidentPtr added in v5.18.0 

func AlertRuleNrtIncidentPtr(v *AlertRuleNrtIncidentArgs) AlertRuleNrtIncidentPtrInput

type AlertRuleNrtIncidentPtrOutput added in v5.18.0 

type AlertRuleNrtIncidentPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtIncidentPtrOutput) CreateIncidentEnabled added in v5.18.0 

func (o AlertRuleNrtIncidentPtrOutput) CreateIncidentEnabled() pulumi.BoolPtrOutput

Whether to create an incident from alerts triggered by this Sentinel NRT Alert Rule?

func (AlertRuleNrtIncidentPtrOutput) Elem added in v5.18.0 

func (o AlertRuleNrtIncidentPtrOutput) Elem() AlertRuleNrtIncidentOutput

func (AlertRuleNrtIncidentPtrOutput) ElementType added in v5.18.0 

func (AlertRuleNrtIncidentPtrOutput) ElementType() reflect.Type

func (AlertRuleNrtIncidentPtrOutput) Grouping added in v5.18.0 

func (o AlertRuleNrtIncidentPtrOutput) Grouping() AlertRuleNrtIncidentGroupingPtrOutput

A `grouping` block as defined below.

func (AlertRuleNrtIncidentPtrOutput) ToAlertRuleNrtIncidentPtrOutput added in v5.18.0 

func (o AlertRuleNrtIncidentPtrOutput) ToAlertRuleNrtIncidentPtrOutput() AlertRuleNrtIncidentPtrOutput

func (AlertRuleNrtIncidentPtrOutput) ToAlertRuleNrtIncidentPtrOutputWithContext added in v5.18.0 

func (o AlertRuleNrtIncidentPtrOutput) ToAlertRuleNrtIncidentPtrOutputWithContext(ctx context.Context) AlertRuleNrtIncidentPtrOutput

type AlertRuleNrtInput added in v5.18.0 

type AlertRuleNrtInput interface {
	pulumi.Input

	ToAlertRuleNrtOutput() AlertRuleNrtOutput
	ToAlertRuleNrtOutputWithContext(ctx context.Context) AlertRuleNrtOutput
}

type AlertRuleNrtMap added in v5.18.0 

type AlertRuleNrtMap map[string]AlertRuleNrtInput

func (AlertRuleNrtMap) ElementType added in v5.18.0 

func (AlertRuleNrtMap) ElementType() reflect.Type

func (AlertRuleNrtMap) ToAlertRuleNrtMapOutput added in v5.18.0 

func (i AlertRuleNrtMap) ToAlertRuleNrtMapOutput() AlertRuleNrtMapOutput

func (AlertRuleNrtMap) ToAlertRuleNrtMapOutputWithContext added in v5.18.0 

func (i AlertRuleNrtMap) ToAlertRuleNrtMapOutputWithContext(ctx context.Context) AlertRuleNrtMapOutput

type AlertRuleNrtMapInput added in v5.18.0 

type AlertRuleNrtMapInput interface {
	pulumi.Input

	ToAlertRuleNrtMapOutput() AlertRuleNrtMapOutput
	ToAlertRuleNrtMapOutputWithContext(context.Context) AlertRuleNrtMapOutput
}

AlertRuleNrtMapInput is an input type that accepts AlertRuleNrtMap and AlertRuleNrtMapOutput values. You can construct a concrete instance of `AlertRuleNrtMapInput` via: 

AlertRuleNrtMap{ "key": AlertRuleNrtArgs{...} }

type AlertRuleNrtMapOutput added in v5.18.0 

type AlertRuleNrtMapOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtMapOutput) ElementType added in v5.18.0 

func (AlertRuleNrtMapOutput) ElementType() reflect.Type

func (AlertRuleNrtMapOutput) MapIndex added in v5.18.0 

func (o AlertRuleNrtMapOutput) MapIndex(k pulumi.StringInput) AlertRuleNrtOutput

func (AlertRuleNrtMapOutput) ToAlertRuleNrtMapOutput added in v5.18.0 

func (o AlertRuleNrtMapOutput) ToAlertRuleNrtMapOutput() AlertRuleNrtMapOutput

func (AlertRuleNrtMapOutput) ToAlertRuleNrtMapOutputWithContext added in v5.18.0 

func (o AlertRuleNrtMapOutput) ToAlertRuleNrtMapOutputWithContext(ctx context.Context) AlertRuleNrtMapOutput

type AlertRuleNrtOutput added in v5.18.0 

type AlertRuleNrtOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtOutput) AlertDetailsOverrides added in v5.18.0 

func (o AlertRuleNrtOutput) AlertDetailsOverrides() AlertRuleNrtAlertDetailsOverrideArrayOutput

An `alertDetailsOverride` block as defined below.

func (AlertRuleNrtOutput) AlertRuleTemplateGuid added in v5.18.0 

func (o AlertRuleNrtOutput) AlertRuleTemplateGuid() pulumi.StringPtrOutput

The GUID of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.

func (AlertRuleNrtOutput) AlertRuleTemplateVersion added in v5.18.0 

func (o AlertRuleNrtOutput) AlertRuleTemplateVersion() pulumi.StringPtrOutput

The version of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.

func (AlertRuleNrtOutput) CustomDetails added in v5.18.0 

func (o AlertRuleNrtOutput) CustomDetails() pulumi.StringMapOutput

A map of string key-value pairs of columns to be attached to this Sentinel NRT Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.

func (AlertRuleNrtOutput) Description added in v5.18.0 

func (o AlertRuleNrtOutput) Description() pulumi.StringPtrOutput

The description of this Sentinel NRT Alert Rule.

func (AlertRuleNrtOutput) DisplayName added in v5.18.0 

func (o AlertRuleNrtOutput) DisplayName() pulumi.StringOutput

The friendly name of this Sentinel NRT Alert Rule.

func (AlertRuleNrtOutput) ElementType added in v5.18.0 

func (AlertRuleNrtOutput) ElementType() reflect.Type

func (AlertRuleNrtOutput) Enabled added in v5.18.0 

func (o AlertRuleNrtOutput) Enabled() pulumi.BoolPtrOutput

Should the Sentinel NRT Alert Rule be enabled? Defaults to `true`.

func (AlertRuleNrtOutput) EntityMappings added in v5.18.0 

func (o AlertRuleNrtOutput) EntityMappings() AlertRuleNrtEntityMappingArrayOutput

A list of `entityMapping` blocks as defined below.

func (AlertRuleNrtOutput) EventGrouping added in v5.35.0 

func (o AlertRuleNrtOutput) EventGrouping() AlertRuleNrtEventGroupingOutput

A `eventGrouping` block as defined below.

> **NOTE:** `eventGrouping` will be required in the next major version of the AzureRM Provider.

func (AlertRuleNrtOutput) Incident added in v5.18.0 

func (o AlertRuleNrtOutput) Incident() AlertRuleNrtIncidentOutput

A `incident` block as defined below.

func (AlertRuleNrtOutput) LogAnalyticsWorkspaceId added in v5.18.0 

func (o AlertRuleNrtOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace this Sentinel NRT Alert Rule belongs to. Changing this forces a new Sentinel NRT Alert Rule to be created.

func (AlertRuleNrtOutput) Name added in v5.18.0 

func (o AlertRuleNrtOutput) Name() pulumi.StringOutput

The name which should be used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.

func (AlertRuleNrtOutput) Query added in v5.18.0 

func (o AlertRuleNrtOutput) Query() pulumi.StringOutput

The query of this Sentinel NRT Alert Rule.

func (AlertRuleNrtOutput) SentinelEntityMappings added in v5.35.0 

func (o AlertRuleNrtOutput) SentinelEntityMappings() AlertRuleNrtSentinelEntityMappingArrayOutput

A list of `sentinelEntityMapping` blocks as defined below.

> **NOTE:** `entityMapping` and `sentinelEntityMapping` together can't exceed 5.

func (AlertRuleNrtOutput) Severity added in v5.18.0 

func (o AlertRuleNrtOutput) Severity() pulumi.StringOutput

The alert severity of this Sentinel NRT Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.

func (AlertRuleNrtOutput) SuppressionDuration added in v5.18.0 

func (o AlertRuleNrtOutput) SuppressionDuration() pulumi.StringPtrOutput

If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.

func (AlertRuleNrtOutput) SuppressionEnabled added in v5.18.0 

func (o AlertRuleNrtOutput) SuppressionEnabled() pulumi.BoolPtrOutput

Should the Sentinel NRT Alert Rulea stop running query after alert is generated? Defaults to `false`.

func (AlertRuleNrtOutput) Tactics added in v5.18.0 

func (o AlertRuleNrtOutput) Tactics() pulumi.StringArrayOutput

A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `ImpairProcessControl`, `InhibitResponseFunction`, `InitialAccess`, `LateralMovement`, `Persistence`, `PreAttack`, `PrivilegeEscalation`, `Reconnaissance` and `ResourceDevelopment`.

func (AlertRuleNrtOutput) Techniques added in v5.25.0 

func (o AlertRuleNrtOutput) Techniques() pulumi.StringArrayOutput

A list of techniques of attacks by which to classify the rule.

func (AlertRuleNrtOutput) ToAlertRuleNrtOutput added in v5.18.0 

func (o AlertRuleNrtOutput) ToAlertRuleNrtOutput() AlertRuleNrtOutput

func (AlertRuleNrtOutput) ToAlertRuleNrtOutputWithContext added in v5.18.0 

func (o AlertRuleNrtOutput) ToAlertRuleNrtOutputWithContext(ctx context.Context) AlertRuleNrtOutput

type AlertRuleNrtSentinelEntityMapping added in v5.35.0 

type AlertRuleNrtSentinelEntityMapping struct {
	// The column name to be mapped to the identifier.
	ColumnName string `pulumi:"columnName"`
}

type AlertRuleNrtSentinelEntityMappingArgs added in v5.35.0 

type AlertRuleNrtSentinelEntityMappingArgs struct {
	// The column name to be mapped to the identifier.
	ColumnName pulumi.StringInput `pulumi:"columnName"`
}

func (AlertRuleNrtSentinelEntityMappingArgs) ElementType added in v5.35.0 

func (AlertRuleNrtSentinelEntityMappingArgs) ElementType() reflect.Type

func (AlertRuleNrtSentinelEntityMappingArgs) ToAlertRuleNrtSentinelEntityMappingOutput added in v5.35.0 

func (i AlertRuleNrtSentinelEntityMappingArgs) ToAlertRuleNrtSentinelEntityMappingOutput() AlertRuleNrtSentinelEntityMappingOutput

func (AlertRuleNrtSentinelEntityMappingArgs) ToAlertRuleNrtSentinelEntityMappingOutputWithContext added in v5.35.0 

func (i AlertRuleNrtSentinelEntityMappingArgs) ToAlertRuleNrtSentinelEntityMappingOutputWithContext(ctx context.Context) AlertRuleNrtSentinelEntityMappingOutput

type AlertRuleNrtSentinelEntityMappingArray added in v5.35.0 

type AlertRuleNrtSentinelEntityMappingArray []AlertRuleNrtSentinelEntityMappingInput

func (AlertRuleNrtSentinelEntityMappingArray) ElementType added in v5.35.0 

func (AlertRuleNrtSentinelEntityMappingArray) ElementType() reflect.Type

func (AlertRuleNrtSentinelEntityMappingArray) ToAlertRuleNrtSentinelEntityMappingArrayOutput added in v5.35.0 

func (i AlertRuleNrtSentinelEntityMappingArray) ToAlertRuleNrtSentinelEntityMappingArrayOutput() AlertRuleNrtSentinelEntityMappingArrayOutput

func (AlertRuleNrtSentinelEntityMappingArray) ToAlertRuleNrtSentinelEntityMappingArrayOutputWithContext added in v5.35.0 

func (i AlertRuleNrtSentinelEntityMappingArray) ToAlertRuleNrtSentinelEntityMappingArrayOutputWithContext(ctx context.Context) AlertRuleNrtSentinelEntityMappingArrayOutput

type AlertRuleNrtSentinelEntityMappingArrayInput added in v5.35.0 

type AlertRuleNrtSentinelEntityMappingArrayInput interface {
	pulumi.Input

	ToAlertRuleNrtSentinelEntityMappingArrayOutput() AlertRuleNrtSentinelEntityMappingArrayOutput
	ToAlertRuleNrtSentinelEntityMappingArrayOutputWithContext(context.Context) AlertRuleNrtSentinelEntityMappingArrayOutput
}

AlertRuleNrtSentinelEntityMappingArrayInput is an input type that accepts AlertRuleNrtSentinelEntityMappingArray and AlertRuleNrtSentinelEntityMappingArrayOutput values. You can construct a concrete instance of `AlertRuleNrtSentinelEntityMappingArrayInput` via: 

AlertRuleNrtSentinelEntityMappingArray{ AlertRuleNrtSentinelEntityMappingArgs{...} }

type AlertRuleNrtSentinelEntityMappingArrayOutput added in v5.35.0 

type AlertRuleNrtSentinelEntityMappingArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtSentinelEntityMappingArrayOutput) ElementType added in v5.35.0 

func (AlertRuleNrtSentinelEntityMappingArrayOutput) ElementType() reflect.Type

func (AlertRuleNrtSentinelEntityMappingArrayOutput) Index added in v5.35.0 

func (o AlertRuleNrtSentinelEntityMappingArrayOutput) Index(i pulumi.IntInput) AlertRuleNrtSentinelEntityMappingOutput

func (AlertRuleNrtSentinelEntityMappingArrayOutput) ToAlertRuleNrtSentinelEntityMappingArrayOutput added in v5.35.0 

func (o AlertRuleNrtSentinelEntityMappingArrayOutput) ToAlertRuleNrtSentinelEntityMappingArrayOutput() AlertRuleNrtSentinelEntityMappingArrayOutput

func (AlertRuleNrtSentinelEntityMappingArrayOutput) ToAlertRuleNrtSentinelEntityMappingArrayOutputWithContext added in v5.35.0 

func (o AlertRuleNrtSentinelEntityMappingArrayOutput) ToAlertRuleNrtSentinelEntityMappingArrayOutputWithContext(ctx context.Context) AlertRuleNrtSentinelEntityMappingArrayOutput

type AlertRuleNrtSentinelEntityMappingInput added in v5.35.0 

type AlertRuleNrtSentinelEntityMappingInput interface {
	pulumi.Input

	ToAlertRuleNrtSentinelEntityMappingOutput() AlertRuleNrtSentinelEntityMappingOutput
	ToAlertRuleNrtSentinelEntityMappingOutputWithContext(context.Context) AlertRuleNrtSentinelEntityMappingOutput
}

AlertRuleNrtSentinelEntityMappingInput is an input type that accepts AlertRuleNrtSentinelEntityMappingArgs and AlertRuleNrtSentinelEntityMappingOutput values. You can construct a concrete instance of `AlertRuleNrtSentinelEntityMappingInput` via: 

AlertRuleNrtSentinelEntityMappingArgs{...}

type AlertRuleNrtSentinelEntityMappingOutput added in v5.35.0 

type AlertRuleNrtSentinelEntityMappingOutput struct{ *pulumi.OutputState }

func (AlertRuleNrtSentinelEntityMappingOutput) ColumnName added in v5.35.0 

func (o AlertRuleNrtSentinelEntityMappingOutput) ColumnName() pulumi.StringOutput

The column name to be mapped to the identifier.

func (AlertRuleNrtSentinelEntityMappingOutput) ElementType added in v5.35.0 

func (AlertRuleNrtSentinelEntityMappingOutput) ElementType() reflect.Type

func (AlertRuleNrtSentinelEntityMappingOutput) ToAlertRuleNrtSentinelEntityMappingOutput added in v5.35.0 

func (o AlertRuleNrtSentinelEntityMappingOutput) ToAlertRuleNrtSentinelEntityMappingOutput() AlertRuleNrtSentinelEntityMappingOutput

func (AlertRuleNrtSentinelEntityMappingOutput) ToAlertRuleNrtSentinelEntityMappingOutputWithContext added in v5.35.0 

func (o AlertRuleNrtSentinelEntityMappingOutput) ToAlertRuleNrtSentinelEntityMappingOutputWithContext(ctx context.Context) AlertRuleNrtSentinelEntityMappingOutput

type AlertRuleNrtState added in v5.18.0 

type AlertRuleNrtState struct {
	// An `alertDetailsOverride` block as defined below.
	AlertDetailsOverrides AlertRuleNrtAlertDetailsOverrideArrayInput
	// The GUID of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The version of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
	AlertRuleTemplateVersion pulumi.StringPtrInput
	// A map of string key-value pairs of columns to be attached to this Sentinel NRT Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
	CustomDetails pulumi.StringMapInput
	// The description of this Sentinel NRT Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel NRT Alert Rule.
	DisplayName pulumi.StringPtrInput
	// Should the Sentinel NRT Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// A list of `entityMapping` blocks as defined below.
	EntityMappings AlertRuleNrtEntityMappingArrayInput
	// A `eventGrouping` block as defined below.
	//
	// > **NOTE:** `eventGrouping` will be required in the next major version of the AzureRM Provider.
	EventGrouping AlertRuleNrtEventGroupingPtrInput
	// A `incident` block as defined below.
	Incident AlertRuleNrtIncidentPtrInput
	// The ID of the Log Analytics Workspace this Sentinel NRT Alert Rule belongs to. Changing this forces a new Sentinel NRT Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The query of this Sentinel NRT Alert Rule.
	Query pulumi.StringPtrInput
	// A list of `sentinelEntityMapping` blocks as defined below.
	//
	// > **NOTE:** `entityMapping` and `sentinelEntityMapping` together can't exceed 5.
	SentinelEntityMappings AlertRuleNrtSentinelEntityMappingArrayInput
	// The alert severity of this Sentinel NRT Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringPtrInput
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	SuppressionDuration pulumi.StringPtrInput
	// Should the Sentinel NRT Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrInput
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `ImpairProcessControl`, `InhibitResponseFunction`, `InitialAccess`, `LateralMovement`, `Persistence`, `PreAttack`, `PrivilegeEscalation`, `Reconnaissance` and `ResourceDevelopment`.
	Tactics pulumi.StringArrayInput
	// A list of techniques of attacks by which to classify the rule.
	Techniques pulumi.StringArrayInput
}

func (AlertRuleNrtState) ElementType added in v5.18.0 

func (AlertRuleNrtState) ElementType() reflect.Type

type AlertRuleScheduled 

type AlertRuleScheduled struct {
	pulumi.CustomResourceState

	// An `alertDetailsOverride` block as defined below.
	AlertDetailsOverrides AlertRuleScheduledAlertDetailsOverrideArrayOutput `pulumi:"alertDetailsOverrides"`
	// The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrOutput `pulumi:"alertRuleTemplateGuid"`
	// The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule.
	AlertRuleTemplateVersion pulumi.StringPtrOutput `pulumi:"alertRuleTemplateVersion"`
	// A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
	CustomDetails pulumi.StringMapOutput `pulumi:"customDetails"`
	// The description of this Sentinel Scheduled Alert Rule.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The friendly name of this Sentinel Scheduled Alert Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// A list of `entityMapping` blocks as defined below.
	EntityMappings AlertRuleScheduledEntityMappingArrayOutput `pulumi:"entityMappings"`
	// A `eventGrouping` block as defined below.
	EventGrouping AlertRuleScheduledEventGroupingPtrOutput `pulumi:"eventGrouping"`
	// A `incident` block as defined below.
	Incident AlertRuleScheduledIncidentOutput `pulumi:"incident"`
	// Deprecated: The `incidentConfiguration` block has been superseded by the `incident` block and will be removed in v4.0 of the AzureRM Provider
	IncidentConfiguration AlertRuleScheduledIncidentConfigurationOutput `pulumi:"incidentConfiguration"`
	// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The query of this Sentinel Scheduled Alert Rule.
	Query pulumi.StringOutput `pulumi:"query"`
	// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
	QueryFrequency pulumi.StringPtrOutput `pulumi:"queryFrequency"`
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
	//
	// > **NOTE** `queryPeriod` must larger than or equal to `queryFrequency`, which ensures there is no gaps in the overall query coverage.
	QueryPeriod pulumi.StringPtrOutput `pulumi:"queryPeriod"`
	// A list of `sentinelEntityMapping` blocks as defined below.
	//
	// > **NOTE:** `entityMapping` and `sentinelEntityMapping` together can't exceed 5.
	SentinelEntityMappings AlertRuleScheduledSentinelEntityMappingArrayOutput `pulumi:"sentinelEntityMappings"`
	// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringOutput `pulumi:"severity"`
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	//
	// > **NOTE** `suppressionDuration` must larger than or equal to `queryFrequency`, otherwise the suppression has no actual effect since no query will happen during the suppression duration.
	SuppressionDuration pulumi.StringPtrOutput `pulumi:"suppressionDuration"`
	// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrOutput `pulumi:"suppressionEnabled"`
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.
	Tactics pulumi.StringArrayOutput `pulumi:"tactics"`
	// A list of techniques of attacks by which to classify the rule.
	Techniques pulumi.StringArrayOutput `pulumi:"techniques"`
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`. Defaults to `GreaterThan`.
	TriggerOperator pulumi.StringPtrOutput `pulumi:"triggerOperator"`
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule. Defaults to `0`.
	TriggerThreshold pulumi.IntPtrOutput `pulumi:"triggerThreshold"`
}

Manages a Sentinel Scheduled Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleScheduled(ctx, "example", &sentinel.AlertRuleScheduledArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("example"),
			Severity:                pulumi.String("High"),
			Query:                   pulumi.String("AzureActivity |\n  where OperationName == \"Create or Update Virtual Machine\" or OperationName ==\"Create Deployment\" |\n  where ActivityStatus == \"Succeeded\" |\n  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller\n"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Scheduled Alert Rules can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/alertRuleScheduled:AlertRuleScheduled example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1 ```

func GetAlertRuleScheduled 

func GetAlertRuleScheduled(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleScheduledState, opts ...pulumi.ResourceOption) (*AlertRuleScheduled, error)

GetAlertRuleScheduled gets an existing AlertRuleScheduled resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleScheduled 

func NewAlertRuleScheduled(ctx *pulumi.Context,
	name string, args *AlertRuleScheduledArgs, opts ...pulumi.ResourceOption) (*AlertRuleScheduled, error)

NewAlertRuleScheduled registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleScheduled) ElementType 

func (*AlertRuleScheduled) ElementType() reflect.Type

func (*AlertRuleScheduled) ToAlertRuleScheduledOutput 

func (i *AlertRuleScheduled) ToAlertRuleScheduledOutput() AlertRuleScheduledOutput

func (*AlertRuleScheduled) ToAlertRuleScheduledOutputWithContext 

func (i *AlertRuleScheduled) ToAlertRuleScheduledOutputWithContext(ctx context.Context) AlertRuleScheduledOutput

type AlertRuleScheduledAlertDetailsOverride 

type AlertRuleScheduledAlertDetailsOverride struct {
	// The format containing columns name(s) to override the description of this Sentinel Alert Rule.
	DescriptionFormat *string `pulumi:"descriptionFormat"`
	// The format containing columns name(s) to override the name of this Sentinel Alert Rule.
	DisplayNameFormat *string `pulumi:"displayNameFormat"`
	// A list of `dynamicProperty` blocks as defined below.
	DynamicProperties []AlertRuleScheduledAlertDetailsOverrideDynamicProperty `pulumi:"dynamicProperties"`
	// The column name to take the alert severity from.
	SeverityColumnName *string `pulumi:"severityColumnName"`
	// The column name to take the alert tactics from.
	TacticsColumnName *string `pulumi:"tacticsColumnName"`
}

type AlertRuleScheduledAlertDetailsOverrideArgs 

type AlertRuleScheduledAlertDetailsOverrideArgs struct {
	// The format containing columns name(s) to override the description of this Sentinel Alert Rule.
	DescriptionFormat pulumi.StringPtrInput `pulumi:"descriptionFormat"`
	// The format containing columns name(s) to override the name of this Sentinel Alert Rule.
	DisplayNameFormat pulumi.StringPtrInput `pulumi:"displayNameFormat"`
	// A list of `dynamicProperty` blocks as defined below.
	DynamicProperties AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayInput `pulumi:"dynamicProperties"`
	// The column name to take the alert severity from.
	SeverityColumnName pulumi.StringPtrInput `pulumi:"severityColumnName"`
	// The column name to take the alert tactics from.
	TacticsColumnName pulumi.StringPtrInput `pulumi:"tacticsColumnName"`
}

func (AlertRuleScheduledAlertDetailsOverrideArgs) ElementType 

func (AlertRuleScheduledAlertDetailsOverrideArgs) ElementType() reflect.Type

func (AlertRuleScheduledAlertDetailsOverrideArgs) ToAlertRuleScheduledAlertDetailsOverrideOutput 

func (i AlertRuleScheduledAlertDetailsOverrideArgs) ToAlertRuleScheduledAlertDetailsOverrideOutput() AlertRuleScheduledAlertDetailsOverrideOutput

func (AlertRuleScheduledAlertDetailsOverrideArgs) ToAlertRuleScheduledAlertDetailsOverrideOutputWithContext 

func (i AlertRuleScheduledAlertDetailsOverrideArgs) ToAlertRuleScheduledAlertDetailsOverrideOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideOutput

type AlertRuleScheduledAlertDetailsOverrideArray 

type AlertRuleScheduledAlertDetailsOverrideArray []AlertRuleScheduledAlertDetailsOverrideInput

func (AlertRuleScheduledAlertDetailsOverrideArray) ElementType 

func (AlertRuleScheduledAlertDetailsOverrideArray) ElementType() reflect.Type

func (AlertRuleScheduledAlertDetailsOverrideArray) ToAlertRuleScheduledAlertDetailsOverrideArrayOutput 

func (i AlertRuleScheduledAlertDetailsOverrideArray) ToAlertRuleScheduledAlertDetailsOverrideArrayOutput() AlertRuleScheduledAlertDetailsOverrideArrayOutput

func (AlertRuleScheduledAlertDetailsOverrideArray) ToAlertRuleScheduledAlertDetailsOverrideArrayOutputWithContext 

func (i AlertRuleScheduledAlertDetailsOverrideArray) ToAlertRuleScheduledAlertDetailsOverrideArrayOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideArrayOutput

type AlertRuleScheduledAlertDetailsOverrideArrayInput 

type AlertRuleScheduledAlertDetailsOverrideArrayInput interface {
	pulumi.Input

	ToAlertRuleScheduledAlertDetailsOverrideArrayOutput() AlertRuleScheduledAlertDetailsOverrideArrayOutput
	ToAlertRuleScheduledAlertDetailsOverrideArrayOutputWithContext(context.Context) AlertRuleScheduledAlertDetailsOverrideArrayOutput
}

AlertRuleScheduledAlertDetailsOverrideArrayInput is an input type that accepts AlertRuleScheduledAlertDetailsOverrideArray and AlertRuleScheduledAlertDetailsOverrideArrayOutput values. You can construct a concrete instance of `AlertRuleScheduledAlertDetailsOverrideArrayInput` via: 

AlertRuleScheduledAlertDetailsOverrideArray{ AlertRuleScheduledAlertDetailsOverrideArgs{...} }

type AlertRuleScheduledAlertDetailsOverrideArrayOutput 

type AlertRuleScheduledAlertDetailsOverrideArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledAlertDetailsOverrideArrayOutput) ElementType 

func (AlertRuleScheduledAlertDetailsOverrideArrayOutput) ElementType() reflect.Type

func (AlertRuleScheduledAlertDetailsOverrideArrayOutput) Index 

func (o AlertRuleScheduledAlertDetailsOverrideArrayOutput) Index(i pulumi.IntInput) AlertRuleScheduledAlertDetailsOverrideOutput

func (AlertRuleScheduledAlertDetailsOverrideArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideArrayOutput 

func (o AlertRuleScheduledAlertDetailsOverrideArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideArrayOutput() AlertRuleScheduledAlertDetailsOverrideArrayOutput

func (AlertRuleScheduledAlertDetailsOverrideArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideArrayOutputWithContext 

func (o AlertRuleScheduledAlertDetailsOverrideArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideArrayOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideArrayOutput

type AlertRuleScheduledAlertDetailsOverrideDynamicProperty added in v5.35.0 

type AlertRuleScheduledAlertDetailsOverrideDynamicProperty struct {
	// The name of the dynamic property. Possible Values are `AlertLink`, `ConfidenceLevel`, `ConfidenceScore`, `ExtendedLinks`, `ProductComponentName`, `ProductName`, `ProviderName`, `RemediationSteps` and `Techniques`.
	Name string `pulumi:"name"`
	// The value of the dynamic property. Pssible Values are `Caller`, `dcount_ResourceId` and `EventSubmissionTimestamp`.
	Value string `pulumi:"value"`
}

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArgs added in v5.35.0 

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArgs struct {
	// The name of the dynamic property. Possible Values are `AlertLink`, `ConfidenceLevel`, `ConfidenceScore`, `ExtendedLinks`, `ProductComponentName`, `ProductName`, `ProviderName`, `RemediationSteps` and `Techniques`.
	Name pulumi.StringInput `pulumi:"name"`
	// The value of the dynamic property. Pssible Values are `Caller`, `dcount_ResourceId` and `EventSubmissionTimestamp`.
	Value pulumi.StringInput `pulumi:"value"`
}

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArgs) ElementType added in v5.35.0 

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArgs) ElementType() reflect.Type

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArgs) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput added in v5.35.0 

func (i AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArgs) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput() AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArgs) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutputWithContext added in v5.35.0 

func (i AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArgs) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArray added in v5.35.0 

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArray []AlertRuleScheduledAlertDetailsOverrideDynamicPropertyInput

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArray) ElementType added in v5.35.0 

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArray) ElementType() reflect.Type

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArray) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput added in v5.35.0 

func (i AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArray) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput() AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArray) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutputWithContext added in v5.35.0 

func (i AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArray) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayInput added in v5.35.0 

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayInput interface {
	pulumi.Input

	ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput() AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput
	ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutputWithContext(context.Context) AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput
}

AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayInput is an input type that accepts AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArray and AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput values. You can construct a concrete instance of `AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayInput` via: 

AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArray{ AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArgs{...} }

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput added in v5.35.0 

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput) ElementType added in v5.35.0 

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput) ElementType() reflect.Type

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput) Index added in v5.35.0 

func (o AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput) Index(i pulumi.IntInput) AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput added in v5.35.0 

func (o AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput() AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutputWithContext added in v5.35.0 

func (o AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyInput added in v5.35.0 

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyInput interface {
	pulumi.Input

	ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput() AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput
	ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutputWithContext(context.Context) AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput
}

AlertRuleScheduledAlertDetailsOverrideDynamicPropertyInput is an input type that accepts AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArgs and AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput values. You can construct a concrete instance of `AlertRuleScheduledAlertDetailsOverrideDynamicPropertyInput` via: 

AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArgs{...}

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput added in v5.35.0 

type AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput) ElementType added in v5.35.0 

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput) ElementType() reflect.Type

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput) Name added in v5.35.0 

func (o AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput) Name() pulumi.StringOutput

The name of the dynamic property. Possible Values are `AlertLink`, `ConfidenceLevel`, `ConfidenceScore`, `ExtendedLinks`, `ProductComponentName`, `ProductName`, `ProviderName`, `RemediationSteps` and `Techniques`.

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput added in v5.35.0 

func (o AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput() AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutputWithContext added in v5.35.0 

func (o AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput) ToAlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput

func (AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput) Value added in v5.35.0 

func (o AlertRuleScheduledAlertDetailsOverrideDynamicPropertyOutput) Value() pulumi.StringOutput

The value of the dynamic property. Pssible Values are `Caller`, `dcount_ResourceId` and `EventSubmissionTimestamp`.

type AlertRuleScheduledAlertDetailsOverrideInput 

type AlertRuleScheduledAlertDetailsOverrideInput interface {
	pulumi.Input

	ToAlertRuleScheduledAlertDetailsOverrideOutput() AlertRuleScheduledAlertDetailsOverrideOutput
	ToAlertRuleScheduledAlertDetailsOverrideOutputWithContext(context.Context) AlertRuleScheduledAlertDetailsOverrideOutput
}

AlertRuleScheduledAlertDetailsOverrideInput is an input type that accepts AlertRuleScheduledAlertDetailsOverrideArgs and AlertRuleScheduledAlertDetailsOverrideOutput values. You can construct a concrete instance of `AlertRuleScheduledAlertDetailsOverrideInput` via: 

AlertRuleScheduledAlertDetailsOverrideArgs{...}

type AlertRuleScheduledAlertDetailsOverrideOutput 

type AlertRuleScheduledAlertDetailsOverrideOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledAlertDetailsOverrideOutput) DescriptionFormat 

func (o AlertRuleScheduledAlertDetailsOverrideOutput) DescriptionFormat() pulumi.StringPtrOutput

The format containing columns name(s) to override the description of this Sentinel Alert Rule.

func (AlertRuleScheduledAlertDetailsOverrideOutput) DisplayNameFormat 

func (o AlertRuleScheduledAlertDetailsOverrideOutput) DisplayNameFormat() pulumi.StringPtrOutput

The format containing columns name(s) to override the name of this Sentinel Alert Rule.

func (AlertRuleScheduledAlertDetailsOverrideOutput) DynamicProperties added in v5.35.0 

func (o AlertRuleScheduledAlertDetailsOverrideOutput) DynamicProperties() AlertRuleScheduledAlertDetailsOverrideDynamicPropertyArrayOutput

A list of `dynamicProperty` blocks as defined below.

func (AlertRuleScheduledAlertDetailsOverrideOutput) ElementType 

func (AlertRuleScheduledAlertDetailsOverrideOutput) ElementType() reflect.Type

func (AlertRuleScheduledAlertDetailsOverrideOutput) SeverityColumnName 

func (o AlertRuleScheduledAlertDetailsOverrideOutput) SeverityColumnName() pulumi.StringPtrOutput

The column name to take the alert severity from.

func (AlertRuleScheduledAlertDetailsOverrideOutput) TacticsColumnName 

func (o AlertRuleScheduledAlertDetailsOverrideOutput) TacticsColumnName() pulumi.StringPtrOutput

The column name to take the alert tactics from.

func (AlertRuleScheduledAlertDetailsOverrideOutput) ToAlertRuleScheduledAlertDetailsOverrideOutput 

func (o AlertRuleScheduledAlertDetailsOverrideOutput) ToAlertRuleScheduledAlertDetailsOverrideOutput() AlertRuleScheduledAlertDetailsOverrideOutput

func (AlertRuleScheduledAlertDetailsOverrideOutput) ToAlertRuleScheduledAlertDetailsOverrideOutputWithContext 

func (o AlertRuleScheduledAlertDetailsOverrideOutput) ToAlertRuleScheduledAlertDetailsOverrideOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideOutput

type AlertRuleScheduledArgs 

type AlertRuleScheduledArgs struct {
	// An `alertDetailsOverride` block as defined below.
	AlertDetailsOverrides AlertRuleScheduledAlertDetailsOverrideArrayInput
	// The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule.
	AlertRuleTemplateVersion pulumi.StringPtrInput
	// A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
	CustomDetails pulumi.StringMapInput
	// The description of this Sentinel Scheduled Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel Scheduled Alert Rule.
	DisplayName pulumi.StringInput
	// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// A list of `entityMapping` blocks as defined below.
	EntityMappings AlertRuleScheduledEntityMappingArrayInput
	// A `eventGrouping` block as defined below.
	EventGrouping AlertRuleScheduledEventGroupingPtrInput
	// A `incident` block as defined below.
	Incident AlertRuleScheduledIncidentPtrInput
	// Deprecated: The `incidentConfiguration` block has been superseded by the `incident` block and will be removed in v4.0 of the AzureRM Provider
	IncidentConfiguration AlertRuleScheduledIncidentConfigurationPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The query of this Sentinel Scheduled Alert Rule.
	Query pulumi.StringInput
	// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
	QueryFrequency pulumi.StringPtrInput
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
	//
	// > **NOTE** `queryPeriod` must larger than or equal to `queryFrequency`, which ensures there is no gaps in the overall query coverage.
	QueryPeriod pulumi.StringPtrInput
	// A list of `sentinelEntityMapping` blocks as defined below.
	//
	// > **NOTE:** `entityMapping` and `sentinelEntityMapping` together can't exceed 5.
	SentinelEntityMappings AlertRuleScheduledSentinelEntityMappingArrayInput
	// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringInput
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	//
	// > **NOTE** `suppressionDuration` must larger than or equal to `queryFrequency`, otherwise the suppression has no actual effect since no query will happen during the suppression duration.
	SuppressionDuration pulumi.StringPtrInput
	// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrInput
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.
	Tactics pulumi.StringArrayInput
	// A list of techniques of attacks by which to classify the rule.
	Techniques pulumi.StringArrayInput
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`. Defaults to `GreaterThan`.
	TriggerOperator pulumi.StringPtrInput
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule. Defaults to `0`.
	TriggerThreshold pulumi.IntPtrInput
}

The set of arguments for constructing a AlertRuleScheduled resource.

func (AlertRuleScheduledArgs) ElementType 

func (AlertRuleScheduledArgs) ElementType() reflect.Type

type AlertRuleScheduledArray 

type AlertRuleScheduledArray []AlertRuleScheduledInput

func (AlertRuleScheduledArray) ElementType 

func (AlertRuleScheduledArray) ElementType() reflect.Type

func (AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutput 

func (i AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutput() AlertRuleScheduledArrayOutput

func (AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutputWithContext 

func (i AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutputWithContext(ctx context.Context) AlertRuleScheduledArrayOutput

type AlertRuleScheduledArrayInput 

type AlertRuleScheduledArrayInput interface {
	pulumi.Input

	ToAlertRuleScheduledArrayOutput() AlertRuleScheduledArrayOutput
	ToAlertRuleScheduledArrayOutputWithContext(context.Context) AlertRuleScheduledArrayOutput
}

AlertRuleScheduledArrayInput is an input type that accepts AlertRuleScheduledArray and AlertRuleScheduledArrayOutput values. You can construct a concrete instance of `AlertRuleScheduledArrayInput` via: 

AlertRuleScheduledArray{ AlertRuleScheduledArgs{...} }

type AlertRuleScheduledArrayOutput 

type AlertRuleScheduledArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledArrayOutput) ElementType 

func (AlertRuleScheduledArrayOutput) ElementType() reflect.Type

func (AlertRuleScheduledArrayOutput) Index 

func (o AlertRuleScheduledArrayOutput) Index(i pulumi.IntInput) AlertRuleScheduledOutput

func (AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutput 

func (o AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutput() AlertRuleScheduledArrayOutput

func (AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutputWithContext 

func (o AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutputWithContext(ctx context.Context) AlertRuleScheduledArrayOutput

type AlertRuleScheduledEntityMapping 

type AlertRuleScheduledEntityMapping struct {
	// The type of the entity. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	EntityType string `pulumi:"entityType"`
	// A list of `fieldMapping` blocks as defined below.
	FieldMappings []AlertRuleScheduledEntityMappingFieldMapping `pulumi:"fieldMappings"`
}

type AlertRuleScheduledEntityMappingArgs 

type AlertRuleScheduledEntityMappingArgs struct {
	// The type of the entity. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	EntityType pulumi.StringInput `pulumi:"entityType"`
	// A list of `fieldMapping` blocks as defined below.
	FieldMappings AlertRuleScheduledEntityMappingFieldMappingArrayInput `pulumi:"fieldMappings"`
}

func (AlertRuleScheduledEntityMappingArgs) ElementType 

func (AlertRuleScheduledEntityMappingArgs) ElementType() reflect.Type

func (AlertRuleScheduledEntityMappingArgs) ToAlertRuleScheduledEntityMappingOutput 

func (i AlertRuleScheduledEntityMappingArgs) ToAlertRuleScheduledEntityMappingOutput() AlertRuleScheduledEntityMappingOutput

func (AlertRuleScheduledEntityMappingArgs) ToAlertRuleScheduledEntityMappingOutputWithContext 

func (i AlertRuleScheduledEntityMappingArgs) ToAlertRuleScheduledEntityMappingOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingOutput

type AlertRuleScheduledEntityMappingArray 

type AlertRuleScheduledEntityMappingArray []AlertRuleScheduledEntityMappingInput

func (AlertRuleScheduledEntityMappingArray) ElementType 

func (AlertRuleScheduledEntityMappingArray) ElementType() reflect.Type

func (AlertRuleScheduledEntityMappingArray) ToAlertRuleScheduledEntityMappingArrayOutput 

func (i AlertRuleScheduledEntityMappingArray) ToAlertRuleScheduledEntityMappingArrayOutput() AlertRuleScheduledEntityMappingArrayOutput

func (AlertRuleScheduledEntityMappingArray) ToAlertRuleScheduledEntityMappingArrayOutputWithContext 

func (i AlertRuleScheduledEntityMappingArray) ToAlertRuleScheduledEntityMappingArrayOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingArrayOutput

type AlertRuleScheduledEntityMappingArrayInput 

type AlertRuleScheduledEntityMappingArrayInput interface {
	pulumi.Input

	ToAlertRuleScheduledEntityMappingArrayOutput() AlertRuleScheduledEntityMappingArrayOutput
	ToAlertRuleScheduledEntityMappingArrayOutputWithContext(context.Context) AlertRuleScheduledEntityMappingArrayOutput
}

AlertRuleScheduledEntityMappingArrayInput is an input type that accepts AlertRuleScheduledEntityMappingArray and AlertRuleScheduledEntityMappingArrayOutput values. You can construct a concrete instance of `AlertRuleScheduledEntityMappingArrayInput` via: 

AlertRuleScheduledEntityMappingArray{ AlertRuleScheduledEntityMappingArgs{...} }

type AlertRuleScheduledEntityMappingArrayOutput 

type AlertRuleScheduledEntityMappingArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEntityMappingArrayOutput) ElementType 

func (AlertRuleScheduledEntityMappingArrayOutput) ElementType() reflect.Type

func (AlertRuleScheduledEntityMappingArrayOutput) Index 

func (o AlertRuleScheduledEntityMappingArrayOutput) Index(i pulumi.IntInput) AlertRuleScheduledEntityMappingOutput

func (AlertRuleScheduledEntityMappingArrayOutput) ToAlertRuleScheduledEntityMappingArrayOutput 

func (o AlertRuleScheduledEntityMappingArrayOutput) ToAlertRuleScheduledEntityMappingArrayOutput() AlertRuleScheduledEntityMappingArrayOutput

func (AlertRuleScheduledEntityMappingArrayOutput) ToAlertRuleScheduledEntityMappingArrayOutputWithContext 

func (o AlertRuleScheduledEntityMappingArrayOutput) ToAlertRuleScheduledEntityMappingArrayOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingArrayOutput

type AlertRuleScheduledEntityMappingFieldMapping 

type AlertRuleScheduledEntityMappingFieldMapping struct {
	// The column name to be mapped to the identifier.
	ColumnName string `pulumi:"columnName"`
	// The identifier of the entity.
	Identifier string `pulumi:"identifier"`
}

type AlertRuleScheduledEntityMappingFieldMappingArgs 

type AlertRuleScheduledEntityMappingFieldMappingArgs struct {
	// The column name to be mapped to the identifier.
	ColumnName pulumi.StringInput `pulumi:"columnName"`
	// The identifier of the entity.
	Identifier pulumi.StringInput `pulumi:"identifier"`
}

func (AlertRuleScheduledEntityMappingFieldMappingArgs) ElementType 

func (AlertRuleScheduledEntityMappingFieldMappingArgs) ElementType() reflect.Type

func (AlertRuleScheduledEntityMappingFieldMappingArgs) ToAlertRuleScheduledEntityMappingFieldMappingOutput 

func (i AlertRuleScheduledEntityMappingFieldMappingArgs) ToAlertRuleScheduledEntityMappingFieldMappingOutput() AlertRuleScheduledEntityMappingFieldMappingOutput

func (AlertRuleScheduledEntityMappingFieldMappingArgs) ToAlertRuleScheduledEntityMappingFieldMappingOutputWithContext 

func (i AlertRuleScheduledEntityMappingFieldMappingArgs) ToAlertRuleScheduledEntityMappingFieldMappingOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingFieldMappingOutput

type AlertRuleScheduledEntityMappingFieldMappingArray 

type AlertRuleScheduledEntityMappingFieldMappingArray []AlertRuleScheduledEntityMappingFieldMappingInput

func (AlertRuleScheduledEntityMappingFieldMappingArray) ElementType 

func (AlertRuleScheduledEntityMappingFieldMappingArray) ElementType() reflect.Type

func (AlertRuleScheduledEntityMappingFieldMappingArray) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutput 

func (i AlertRuleScheduledEntityMappingFieldMappingArray) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutput() AlertRuleScheduledEntityMappingFieldMappingArrayOutput

func (AlertRuleScheduledEntityMappingFieldMappingArray) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutputWithContext 

func (i AlertRuleScheduledEntityMappingFieldMappingArray) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingFieldMappingArrayOutput

type AlertRuleScheduledEntityMappingFieldMappingArrayInput 

type AlertRuleScheduledEntityMappingFieldMappingArrayInput interface {
	pulumi.Input

	ToAlertRuleScheduledEntityMappingFieldMappingArrayOutput() AlertRuleScheduledEntityMappingFieldMappingArrayOutput
	ToAlertRuleScheduledEntityMappingFieldMappingArrayOutputWithContext(context.Context) AlertRuleScheduledEntityMappingFieldMappingArrayOutput
}

AlertRuleScheduledEntityMappingFieldMappingArrayInput is an input type that accepts AlertRuleScheduledEntityMappingFieldMappingArray and AlertRuleScheduledEntityMappingFieldMappingArrayOutput values. You can construct a concrete instance of `AlertRuleScheduledEntityMappingFieldMappingArrayInput` via: 

AlertRuleScheduledEntityMappingFieldMappingArray{ AlertRuleScheduledEntityMappingFieldMappingArgs{...} }

type AlertRuleScheduledEntityMappingFieldMappingArrayOutput 

type AlertRuleScheduledEntityMappingFieldMappingArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEntityMappingFieldMappingArrayOutput) ElementType 

func (AlertRuleScheduledEntityMappingFieldMappingArrayOutput) ElementType() reflect.Type

func (AlertRuleScheduledEntityMappingFieldMappingArrayOutput) Index 

func (o AlertRuleScheduledEntityMappingFieldMappingArrayOutput) Index(i pulumi.IntInput) AlertRuleScheduledEntityMappingFieldMappingOutput

func (AlertRuleScheduledEntityMappingFieldMappingArrayOutput) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutput 

func (o AlertRuleScheduledEntityMappingFieldMappingArrayOutput) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutput() AlertRuleScheduledEntityMappingFieldMappingArrayOutput

func (AlertRuleScheduledEntityMappingFieldMappingArrayOutput) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutputWithContext 

func (o AlertRuleScheduledEntityMappingFieldMappingArrayOutput) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingFieldMappingArrayOutput

type AlertRuleScheduledEntityMappingFieldMappingInput 

type AlertRuleScheduledEntityMappingFieldMappingInput interface {
	pulumi.Input

	ToAlertRuleScheduledEntityMappingFieldMappingOutput() AlertRuleScheduledEntityMappingFieldMappingOutput
	ToAlertRuleScheduledEntityMappingFieldMappingOutputWithContext(context.Context) AlertRuleScheduledEntityMappingFieldMappingOutput
}

AlertRuleScheduledEntityMappingFieldMappingInput is an input type that accepts AlertRuleScheduledEntityMappingFieldMappingArgs and AlertRuleScheduledEntityMappingFieldMappingOutput values. You can construct a concrete instance of `AlertRuleScheduledEntityMappingFieldMappingInput` via: 

AlertRuleScheduledEntityMappingFieldMappingArgs{...}

type AlertRuleScheduledEntityMappingFieldMappingOutput 

type AlertRuleScheduledEntityMappingFieldMappingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEntityMappingFieldMappingOutput) ColumnName 

func (o AlertRuleScheduledEntityMappingFieldMappingOutput) ColumnName() pulumi.StringOutput

The column name to be mapped to the identifier.

func (AlertRuleScheduledEntityMappingFieldMappingOutput) ElementType 

func (AlertRuleScheduledEntityMappingFieldMappingOutput) ElementType() reflect.Type

func (AlertRuleScheduledEntityMappingFieldMappingOutput) Identifier 

func (o AlertRuleScheduledEntityMappingFieldMappingOutput) Identifier() pulumi.StringOutput

The identifier of the entity.

func (AlertRuleScheduledEntityMappingFieldMappingOutput) ToAlertRuleScheduledEntityMappingFieldMappingOutput 

func (o AlertRuleScheduledEntityMappingFieldMappingOutput) ToAlertRuleScheduledEntityMappingFieldMappingOutput() AlertRuleScheduledEntityMappingFieldMappingOutput

func (AlertRuleScheduledEntityMappingFieldMappingOutput) ToAlertRuleScheduledEntityMappingFieldMappingOutputWithContext 

func (o AlertRuleScheduledEntityMappingFieldMappingOutput) ToAlertRuleScheduledEntityMappingFieldMappingOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingFieldMappingOutput

type AlertRuleScheduledEntityMappingInput 

type AlertRuleScheduledEntityMappingInput interface {
	pulumi.Input

	ToAlertRuleScheduledEntityMappingOutput() AlertRuleScheduledEntityMappingOutput
	ToAlertRuleScheduledEntityMappingOutputWithContext(context.Context) AlertRuleScheduledEntityMappingOutput
}

AlertRuleScheduledEntityMappingInput is an input type that accepts AlertRuleScheduledEntityMappingArgs and AlertRuleScheduledEntityMappingOutput values. You can construct a concrete instance of `AlertRuleScheduledEntityMappingInput` via: 

AlertRuleScheduledEntityMappingArgs{...}

type AlertRuleScheduledEntityMappingOutput 

type AlertRuleScheduledEntityMappingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEntityMappingOutput) ElementType 

func (AlertRuleScheduledEntityMappingOutput) ElementType() reflect.Type

func (AlertRuleScheduledEntityMappingOutput) EntityType 

func (o AlertRuleScheduledEntityMappingOutput) EntityType() pulumi.StringOutput

The type of the entity. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.

func (AlertRuleScheduledEntityMappingOutput) FieldMappings 

func (o AlertRuleScheduledEntityMappingOutput) FieldMappings() AlertRuleScheduledEntityMappingFieldMappingArrayOutput

A list of `fieldMapping` blocks as defined below.

func (AlertRuleScheduledEntityMappingOutput) ToAlertRuleScheduledEntityMappingOutput 

func (o AlertRuleScheduledEntityMappingOutput) ToAlertRuleScheduledEntityMappingOutput() AlertRuleScheduledEntityMappingOutput

func (AlertRuleScheduledEntityMappingOutput) ToAlertRuleScheduledEntityMappingOutputWithContext 

func (o AlertRuleScheduledEntityMappingOutput) ToAlertRuleScheduledEntityMappingOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingOutput

type AlertRuleScheduledEventGrouping 

type AlertRuleScheduledEventGrouping struct {
	// The aggregation type of grouping the events. Possible values are `AlertPerResult` and `SingleAlert`.
	AggregationMethod string `pulumi:"aggregationMethod"`
}

type AlertRuleScheduledEventGroupingArgs 

type AlertRuleScheduledEventGroupingArgs struct {
	// The aggregation type of grouping the events. Possible values are `AlertPerResult` and `SingleAlert`.
	AggregationMethod pulumi.StringInput `pulumi:"aggregationMethod"`
}

func (AlertRuleScheduledEventGroupingArgs) ElementType 

func (AlertRuleScheduledEventGroupingArgs) ElementType() reflect.Type

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutput 

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutput() AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutputWithContext 

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutput 

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutputWithContext 

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingPtrOutput

type AlertRuleScheduledEventGroupingInput 

type AlertRuleScheduledEventGroupingInput interface {
	pulumi.Input

	ToAlertRuleScheduledEventGroupingOutput() AlertRuleScheduledEventGroupingOutput
	ToAlertRuleScheduledEventGroupingOutputWithContext(context.Context) AlertRuleScheduledEventGroupingOutput
}

AlertRuleScheduledEventGroupingInput is an input type that accepts AlertRuleScheduledEventGroupingArgs and AlertRuleScheduledEventGroupingOutput values. You can construct a concrete instance of `AlertRuleScheduledEventGroupingInput` via: 

AlertRuleScheduledEventGroupingArgs{...}

type AlertRuleScheduledEventGroupingOutput 

type AlertRuleScheduledEventGroupingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEventGroupingOutput) AggregationMethod 

func (o AlertRuleScheduledEventGroupingOutput) AggregationMethod() pulumi.StringOutput

The aggregation type of grouping the events. Possible values are `AlertPerResult` and `SingleAlert`.

func (AlertRuleScheduledEventGroupingOutput) ElementType 

func (AlertRuleScheduledEventGroupingOutput) ElementType() reflect.Type

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutput 

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutput() AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutputWithContext 

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutput 

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext 

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingPtrOutput

type AlertRuleScheduledEventGroupingPtrInput 

type AlertRuleScheduledEventGroupingPtrInput interface {
	pulumi.Input

	ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput
	ToAlertRuleScheduledEventGroupingPtrOutputWithContext(context.Context) AlertRuleScheduledEventGroupingPtrOutput
}

AlertRuleScheduledEventGroupingPtrInput is an input type that accepts AlertRuleScheduledEventGroupingArgs, AlertRuleScheduledEventGroupingPtr and AlertRuleScheduledEventGroupingPtrOutput values. You can construct a concrete instance of `AlertRuleScheduledEventGroupingPtrInput` via: 

        AlertRuleScheduledEventGroupingArgs{...}

or:

        nil

func AlertRuleScheduledEventGroupingPtr 

func AlertRuleScheduledEventGroupingPtr(v *AlertRuleScheduledEventGroupingArgs) AlertRuleScheduledEventGroupingPtrInput

type AlertRuleScheduledEventGroupingPtrOutput 

type AlertRuleScheduledEventGroupingPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEventGroupingPtrOutput) AggregationMethod 

func (o AlertRuleScheduledEventGroupingPtrOutput) AggregationMethod() pulumi.StringPtrOutput

The aggregation type of grouping the events. Possible values are `AlertPerResult` and `SingleAlert`.

func (AlertRuleScheduledEventGroupingPtrOutput) Elem 

func (o AlertRuleScheduledEventGroupingPtrOutput) Elem() AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingPtrOutput) ElementType 

func (AlertRuleScheduledEventGroupingPtrOutput) ElementType() reflect.Type

func (AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutput 

func (o AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput

func (AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext 

func (o AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingPtrOutput

type AlertRuleScheduledIncident added in v5.81.0 

type AlertRuleScheduledIncident struct {
	// Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?
	CreateIncidentEnabled bool `pulumi:"createIncidentEnabled"`
	// A `grouping` block as defined below.
	Grouping AlertRuleScheduledIncidentGrouping `pulumi:"grouping"`
}

type AlertRuleScheduledIncidentArgs added in v5.81.0 

type AlertRuleScheduledIncidentArgs struct {
	// Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?
	CreateIncidentEnabled pulumi.BoolInput `pulumi:"createIncidentEnabled"`
	// A `grouping` block as defined below.
	Grouping AlertRuleScheduledIncidentGroupingInput `pulumi:"grouping"`
}

func (AlertRuleScheduledIncidentArgs) ElementType added in v5.81.0 

func (AlertRuleScheduledIncidentArgs) ElementType() reflect.Type

func (AlertRuleScheduledIncidentArgs) ToAlertRuleScheduledIncidentOutput added in v5.81.0 

func (i AlertRuleScheduledIncidentArgs) ToAlertRuleScheduledIncidentOutput() AlertRuleScheduledIncidentOutput

func (AlertRuleScheduledIncidentArgs) ToAlertRuleScheduledIncidentOutputWithContext added in v5.81.0 

func (i AlertRuleScheduledIncidentArgs) ToAlertRuleScheduledIncidentOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentOutput

func (AlertRuleScheduledIncidentArgs) ToAlertRuleScheduledIncidentPtrOutput added in v5.81.0 

func (i AlertRuleScheduledIncidentArgs) ToAlertRuleScheduledIncidentPtrOutput() AlertRuleScheduledIncidentPtrOutput

func (AlertRuleScheduledIncidentArgs) ToAlertRuleScheduledIncidentPtrOutputWithContext added in v5.81.0 

func (i AlertRuleScheduledIncidentArgs) ToAlertRuleScheduledIncidentPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentPtrOutput

type AlertRuleScheduledIncidentConfiguration 

type AlertRuleScheduledIncidentConfiguration struct {
	// Deprecated: The `createIncident` property has been superseded by the `createIncidentEnabled` property and will be removed in v4.0 of the AzureRM Provider
	CreateIncident bool `pulumi:"createIncident"`
	// A `grouping` block as defined below.
	Grouping AlertRuleScheduledIncidentConfigurationGrouping `pulumi:"grouping"`
}

type AlertRuleScheduledIncidentConfigurationArgs 

type AlertRuleScheduledIncidentConfigurationArgs struct {
	// Deprecated: The `createIncident` property has been superseded by the `createIncidentEnabled` property and will be removed in v4.0 of the AzureRM Provider
	CreateIncident pulumi.BoolInput `pulumi:"createIncident"`
	// A `grouping` block as defined below.
	Grouping AlertRuleScheduledIncidentConfigurationGroupingInput `pulumi:"grouping"`
}

func (AlertRuleScheduledIncidentConfigurationArgs) ElementType 

func (AlertRuleScheduledIncidentConfigurationArgs) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutput 

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutput() AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutputWithContext 

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutput 

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext 

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput

type AlertRuleScheduledIncidentConfigurationGrouping 

type AlertRuleScheduledIncidentConfigurationGrouping struct {
	// Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.
	Enabled *bool `pulumi:"enabled"`
	// The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.
	EntityMatchingMethod *string `pulumi:"entityMatchingMethod"`
	// Deprecated: The `groupByAlertDetails` property has been superseded by the `byAlertDetails` property and will be removed in v4.0 of the AzureRM Provider
	GroupByAlertDetails []string `pulumi:"groupByAlertDetails"`
	// Deprecated: The `groupByCustomDetails` property has been superseded by the `byCustomDetails` property and will be removed in v4.0 of the AzureRM Provider
	GroupByCustomDetails []string `pulumi:"groupByCustomDetails"`
	// Deprecated: The `groupByEntities` property has been superseded by the `byEntities` property and will be removed in v4.0 of the AzureRM Provider
	GroupByEntities []string `pulumi:"groupByEntities"`
	// Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.
	LookbackDuration *string `pulumi:"lookbackDuration"`
	// Whether to re-open closed matching incidents? Defaults to `false`.
	ReopenClosedIncidents *bool `pulumi:"reopenClosedIncidents"`
}

type AlertRuleScheduledIncidentConfigurationGroupingArgs 

type AlertRuleScheduledIncidentConfigurationGroupingArgs struct {
	// Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.
	Enabled pulumi.BoolPtrInput `pulumi:"enabled"`
	// The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.
	EntityMatchingMethod pulumi.StringPtrInput `pulumi:"entityMatchingMethod"`
	// Deprecated: The `groupByAlertDetails` property has been superseded by the `byAlertDetails` property and will be removed in v4.0 of the AzureRM Provider
	GroupByAlertDetails pulumi.StringArrayInput `pulumi:"groupByAlertDetails"`
	// Deprecated: The `groupByCustomDetails` property has been superseded by the `byCustomDetails` property and will be removed in v4.0 of the AzureRM Provider
	GroupByCustomDetails pulumi.StringArrayInput `pulumi:"groupByCustomDetails"`
	// Deprecated: The `groupByEntities` property has been superseded by the `byEntities` property and will be removed in v4.0 of the AzureRM Provider
	GroupByEntities pulumi.StringArrayInput `pulumi:"groupByEntities"`
	// Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.
	LookbackDuration pulumi.StringPtrInput `pulumi:"lookbackDuration"`
	// Whether to re-open closed matching incidents? Defaults to `false`.
	ReopenClosedIncidents pulumi.BoolPtrInput `pulumi:"reopenClosedIncidents"`
}

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ElementType 

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutput 

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutput() AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext 

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput 

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext 

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

type AlertRuleScheduledIncidentConfigurationGroupingInput 

type AlertRuleScheduledIncidentConfigurationGroupingInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationGroupingOutput() AlertRuleScheduledIncidentConfigurationGroupingOutput
	ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationGroupingOutput
}

AlertRuleScheduledIncidentConfigurationGroupingInput is an input type that accepts AlertRuleScheduledIncidentConfigurationGroupingArgs and AlertRuleScheduledIncidentConfigurationGroupingOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationGroupingInput` via: 

AlertRuleScheduledIncidentConfigurationGroupingArgs{...}

type AlertRuleScheduledIncidentConfigurationGroupingOutput 

type AlertRuleScheduledIncidentConfigurationGroupingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ElementType 

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) Enabled 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) Enabled() pulumi.BoolPtrOutput

Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) EntityMatchingMethod 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) EntityMatchingMethod() pulumi.StringPtrOutput

The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) GroupByAlertDetails deprecated 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) GroupByAlertDetails() pulumi.StringArrayOutput

Deprecated: The `groupByAlertDetails` property has been superseded by the `byAlertDetails` property and will be removed in v4.0 of the AzureRM Provider

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) GroupByCustomDetails deprecated 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) GroupByCustomDetails() pulumi.StringArrayOutput

Deprecated: The `groupByCustomDetails` property has been superseded by the `byCustomDetails` property and will be removed in v4.0 of the AzureRM Provider

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) GroupByEntities deprecated 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) GroupByEntities() pulumi.StringArrayOutput

Deprecated: The `groupByEntities` property has been superseded by the `byEntities` property and will be removed in v4.0 of the AzureRM Provider

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) LookbackDuration 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) LookbackDuration() pulumi.StringPtrOutput

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ReopenClosedIncidents 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ReopenClosedIncidents() pulumi.BoolPtrOutput

Whether to re-open closed matching incidents? Defaults to `false`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingOutput 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingOutput() AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

type AlertRuleScheduledIncidentConfigurationGroupingPtrInput 

type AlertRuleScheduledIncidentConfigurationGroupingPtrInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput
	ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput
}

AlertRuleScheduledIncidentConfigurationGroupingPtrInput is an input type that accepts AlertRuleScheduledIncidentConfigurationGroupingArgs, AlertRuleScheduledIncidentConfigurationGroupingPtr and AlertRuleScheduledIncidentConfigurationGroupingPtrOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationGroupingPtrInput` via: 

        AlertRuleScheduledIncidentConfigurationGroupingArgs{...}

or:

        nil

func AlertRuleScheduledIncidentConfigurationGroupingPtr 

func AlertRuleScheduledIncidentConfigurationGroupingPtr(v *AlertRuleScheduledIncidentConfigurationGroupingArgs) AlertRuleScheduledIncidentConfigurationGroupingPtrInput

type AlertRuleScheduledIncidentConfigurationGroupingPtrOutput 

type AlertRuleScheduledIncidentConfigurationGroupingPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) Elem 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) Elem() AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ElementType 

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) Enabled 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) Enabled() pulumi.BoolPtrOutput

Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) EntityMatchingMethod 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) EntityMatchingMethod() pulumi.StringPtrOutput

The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) GroupByAlertDetails deprecated 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) GroupByAlertDetails() pulumi.StringArrayOutput

Deprecated: The `groupByAlertDetails` property has been superseded by the `byAlertDetails` property and will be removed in v4.0 of the AzureRM Provider

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) GroupByCustomDetails deprecated 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) GroupByCustomDetails() pulumi.StringArrayOutput

Deprecated: The `groupByCustomDetails` property has been superseded by the `byCustomDetails` property and will be removed in v4.0 of the AzureRM Provider

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) GroupByEntities deprecated 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) GroupByEntities() pulumi.StringArrayOutput

Deprecated: The `groupByEntities` property has been superseded by the `byEntities` property and will be removed in v4.0 of the AzureRM Provider

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) LookbackDuration 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) LookbackDuration() pulumi.StringPtrOutput

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ReopenClosedIncidents 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ReopenClosedIncidents() pulumi.BoolPtrOutput

Whether to re-open closed matching incidents? Defaults to `false`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

type AlertRuleScheduledIncidentConfigurationInput 

type AlertRuleScheduledIncidentConfigurationInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationOutput() AlertRuleScheduledIncidentConfigurationOutput
	ToAlertRuleScheduledIncidentConfigurationOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationOutput
}

AlertRuleScheduledIncidentConfigurationInput is an input type that accepts AlertRuleScheduledIncidentConfigurationArgs and AlertRuleScheduledIncidentConfigurationOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationInput` via: 

AlertRuleScheduledIncidentConfigurationArgs{...}

type AlertRuleScheduledIncidentConfigurationOutput 

type AlertRuleScheduledIncidentConfigurationOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationOutput) CreateIncident deprecated 

func (o AlertRuleScheduledIncidentConfigurationOutput) CreateIncident() pulumi.BoolOutput

Deprecated: The `createIncident` property has been superseded by the `createIncidentEnabled` property and will be removed in v4.0 of the AzureRM Provider

func (AlertRuleScheduledIncidentConfigurationOutput) ElementType 

func (AlertRuleScheduledIncidentConfigurationOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationOutput) Grouping 

func (o AlertRuleScheduledIncidentConfigurationOutput) Grouping() AlertRuleScheduledIncidentConfigurationGroupingOutput

A `grouping` block as defined below.

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutput 

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutput() AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput 

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput

type AlertRuleScheduledIncidentConfigurationPtrInput 

type AlertRuleScheduledIncidentConfigurationPtrInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput
	ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput
}

AlertRuleScheduledIncidentConfigurationPtrInput is an input type that accepts AlertRuleScheduledIncidentConfigurationArgs, AlertRuleScheduledIncidentConfigurationPtr and AlertRuleScheduledIncidentConfigurationPtrOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationPtrInput` via: 

        AlertRuleScheduledIncidentConfigurationArgs{...}

or:

        nil

func AlertRuleScheduledIncidentConfigurationPtr 

func AlertRuleScheduledIncidentConfigurationPtr(v *AlertRuleScheduledIncidentConfigurationArgs) AlertRuleScheduledIncidentConfigurationPtrInput

type AlertRuleScheduledIncidentConfigurationPtrOutput 

type AlertRuleScheduledIncidentConfigurationPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationPtrOutput) CreateIncident deprecated 

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) CreateIncident() pulumi.BoolPtrOutput

Deprecated: The `createIncident` property has been superseded by the `createIncidentEnabled` property and will be removed in v4.0 of the AzureRM Provider

func (AlertRuleScheduledIncidentConfigurationPtrOutput) Elem 

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) Elem() AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationPtrOutput) ElementType 

func (AlertRuleScheduledIncidentConfigurationPtrOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationPtrOutput) Grouping 

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) Grouping() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

A `grouping` block as defined below.

func (AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput 

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput

func (AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput

type AlertRuleScheduledIncidentGrouping added in v5.81.0 

type AlertRuleScheduledIncidentGrouping struct {
	// A list of alert details to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `DisplayName` and `Severity`.
	ByAlertDetails []string `pulumi:"byAlertDetails"`
	// A list of custom details keys to group by, only when the `entityMatchingMethod` is `Selected`. Only keys defined in the `customDetails` may be used.
	ByCustomDetails []string `pulumi:"byCustomDetails"`
	// A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	ByEntities []string `pulumi:"byEntities"`
	// Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.
	Enabled *bool `pulumi:"enabled"`
	// The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.
	EntityMatchingMethod *string `pulumi:"entityMatchingMethod"`
	// Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.
	LookbackDuration *string `pulumi:"lookbackDuration"`
	// Whether to re-open closed matching incidents? Defaults to `false`.
	ReopenClosedIncidents *bool `pulumi:"reopenClosedIncidents"`
}

type AlertRuleScheduledIncidentGroupingArgs added in v5.81.0 

type AlertRuleScheduledIncidentGroupingArgs struct {
	// A list of alert details to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `DisplayName` and `Severity`.
	ByAlertDetails pulumi.StringArrayInput `pulumi:"byAlertDetails"`
	// A list of custom details keys to group by, only when the `entityMatchingMethod` is `Selected`. Only keys defined in the `customDetails` may be used.
	ByCustomDetails pulumi.StringArrayInput `pulumi:"byCustomDetails"`
	// A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	ByEntities pulumi.StringArrayInput `pulumi:"byEntities"`
	// Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.
	Enabled pulumi.BoolPtrInput `pulumi:"enabled"`
	// The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.
	EntityMatchingMethod pulumi.StringPtrInput `pulumi:"entityMatchingMethod"`
	// Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.
	LookbackDuration pulumi.StringPtrInput `pulumi:"lookbackDuration"`
	// Whether to re-open closed matching incidents? Defaults to `false`.
	ReopenClosedIncidents pulumi.BoolPtrInput `pulumi:"reopenClosedIncidents"`
}

func (AlertRuleScheduledIncidentGroupingArgs) ElementType added in v5.81.0 

func (AlertRuleScheduledIncidentGroupingArgs) ElementType() reflect.Type

func (AlertRuleScheduledIncidentGroupingArgs) ToAlertRuleScheduledIncidentGroupingOutput added in v5.81.0 

func (i AlertRuleScheduledIncidentGroupingArgs) ToAlertRuleScheduledIncidentGroupingOutput() AlertRuleScheduledIncidentGroupingOutput

func (AlertRuleScheduledIncidentGroupingArgs) ToAlertRuleScheduledIncidentGroupingOutputWithContext added in v5.81.0 

func (i AlertRuleScheduledIncidentGroupingArgs) ToAlertRuleScheduledIncidentGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentGroupingOutput

func (AlertRuleScheduledIncidentGroupingArgs) ToAlertRuleScheduledIncidentGroupingPtrOutput added in v5.81.0 

func (i AlertRuleScheduledIncidentGroupingArgs) ToAlertRuleScheduledIncidentGroupingPtrOutput() AlertRuleScheduledIncidentGroupingPtrOutput

func (AlertRuleScheduledIncidentGroupingArgs) ToAlertRuleScheduledIncidentGroupingPtrOutputWithContext added in v5.81.0 

func (i AlertRuleScheduledIncidentGroupingArgs) ToAlertRuleScheduledIncidentGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentGroupingPtrOutput

type AlertRuleScheduledIncidentGroupingInput added in v5.81.0 

type AlertRuleScheduledIncidentGroupingInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentGroupingOutput() AlertRuleScheduledIncidentGroupingOutput
	ToAlertRuleScheduledIncidentGroupingOutputWithContext(context.Context) AlertRuleScheduledIncidentGroupingOutput
}

AlertRuleScheduledIncidentGroupingInput is an input type that accepts AlertRuleScheduledIncidentGroupingArgs and AlertRuleScheduledIncidentGroupingOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentGroupingInput` via: 

AlertRuleScheduledIncidentGroupingArgs{...}

type AlertRuleScheduledIncidentGroupingOutput added in v5.81.0 

type AlertRuleScheduledIncidentGroupingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentGroupingOutput) ByAlertDetails added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingOutput) ByAlertDetails() pulumi.StringArrayOutput

A list of alert details to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `DisplayName` and `Severity`.

func (AlertRuleScheduledIncidentGroupingOutput) ByCustomDetails added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingOutput) ByCustomDetails() pulumi.StringArrayOutput

A list of custom details keys to group by, only when the `entityMatchingMethod` is `Selected`. Only keys defined in the `customDetails` may be used.

func (AlertRuleScheduledIncidentGroupingOutput) ByEntities added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingOutput) ByEntities() pulumi.StringArrayOutput

A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.

func (AlertRuleScheduledIncidentGroupingOutput) ElementType added in v5.81.0 

func (AlertRuleScheduledIncidentGroupingOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentGroupingOutput) Enabled added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingOutput) Enabled() pulumi.BoolPtrOutput

Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.

func (AlertRuleScheduledIncidentGroupingOutput) EntityMatchingMethod added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingOutput) EntityMatchingMethod() pulumi.StringPtrOutput

The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.

func (AlertRuleScheduledIncidentGroupingOutput) LookbackDuration added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingOutput) LookbackDuration() pulumi.StringPtrOutput

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.

func (AlertRuleScheduledIncidentGroupingOutput) ReopenClosedIncidents added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingOutput) ReopenClosedIncidents() pulumi.BoolPtrOutput

Whether to re-open closed matching incidents? Defaults to `false`.

func (AlertRuleScheduledIncidentGroupingOutput) ToAlertRuleScheduledIncidentGroupingOutput added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingOutput) ToAlertRuleScheduledIncidentGroupingOutput() AlertRuleScheduledIncidentGroupingOutput

func (AlertRuleScheduledIncidentGroupingOutput) ToAlertRuleScheduledIncidentGroupingOutputWithContext added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingOutput) ToAlertRuleScheduledIncidentGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentGroupingOutput

func (AlertRuleScheduledIncidentGroupingOutput) ToAlertRuleScheduledIncidentGroupingPtrOutput added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingOutput) ToAlertRuleScheduledIncidentGroupingPtrOutput() AlertRuleScheduledIncidentGroupingPtrOutput

func (AlertRuleScheduledIncidentGroupingOutput) ToAlertRuleScheduledIncidentGroupingPtrOutputWithContext added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingOutput) ToAlertRuleScheduledIncidentGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentGroupingPtrOutput

type AlertRuleScheduledIncidentGroupingPtrInput added in v5.81.0 

type AlertRuleScheduledIncidentGroupingPtrInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentGroupingPtrOutput() AlertRuleScheduledIncidentGroupingPtrOutput
	ToAlertRuleScheduledIncidentGroupingPtrOutputWithContext(context.Context) AlertRuleScheduledIncidentGroupingPtrOutput
}

AlertRuleScheduledIncidentGroupingPtrInput is an input type that accepts AlertRuleScheduledIncidentGroupingArgs, AlertRuleScheduledIncidentGroupingPtr and AlertRuleScheduledIncidentGroupingPtrOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentGroupingPtrInput` via: 

        AlertRuleScheduledIncidentGroupingArgs{...}

or:

        nil

func AlertRuleScheduledIncidentGroupingPtr added in v5.81.0 

func AlertRuleScheduledIncidentGroupingPtr(v *AlertRuleScheduledIncidentGroupingArgs) AlertRuleScheduledIncidentGroupingPtrInput

type AlertRuleScheduledIncidentGroupingPtrOutput added in v5.81.0 

type AlertRuleScheduledIncidentGroupingPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentGroupingPtrOutput) ByAlertDetails added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingPtrOutput) ByAlertDetails() pulumi.StringArrayOutput

A list of alert details to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `DisplayName` and `Severity`.

func (AlertRuleScheduledIncidentGroupingPtrOutput) ByCustomDetails added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingPtrOutput) ByCustomDetails() pulumi.StringArrayOutput

A list of custom details keys to group by, only when the `entityMatchingMethod` is `Selected`. Only keys defined in the `customDetails` may be used.

func (AlertRuleScheduledIncidentGroupingPtrOutput) ByEntities added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingPtrOutput) ByEntities() pulumi.StringArrayOutput

A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.

func (AlertRuleScheduledIncidentGroupingPtrOutput) Elem added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingPtrOutput) Elem() AlertRuleScheduledIncidentGroupingOutput

func (AlertRuleScheduledIncidentGroupingPtrOutput) ElementType added in v5.81.0 

func (AlertRuleScheduledIncidentGroupingPtrOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentGroupingPtrOutput) Enabled added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingPtrOutput) Enabled() pulumi.BoolPtrOutput

Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.

func (AlertRuleScheduledIncidentGroupingPtrOutput) EntityMatchingMethod added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingPtrOutput) EntityMatchingMethod() pulumi.StringPtrOutput

The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.

func (AlertRuleScheduledIncidentGroupingPtrOutput) LookbackDuration added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingPtrOutput) LookbackDuration() pulumi.StringPtrOutput

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.

func (AlertRuleScheduledIncidentGroupingPtrOutput) ReopenClosedIncidents added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingPtrOutput) ReopenClosedIncidents() pulumi.BoolPtrOutput

Whether to re-open closed matching incidents? Defaults to `false`.

func (AlertRuleScheduledIncidentGroupingPtrOutput) ToAlertRuleScheduledIncidentGroupingPtrOutput added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingPtrOutput) ToAlertRuleScheduledIncidentGroupingPtrOutput() AlertRuleScheduledIncidentGroupingPtrOutput

func (AlertRuleScheduledIncidentGroupingPtrOutput) ToAlertRuleScheduledIncidentGroupingPtrOutputWithContext added in v5.81.0 

func (o AlertRuleScheduledIncidentGroupingPtrOutput) ToAlertRuleScheduledIncidentGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentGroupingPtrOutput

type AlertRuleScheduledIncidentInput added in v5.81.0 

type AlertRuleScheduledIncidentInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentOutput() AlertRuleScheduledIncidentOutput
	ToAlertRuleScheduledIncidentOutputWithContext(context.Context) AlertRuleScheduledIncidentOutput
}

AlertRuleScheduledIncidentInput is an input type that accepts AlertRuleScheduledIncidentArgs and AlertRuleScheduledIncidentOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentInput` via: 

AlertRuleScheduledIncidentArgs{...}

type AlertRuleScheduledIncidentOutput added in v5.81.0 

type AlertRuleScheduledIncidentOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentOutput) CreateIncidentEnabled added in v5.81.0 

func (o AlertRuleScheduledIncidentOutput) CreateIncidentEnabled() pulumi.BoolOutput

Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?

func (AlertRuleScheduledIncidentOutput) ElementType added in v5.81.0 

func (AlertRuleScheduledIncidentOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentOutput) Grouping added in v5.81.0 

func (o AlertRuleScheduledIncidentOutput) Grouping() AlertRuleScheduledIncidentGroupingOutput

A `grouping` block as defined below.

func (AlertRuleScheduledIncidentOutput) ToAlertRuleScheduledIncidentOutput added in v5.81.0 

func (o AlertRuleScheduledIncidentOutput) ToAlertRuleScheduledIncidentOutput() AlertRuleScheduledIncidentOutput

func (AlertRuleScheduledIncidentOutput) ToAlertRuleScheduledIncidentOutputWithContext added in v5.81.0 

func (o AlertRuleScheduledIncidentOutput) ToAlertRuleScheduledIncidentOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentOutput

func (AlertRuleScheduledIncidentOutput) ToAlertRuleScheduledIncidentPtrOutput added in v5.81.0 

func (o AlertRuleScheduledIncidentOutput) ToAlertRuleScheduledIncidentPtrOutput() AlertRuleScheduledIncidentPtrOutput

func (AlertRuleScheduledIncidentOutput) ToAlertRuleScheduledIncidentPtrOutputWithContext added in v5.81.0 

func (o AlertRuleScheduledIncidentOutput) ToAlertRuleScheduledIncidentPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentPtrOutput

type AlertRuleScheduledIncidentPtrInput added in v5.81.0 

type AlertRuleScheduledIncidentPtrInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentPtrOutput() AlertRuleScheduledIncidentPtrOutput
	ToAlertRuleScheduledIncidentPtrOutputWithContext(context.Context) AlertRuleScheduledIncidentPtrOutput
}

AlertRuleScheduledIncidentPtrInput is an input type that accepts AlertRuleScheduledIncidentArgs, AlertRuleScheduledIncidentPtr and AlertRuleScheduledIncidentPtrOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentPtrInput` via: 

        AlertRuleScheduledIncidentArgs{...}

or:

        nil

func AlertRuleScheduledIncidentPtr added in v5.81.0 

func AlertRuleScheduledIncidentPtr(v *AlertRuleScheduledIncidentArgs) AlertRuleScheduledIncidentPtrInput

type AlertRuleScheduledIncidentPtrOutput added in v5.81.0 

type AlertRuleScheduledIncidentPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentPtrOutput) CreateIncidentEnabled added in v5.81.0 

func (o AlertRuleScheduledIncidentPtrOutput) CreateIncidentEnabled() pulumi.BoolPtrOutput

Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?

func (AlertRuleScheduledIncidentPtrOutput) Elem added in v5.81.0 

func (o AlertRuleScheduledIncidentPtrOutput) Elem() AlertRuleScheduledIncidentOutput

func (AlertRuleScheduledIncidentPtrOutput) ElementType added in v5.81.0 

func (AlertRuleScheduledIncidentPtrOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentPtrOutput) Grouping added in v5.81.0 

func (o AlertRuleScheduledIncidentPtrOutput) Grouping() AlertRuleScheduledIncidentGroupingPtrOutput

A `grouping` block as defined below.

func (AlertRuleScheduledIncidentPtrOutput) ToAlertRuleScheduledIncidentPtrOutput added in v5.81.0 

func (o AlertRuleScheduledIncidentPtrOutput) ToAlertRuleScheduledIncidentPtrOutput() AlertRuleScheduledIncidentPtrOutput

func (AlertRuleScheduledIncidentPtrOutput) ToAlertRuleScheduledIncidentPtrOutputWithContext added in v5.81.0 

func (o AlertRuleScheduledIncidentPtrOutput) ToAlertRuleScheduledIncidentPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentPtrOutput

type AlertRuleScheduledInput 

type AlertRuleScheduledInput interface {
	pulumi.Input

	ToAlertRuleScheduledOutput() AlertRuleScheduledOutput
	ToAlertRuleScheduledOutputWithContext(ctx context.Context) AlertRuleScheduledOutput
}

type AlertRuleScheduledMap 

type AlertRuleScheduledMap map[string]AlertRuleScheduledInput

func (AlertRuleScheduledMap) ElementType 

func (AlertRuleScheduledMap) ElementType() reflect.Type

func (AlertRuleScheduledMap) ToAlertRuleScheduledMapOutput 

func (i AlertRuleScheduledMap) ToAlertRuleScheduledMapOutput() AlertRuleScheduledMapOutput

func (AlertRuleScheduledMap) ToAlertRuleScheduledMapOutputWithContext 

func (i AlertRuleScheduledMap) ToAlertRuleScheduledMapOutputWithContext(ctx context.Context) AlertRuleScheduledMapOutput

type AlertRuleScheduledMapInput 

type AlertRuleScheduledMapInput interface {
	pulumi.Input

	ToAlertRuleScheduledMapOutput() AlertRuleScheduledMapOutput
	ToAlertRuleScheduledMapOutputWithContext(context.Context) AlertRuleScheduledMapOutput
}

AlertRuleScheduledMapInput is an input type that accepts AlertRuleScheduledMap and AlertRuleScheduledMapOutput values. You can construct a concrete instance of `AlertRuleScheduledMapInput` via: 

AlertRuleScheduledMap{ "key": AlertRuleScheduledArgs{...} }

type AlertRuleScheduledMapOutput 

type AlertRuleScheduledMapOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledMapOutput) ElementType 

func (AlertRuleScheduledMapOutput) ElementType() reflect.Type

func (AlertRuleScheduledMapOutput) MapIndex 

func (o AlertRuleScheduledMapOutput) MapIndex(k pulumi.StringInput) AlertRuleScheduledOutput

func (AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutput 

func (o AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutput() AlertRuleScheduledMapOutput

func (AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutputWithContext 

func (o AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutputWithContext(ctx context.Context) AlertRuleScheduledMapOutput

type AlertRuleScheduledOutput 

type AlertRuleScheduledOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledOutput) AlertDetailsOverrides added in v5.5.0 

func (o AlertRuleScheduledOutput) AlertDetailsOverrides() AlertRuleScheduledAlertDetailsOverrideArrayOutput

An `alertDetailsOverride` block as defined below.

func (AlertRuleScheduledOutput) AlertRuleTemplateGuid added in v5.5.0 

func (o AlertRuleScheduledOutput) AlertRuleTemplateGuid() pulumi.StringPtrOutput

The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.

func (AlertRuleScheduledOutput) AlertRuleTemplateVersion added in v5.5.0 

func (o AlertRuleScheduledOutput) AlertRuleTemplateVersion() pulumi.StringPtrOutput

The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule.

func (AlertRuleScheduledOutput) CustomDetails added in v5.5.0 

func (o AlertRuleScheduledOutput) CustomDetails() pulumi.StringMapOutput

A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.

func (AlertRuleScheduledOutput) Description added in v5.5.0 

func (o AlertRuleScheduledOutput) Description() pulumi.StringPtrOutput

The description of this Sentinel Scheduled Alert Rule.

func (AlertRuleScheduledOutput) DisplayName added in v5.5.0 

func (o AlertRuleScheduledOutput) DisplayName() pulumi.StringOutput

The friendly name of this Sentinel Scheduled Alert Rule.

func (AlertRuleScheduledOutput) ElementType 

func (AlertRuleScheduledOutput) ElementType() reflect.Type

func (AlertRuleScheduledOutput) Enabled added in v5.5.0 

func (o AlertRuleScheduledOutput) Enabled() pulumi.BoolPtrOutput

Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.

func (AlertRuleScheduledOutput) EntityMappings added in v5.5.0 

func (o AlertRuleScheduledOutput) EntityMappings() AlertRuleScheduledEntityMappingArrayOutput

A list of `entityMapping` blocks as defined below.

func (AlertRuleScheduledOutput) EventGrouping added in v5.5.0 

func (o AlertRuleScheduledOutput) EventGrouping() AlertRuleScheduledEventGroupingPtrOutput

A `eventGrouping` block as defined below.

func (AlertRuleScheduledOutput) Incident added in v5.81.0 

func (o AlertRuleScheduledOutput) Incident() AlertRuleScheduledIncidentOutput

A `incident` block as defined below.

func (AlertRuleScheduledOutput) IncidentConfiguration deprecated added in v5.5.0 

func (o AlertRuleScheduledOutput) IncidentConfiguration() AlertRuleScheduledIncidentConfigurationOutput

Deprecated: The `incidentConfiguration` block has been superseded by the `incident` block and will be removed in v4.0 of the AzureRM Provider

func (AlertRuleScheduledOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o AlertRuleScheduledOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.

func (AlertRuleScheduledOutput) Name added in v5.5.0 

func (o AlertRuleScheduledOutput) Name() pulumi.StringOutput

The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.

func (AlertRuleScheduledOutput) Query added in v5.5.0 

func (o AlertRuleScheduledOutput) Query() pulumi.StringOutput

The query of this Sentinel Scheduled Alert Rule.

func (AlertRuleScheduledOutput) QueryFrequency added in v5.5.0 

func (o AlertRuleScheduledOutput) QueryFrequency() pulumi.StringPtrOutput

The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.

func (AlertRuleScheduledOutput) QueryPeriod added in v5.5.0 

func (o AlertRuleScheduledOutput) QueryPeriod() pulumi.StringPtrOutput

The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.

> **NOTE** `queryPeriod` must larger than or equal to `queryFrequency`, which ensures there is no gaps in the overall query coverage.

func (AlertRuleScheduledOutput) SentinelEntityMappings added in v5.35.0 

func (o AlertRuleScheduledOutput) SentinelEntityMappings() AlertRuleScheduledSentinelEntityMappingArrayOutput

A list of `sentinelEntityMapping` blocks as defined below.

> **NOTE:** `entityMapping` and `sentinelEntityMapping` together can't exceed 5.

func (AlertRuleScheduledOutput) Severity added in v5.5.0 

func (o AlertRuleScheduledOutput) Severity() pulumi.StringOutput

The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.

func (AlertRuleScheduledOutput) SuppressionDuration added in v5.5.0 

func (o AlertRuleScheduledOutput) SuppressionDuration() pulumi.StringPtrOutput

If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.

> **NOTE** `suppressionDuration` must larger than or equal to `queryFrequency`, otherwise the suppression has no actual effect since no query will happen during the suppression duration.

func (AlertRuleScheduledOutput) SuppressionEnabled added in v5.5.0 

func (o AlertRuleScheduledOutput) SuppressionEnabled() pulumi.BoolPtrOutput

Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.

func (AlertRuleScheduledOutput) Tactics added in v5.5.0 

func (o AlertRuleScheduledOutput) Tactics() pulumi.StringArrayOutput

A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.

func (AlertRuleScheduledOutput) Techniques added in v5.21.0 

func (o AlertRuleScheduledOutput) Techniques() pulumi.StringArrayOutput

A list of techniques of attacks by which to classify the rule.

func (AlertRuleScheduledOutput) ToAlertRuleScheduledOutput 

func (o AlertRuleScheduledOutput) ToAlertRuleScheduledOutput() AlertRuleScheduledOutput

func (AlertRuleScheduledOutput) ToAlertRuleScheduledOutputWithContext 

func (o AlertRuleScheduledOutput) ToAlertRuleScheduledOutputWithContext(ctx context.Context) AlertRuleScheduledOutput

func (AlertRuleScheduledOutput) TriggerOperator added in v5.5.0 

func (o AlertRuleScheduledOutput) TriggerOperator() pulumi.StringPtrOutput

The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`. Defaults to `GreaterThan`.

func (AlertRuleScheduledOutput) TriggerThreshold added in v5.5.0 

func (o AlertRuleScheduledOutput) TriggerThreshold() pulumi.IntPtrOutput

The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule. Defaults to `0`.

type AlertRuleScheduledSentinelEntityMapping added in v5.35.0 

type AlertRuleScheduledSentinelEntityMapping struct {
	// The column name to be mapped to the identifier.
	ColumnName string `pulumi:"columnName"`
}

type AlertRuleScheduledSentinelEntityMappingArgs added in v5.35.0 

type AlertRuleScheduledSentinelEntityMappingArgs struct {
	// The column name to be mapped to the identifier.
	ColumnName pulumi.StringInput `pulumi:"columnName"`
}

func (AlertRuleScheduledSentinelEntityMappingArgs) ElementType added in v5.35.0 

func (AlertRuleScheduledSentinelEntityMappingArgs) ElementType() reflect.Type

func (AlertRuleScheduledSentinelEntityMappingArgs) ToAlertRuleScheduledSentinelEntityMappingOutput added in v5.35.0 

func (i AlertRuleScheduledSentinelEntityMappingArgs) ToAlertRuleScheduledSentinelEntityMappingOutput() AlertRuleScheduledSentinelEntityMappingOutput

func (AlertRuleScheduledSentinelEntityMappingArgs) ToAlertRuleScheduledSentinelEntityMappingOutputWithContext added in v5.35.0 

func (i AlertRuleScheduledSentinelEntityMappingArgs) ToAlertRuleScheduledSentinelEntityMappingOutputWithContext(ctx context.Context) AlertRuleScheduledSentinelEntityMappingOutput

type AlertRuleScheduledSentinelEntityMappingArray added in v5.35.0 

type AlertRuleScheduledSentinelEntityMappingArray []AlertRuleScheduledSentinelEntityMappingInput

func (AlertRuleScheduledSentinelEntityMappingArray) ElementType added in v5.35.0 

func (AlertRuleScheduledSentinelEntityMappingArray) ElementType() reflect.Type

func (AlertRuleScheduledSentinelEntityMappingArray) ToAlertRuleScheduledSentinelEntityMappingArrayOutput added in v5.35.0 

func (i AlertRuleScheduledSentinelEntityMappingArray) ToAlertRuleScheduledSentinelEntityMappingArrayOutput() AlertRuleScheduledSentinelEntityMappingArrayOutput

func (AlertRuleScheduledSentinelEntityMappingArray) ToAlertRuleScheduledSentinelEntityMappingArrayOutputWithContext added in v5.35.0 

func (i AlertRuleScheduledSentinelEntityMappingArray) ToAlertRuleScheduledSentinelEntityMappingArrayOutputWithContext(ctx context.Context) AlertRuleScheduledSentinelEntityMappingArrayOutput

type AlertRuleScheduledSentinelEntityMappingArrayInput added in v5.35.0 

type AlertRuleScheduledSentinelEntityMappingArrayInput interface {
	pulumi.Input

	ToAlertRuleScheduledSentinelEntityMappingArrayOutput() AlertRuleScheduledSentinelEntityMappingArrayOutput
	ToAlertRuleScheduledSentinelEntityMappingArrayOutputWithContext(context.Context) AlertRuleScheduledSentinelEntityMappingArrayOutput
}

AlertRuleScheduledSentinelEntityMappingArrayInput is an input type that accepts AlertRuleScheduledSentinelEntityMappingArray and AlertRuleScheduledSentinelEntityMappingArrayOutput values. You can construct a concrete instance of `AlertRuleScheduledSentinelEntityMappingArrayInput` via: 

AlertRuleScheduledSentinelEntityMappingArray{ AlertRuleScheduledSentinelEntityMappingArgs{...} }

type AlertRuleScheduledSentinelEntityMappingArrayOutput added in v5.35.0 

type AlertRuleScheduledSentinelEntityMappingArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledSentinelEntityMappingArrayOutput) ElementType added in v5.35.0 

func (AlertRuleScheduledSentinelEntityMappingArrayOutput) ElementType() reflect.Type

func (AlertRuleScheduledSentinelEntityMappingArrayOutput) Index added in v5.35.0 

func (o AlertRuleScheduledSentinelEntityMappingArrayOutput) Index(i pulumi.IntInput) AlertRuleScheduledSentinelEntityMappingOutput

func (AlertRuleScheduledSentinelEntityMappingArrayOutput) ToAlertRuleScheduledSentinelEntityMappingArrayOutput added in v5.35.0 

func (o AlertRuleScheduledSentinelEntityMappingArrayOutput) ToAlertRuleScheduledSentinelEntityMappingArrayOutput() AlertRuleScheduledSentinelEntityMappingArrayOutput

func (AlertRuleScheduledSentinelEntityMappingArrayOutput) ToAlertRuleScheduledSentinelEntityMappingArrayOutputWithContext added in v5.35.0 

func (o AlertRuleScheduledSentinelEntityMappingArrayOutput) ToAlertRuleScheduledSentinelEntityMappingArrayOutputWithContext(ctx context.Context) AlertRuleScheduledSentinelEntityMappingArrayOutput

type AlertRuleScheduledSentinelEntityMappingInput added in v5.35.0 

type AlertRuleScheduledSentinelEntityMappingInput interface {
	pulumi.Input

	ToAlertRuleScheduledSentinelEntityMappingOutput() AlertRuleScheduledSentinelEntityMappingOutput
	ToAlertRuleScheduledSentinelEntityMappingOutputWithContext(context.Context) AlertRuleScheduledSentinelEntityMappingOutput
}

AlertRuleScheduledSentinelEntityMappingInput is an input type that accepts AlertRuleScheduledSentinelEntityMappingArgs and AlertRuleScheduledSentinelEntityMappingOutput values. You can construct a concrete instance of `AlertRuleScheduledSentinelEntityMappingInput` via: 

AlertRuleScheduledSentinelEntityMappingArgs{...}

type AlertRuleScheduledSentinelEntityMappingOutput added in v5.35.0 

type AlertRuleScheduledSentinelEntityMappingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledSentinelEntityMappingOutput) ColumnName added in v5.35.0 

func (o AlertRuleScheduledSentinelEntityMappingOutput) ColumnName() pulumi.StringOutput

The column name to be mapped to the identifier.

func (AlertRuleScheduledSentinelEntityMappingOutput) ElementType added in v5.35.0 

func (AlertRuleScheduledSentinelEntityMappingOutput) ElementType() reflect.Type

func (AlertRuleScheduledSentinelEntityMappingOutput) ToAlertRuleScheduledSentinelEntityMappingOutput added in v5.35.0 

func (o AlertRuleScheduledSentinelEntityMappingOutput) ToAlertRuleScheduledSentinelEntityMappingOutput() AlertRuleScheduledSentinelEntityMappingOutput

func (AlertRuleScheduledSentinelEntityMappingOutput) ToAlertRuleScheduledSentinelEntityMappingOutputWithContext added in v5.35.0 

func (o AlertRuleScheduledSentinelEntityMappingOutput) ToAlertRuleScheduledSentinelEntityMappingOutputWithContext(ctx context.Context) AlertRuleScheduledSentinelEntityMappingOutput

type AlertRuleScheduledState 

type AlertRuleScheduledState struct {
	// An `alertDetailsOverride` block as defined below.
	AlertDetailsOverrides AlertRuleScheduledAlertDetailsOverrideArrayInput
	// The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule.
	AlertRuleTemplateVersion pulumi.StringPtrInput
	// A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
	CustomDetails pulumi.StringMapInput
	// The description of this Sentinel Scheduled Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel Scheduled Alert Rule.
	DisplayName pulumi.StringPtrInput
	// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// A list of `entityMapping` blocks as defined below.
	EntityMappings AlertRuleScheduledEntityMappingArrayInput
	// A `eventGrouping` block as defined below.
	EventGrouping AlertRuleScheduledEventGroupingPtrInput
	// A `incident` block as defined below.
	Incident AlertRuleScheduledIncidentPtrInput
	// Deprecated: The `incidentConfiguration` block has been superseded by the `incident` block and will be removed in v4.0 of the AzureRM Provider
	IncidentConfiguration AlertRuleScheduledIncidentConfigurationPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The query of this Sentinel Scheduled Alert Rule.
	Query pulumi.StringPtrInput
	// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
	QueryFrequency pulumi.StringPtrInput
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
	//
	// > **NOTE** `queryPeriod` must larger than or equal to `queryFrequency`, which ensures there is no gaps in the overall query coverage.
	QueryPeriod pulumi.StringPtrInput
	// A list of `sentinelEntityMapping` blocks as defined below.
	//
	// > **NOTE:** `entityMapping` and `sentinelEntityMapping` together can't exceed 5.
	SentinelEntityMappings AlertRuleScheduledSentinelEntityMappingArrayInput
	// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringPtrInput
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	//
	// > **NOTE** `suppressionDuration` must larger than or equal to `queryFrequency`, otherwise the suppression has no actual effect since no query will happen during the suppression duration.
	SuppressionDuration pulumi.StringPtrInput
	// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrInput
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.
	Tactics pulumi.StringArrayInput
	// A list of techniques of attacks by which to classify the rule.
	Techniques pulumi.StringArrayInput
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`. Defaults to `GreaterThan`.
	TriggerOperator pulumi.StringPtrInput
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule. Defaults to `0`.
	TriggerThreshold pulumi.IntPtrInput
}

func (AlertRuleScheduledState) ElementType 

func (AlertRuleScheduledState) ElementType() reflect.Type

type AlertRuleThreatIntelligence added in v5.37.0 

type AlertRuleThreatIntelligence struct {
	pulumi.CustomResourceState

	// The GUID of the alert rule template which is used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringOutput `pulumi:"alertRuleTemplateGuid"`
	// Whether the Threat Intelligence Alert rule enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The ID of the Log Analytics Workspace this Sentinel Threat Intelligence Alert Rule belongs to. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a Sentinel Threat Intelligence Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("pergb2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "example", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		example := sentinel.GetAlertRuleTemplateOutput(ctx, sentinel.GetAlertRuleTemplateOutputArgs{
			DisplayName:             pulumi.String("(Preview) Microsoft Defender Threat Intelligence Analytics"),
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		}, nil)
		_, err = sentinel.NewAlertRuleThreatIntelligence(ctx, "example", &sentinel.AlertRuleThreatIntelligenceArgs{
			Name:                    pulumi.String("example-rule"),
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			AlertRuleTemplateGuid: pulumi.String(example.ApplyT(func(example sentinel.GetAlertRuleTemplateResult) (*string, error) {
				return &example.Name, nil
			}).(pulumi.StringPtrOutput)),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Threat Intelligence Alert Rules can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/alertRuleThreatIntelligence:AlertRuleThreatIntelligence example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1 ```

func GetAlertRuleThreatIntelligence added in v5.37.0 

func GetAlertRuleThreatIntelligence(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleThreatIntelligenceState, opts ...pulumi.ResourceOption) (*AlertRuleThreatIntelligence, error)

GetAlertRuleThreatIntelligence gets an existing AlertRuleThreatIntelligence resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleThreatIntelligence added in v5.37.0 

func NewAlertRuleThreatIntelligence(ctx *pulumi.Context,
	name string, args *AlertRuleThreatIntelligenceArgs, opts ...pulumi.ResourceOption) (*AlertRuleThreatIntelligence, error)

NewAlertRuleThreatIntelligence registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleThreatIntelligence) ElementType added in v5.37.0 

func (*AlertRuleThreatIntelligence) ElementType() reflect.Type

func (*AlertRuleThreatIntelligence) ToAlertRuleThreatIntelligenceOutput added in v5.37.0 

func (i *AlertRuleThreatIntelligence) ToAlertRuleThreatIntelligenceOutput() AlertRuleThreatIntelligenceOutput

func (*AlertRuleThreatIntelligence) ToAlertRuleThreatIntelligenceOutputWithContext added in v5.37.0 

func (i *AlertRuleThreatIntelligence) ToAlertRuleThreatIntelligenceOutputWithContext(ctx context.Context) AlertRuleThreatIntelligenceOutput

type AlertRuleThreatIntelligenceArgs added in v5.37.0 

type AlertRuleThreatIntelligenceArgs struct {
	// The GUID of the alert rule template which is used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringInput
	// Whether the Threat Intelligence Alert rule enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Threat Intelligence Alert Rule belongs to. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a AlertRuleThreatIntelligence resource.

func (AlertRuleThreatIntelligenceArgs) ElementType added in v5.37.0 

func (AlertRuleThreatIntelligenceArgs) ElementType() reflect.Type

type AlertRuleThreatIntelligenceArray added in v5.37.0 

type AlertRuleThreatIntelligenceArray []AlertRuleThreatIntelligenceInput

func (AlertRuleThreatIntelligenceArray) ElementType added in v5.37.0 

func (AlertRuleThreatIntelligenceArray) ElementType() reflect.Type

func (AlertRuleThreatIntelligenceArray) ToAlertRuleThreatIntelligenceArrayOutput added in v5.37.0 

func (i AlertRuleThreatIntelligenceArray) ToAlertRuleThreatIntelligenceArrayOutput() AlertRuleThreatIntelligenceArrayOutput

func (AlertRuleThreatIntelligenceArray) ToAlertRuleThreatIntelligenceArrayOutputWithContext added in v5.37.0 

func (i AlertRuleThreatIntelligenceArray) ToAlertRuleThreatIntelligenceArrayOutputWithContext(ctx context.Context) AlertRuleThreatIntelligenceArrayOutput

type AlertRuleThreatIntelligenceArrayInput added in v5.37.0 

type AlertRuleThreatIntelligenceArrayInput interface {
	pulumi.Input

	ToAlertRuleThreatIntelligenceArrayOutput() AlertRuleThreatIntelligenceArrayOutput
	ToAlertRuleThreatIntelligenceArrayOutputWithContext(context.Context) AlertRuleThreatIntelligenceArrayOutput
}

AlertRuleThreatIntelligenceArrayInput is an input type that accepts AlertRuleThreatIntelligenceArray and AlertRuleThreatIntelligenceArrayOutput values. You can construct a concrete instance of `AlertRuleThreatIntelligenceArrayInput` via: 

AlertRuleThreatIntelligenceArray{ AlertRuleThreatIntelligenceArgs{...} }

type AlertRuleThreatIntelligenceArrayOutput added in v5.37.0 

type AlertRuleThreatIntelligenceArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleThreatIntelligenceArrayOutput) ElementType added in v5.37.0 

func (AlertRuleThreatIntelligenceArrayOutput) ElementType() reflect.Type

func (AlertRuleThreatIntelligenceArrayOutput) Index added in v5.37.0 

func (o AlertRuleThreatIntelligenceArrayOutput) Index(i pulumi.IntInput) AlertRuleThreatIntelligenceOutput

func (AlertRuleThreatIntelligenceArrayOutput) ToAlertRuleThreatIntelligenceArrayOutput added in v5.37.0 

func (o AlertRuleThreatIntelligenceArrayOutput) ToAlertRuleThreatIntelligenceArrayOutput() AlertRuleThreatIntelligenceArrayOutput

func (AlertRuleThreatIntelligenceArrayOutput) ToAlertRuleThreatIntelligenceArrayOutputWithContext added in v5.37.0 

func (o AlertRuleThreatIntelligenceArrayOutput) ToAlertRuleThreatIntelligenceArrayOutputWithContext(ctx context.Context) AlertRuleThreatIntelligenceArrayOutput

type AlertRuleThreatIntelligenceInput added in v5.37.0 

type AlertRuleThreatIntelligenceInput interface {
	pulumi.Input

	ToAlertRuleThreatIntelligenceOutput() AlertRuleThreatIntelligenceOutput
	ToAlertRuleThreatIntelligenceOutputWithContext(ctx context.Context) AlertRuleThreatIntelligenceOutput
}

type AlertRuleThreatIntelligenceMap added in v5.37.0 

type AlertRuleThreatIntelligenceMap map[string]AlertRuleThreatIntelligenceInput

func (AlertRuleThreatIntelligenceMap) ElementType added in v5.37.0 

func (AlertRuleThreatIntelligenceMap) ElementType() reflect.Type

func (AlertRuleThreatIntelligenceMap) ToAlertRuleThreatIntelligenceMapOutput added in v5.37.0 

func (i AlertRuleThreatIntelligenceMap) ToAlertRuleThreatIntelligenceMapOutput() AlertRuleThreatIntelligenceMapOutput

func (AlertRuleThreatIntelligenceMap) ToAlertRuleThreatIntelligenceMapOutputWithContext added in v5.37.0 

func (i AlertRuleThreatIntelligenceMap) ToAlertRuleThreatIntelligenceMapOutputWithContext(ctx context.Context) AlertRuleThreatIntelligenceMapOutput

type AlertRuleThreatIntelligenceMapInput added in v5.37.0 

type AlertRuleThreatIntelligenceMapInput interface {
	pulumi.Input

	ToAlertRuleThreatIntelligenceMapOutput() AlertRuleThreatIntelligenceMapOutput
	ToAlertRuleThreatIntelligenceMapOutputWithContext(context.Context) AlertRuleThreatIntelligenceMapOutput
}

AlertRuleThreatIntelligenceMapInput is an input type that accepts AlertRuleThreatIntelligenceMap and AlertRuleThreatIntelligenceMapOutput values. You can construct a concrete instance of `AlertRuleThreatIntelligenceMapInput` via: 

AlertRuleThreatIntelligenceMap{ "key": AlertRuleThreatIntelligenceArgs{...} }

type AlertRuleThreatIntelligenceMapOutput added in v5.37.0 

type AlertRuleThreatIntelligenceMapOutput struct{ *pulumi.OutputState }

func (AlertRuleThreatIntelligenceMapOutput) ElementType added in v5.37.0 

func (AlertRuleThreatIntelligenceMapOutput) ElementType() reflect.Type

func (AlertRuleThreatIntelligenceMapOutput) MapIndex added in v5.37.0 

func (o AlertRuleThreatIntelligenceMapOutput) MapIndex(k pulumi.StringInput) AlertRuleThreatIntelligenceOutput

func (AlertRuleThreatIntelligenceMapOutput) ToAlertRuleThreatIntelligenceMapOutput added in v5.37.0 

func (o AlertRuleThreatIntelligenceMapOutput) ToAlertRuleThreatIntelligenceMapOutput() AlertRuleThreatIntelligenceMapOutput

func (AlertRuleThreatIntelligenceMapOutput) ToAlertRuleThreatIntelligenceMapOutputWithContext added in v5.37.0 

func (o AlertRuleThreatIntelligenceMapOutput) ToAlertRuleThreatIntelligenceMapOutputWithContext(ctx context.Context) AlertRuleThreatIntelligenceMapOutput

type AlertRuleThreatIntelligenceOutput added in v5.37.0 

type AlertRuleThreatIntelligenceOutput struct{ *pulumi.OutputState }

func (AlertRuleThreatIntelligenceOutput) AlertRuleTemplateGuid added in v5.37.0 

func (o AlertRuleThreatIntelligenceOutput) AlertRuleTemplateGuid() pulumi.StringOutput

The GUID of the alert rule template which is used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.

func (AlertRuleThreatIntelligenceOutput) ElementType added in v5.37.0 

func (AlertRuleThreatIntelligenceOutput) ElementType() reflect.Type

func (AlertRuleThreatIntelligenceOutput) Enabled added in v5.37.0 

func (o AlertRuleThreatIntelligenceOutput) Enabled() pulumi.BoolPtrOutput

Whether the Threat Intelligence Alert rule enabled? Defaults to `true`.

func (AlertRuleThreatIntelligenceOutput) LogAnalyticsWorkspaceId added in v5.37.0 

func (o AlertRuleThreatIntelligenceOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace this Sentinel Threat Intelligence Alert Rule belongs to. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.

func (AlertRuleThreatIntelligenceOutput) Name added in v5.37.0 

func (o AlertRuleThreatIntelligenceOutput) Name() pulumi.StringOutput

The name which should be used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.

func (AlertRuleThreatIntelligenceOutput) ToAlertRuleThreatIntelligenceOutput added in v5.37.0 

func (o AlertRuleThreatIntelligenceOutput) ToAlertRuleThreatIntelligenceOutput() AlertRuleThreatIntelligenceOutput

func (AlertRuleThreatIntelligenceOutput) ToAlertRuleThreatIntelligenceOutputWithContext added in v5.37.0 

func (o AlertRuleThreatIntelligenceOutput) ToAlertRuleThreatIntelligenceOutputWithContext(ctx context.Context) AlertRuleThreatIntelligenceOutput

type AlertRuleThreatIntelligenceState added in v5.37.0 

type AlertRuleThreatIntelligenceState struct {
	// The GUID of the alert rule template which is used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// Whether the Threat Intelligence Alert rule enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Threat Intelligence Alert Rule belongs to. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.
	Name pulumi.StringPtrInput
}

func (AlertRuleThreatIntelligenceState) ElementType added in v5.37.0 

func (AlertRuleThreatIntelligenceState) ElementType() reflect.Type

type AuthomationRule deprecated 

type AuthomationRule struct {
	pulumi.CustomResourceState

	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AuthomationRuleActionIncidentArrayOutput `pulumi:"actionIncidents"`
	// One or more `actionPlaybook` blocks as defined below.
	//
	// > **Note:** Either one `actionIncident` block or `actionPlaybook` block has to be specified.
	ActionPlaybooks AuthomationRuleActionPlaybookArrayOutput `pulumi:"actionPlaybooks"`
	// A JSON array of one or more condition JSON objects as is defined [here](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#automationruletriggeringlogic).
	ConditionJson pulumi.StringOutput `pulumi:"conditionJson"`
	// One or more `condition` blocks as defined below.
	//
	// > **Note:** `condition` only supports the [`Property` condition type](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#propertyconditionproperties). Please use `conditionJson` if you want other condition types.
	//
	// Deprecated: This is deprecated in favor of `conditionJson`
	Conditions AuthomationRuleConditionArrayOutput `pulumi:"conditions"`
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrOutput `pulumi:"expiration"`
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntOutput `pulumi:"order"`
	// Specifies what triggers this automation rule. Possible values are `Alerts` and `Incidents`. Defaults to `Incidents`.
	TriggersOn pulumi.StringPtrOutput `pulumi:"triggersOn"`
	// Specifies when will this automation rule be triggered. Possible values are `Created` and `Updated`. Defaults to `Created`.
	TriggersWhen pulumi.StringPtrOutput `pulumi:"triggersWhen"`
}

Manages a Sentinel Automation Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAutomationRule(ctx, "example", &sentinel.AutomationRuleArgs{
			Name:                    pulumi.String("56094f72-ac3f-40e7-a0c0-47bd95f70336"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("automation_rule1"),
			Order:                   pulumi.Int(1),
			ActionIncidents: sentinel.AutomationRuleActionIncidentArray{
				&sentinel.AutomationRuleActionIncidentArgs{
					Order:  pulumi.Int(1),
					Status: pulumi.String("Active"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Automation Rules can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/authomationRule:AuthomationRule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/automationRules/rule1 ```

Deprecated: azure.sentinel.AuthomationRule has been deprecated in favor of azure.sentinel.AutomationRule

func GetAuthomationRule 

func GetAuthomationRule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthomationRuleState, opts ...pulumi.ResourceOption) (*AuthomationRule, error)

GetAuthomationRule gets an existing AuthomationRule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthomationRule 

func NewAuthomationRule(ctx *pulumi.Context,
	name string, args *AuthomationRuleArgs, opts ...pulumi.ResourceOption) (*AuthomationRule, error)

NewAuthomationRule registers a new resource with the given unique name, arguments, and options.

func (*AuthomationRule) ElementType 

func (*AuthomationRule) ElementType() reflect.Type

func (*AuthomationRule) ToAuthomationRuleOutput 

func (i *AuthomationRule) ToAuthomationRuleOutput() AuthomationRuleOutput

func (*AuthomationRule) ToAuthomationRuleOutputWithContext 

func (i *AuthomationRule) ToAuthomationRuleOutputWithContext(ctx context.Context) AuthomationRuleOutput

type AuthomationRuleActionIncident 

type AuthomationRuleActionIncident struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	//
	// > **Note:** The `classification` is required when `status` is `Closed`.
	Classification *string `pulumi:"classification"`
	// The comment why the incident is to be closed.
	//
	// > **Note:** The `classificationComment` is allowed to set only when `status` is `Closed`.
	ClassificationComment *string `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels []string `pulumi:"labels"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId *string `pulumi:"ownerId"`
	// The severity to add to the incident. Possible values are `High`, `Informational`, `Low` and `Medium`.
	//
	// > **Note:**: At least one of `status`, `labels`, `ownerId` and `severity` has to be set.
	Severity *string `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status *string `pulumi:"status"`
}

type AuthomationRuleActionIncidentArgs 

type AuthomationRuleActionIncidentArgs struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	//
	// > **Note:** The `classification` is required when `status` is `Closed`.
	Classification pulumi.StringPtrInput `pulumi:"classification"`
	// The comment why the incident is to be closed.
	//
	// > **Note:** The `classificationComment` is allowed to set only when `status` is `Closed`.
	ClassificationComment pulumi.StringPtrInput `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels pulumi.StringArrayInput `pulumi:"labels"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId pulumi.StringPtrInput `pulumi:"ownerId"`
	// The severity to add to the incident. Possible values are `High`, `Informational`, `Low` and `Medium`.
	//
	// > **Note:**: At least one of `status`, `labels`, `ownerId` and `severity` has to be set.
	Severity pulumi.StringPtrInput `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status pulumi.StringPtrInput `pulumi:"status"`
}

func (AuthomationRuleActionIncidentArgs) ElementType 

func (AuthomationRuleActionIncidentArgs) ElementType() reflect.Type

func (AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutput 

func (i AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutput() AuthomationRuleActionIncidentOutput

func (AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutputWithContext 

func (i AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentOutput

type AuthomationRuleActionIncidentArray 

type AuthomationRuleActionIncidentArray []AuthomationRuleActionIncidentInput

func (AuthomationRuleActionIncidentArray) ElementType 

func (AuthomationRuleActionIncidentArray) ElementType() reflect.Type

func (AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutput 

func (i AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutput() AuthomationRuleActionIncidentArrayOutput

func (AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutputWithContext 

func (i AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentArrayOutput

type AuthomationRuleActionIncidentArrayInput 

type AuthomationRuleActionIncidentArrayInput interface {
	pulumi.Input

	ToAuthomationRuleActionIncidentArrayOutput() AuthomationRuleActionIncidentArrayOutput
	ToAuthomationRuleActionIncidentArrayOutputWithContext(context.Context) AuthomationRuleActionIncidentArrayOutput
}

AuthomationRuleActionIncidentArrayInput is an input type that accepts AuthomationRuleActionIncidentArray and AuthomationRuleActionIncidentArrayOutput values. You can construct a concrete instance of `AuthomationRuleActionIncidentArrayInput` via: 

AuthomationRuleActionIncidentArray{ AuthomationRuleActionIncidentArgs{...} }

type AuthomationRuleActionIncidentArrayOutput 

type AuthomationRuleActionIncidentArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionIncidentArrayOutput) ElementType 

func (AuthomationRuleActionIncidentArrayOutput) ElementType() reflect.Type

func (AuthomationRuleActionIncidentArrayOutput) Index 

func (o AuthomationRuleActionIncidentArrayOutput) Index(i pulumi.IntInput) AuthomationRuleActionIncidentOutput

func (AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutput 

func (o AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutput() AuthomationRuleActionIncidentArrayOutput

func (AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutputWithContext 

func (o AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentArrayOutput

type AuthomationRuleActionIncidentInput 

type AuthomationRuleActionIncidentInput interface {
	pulumi.Input

	ToAuthomationRuleActionIncidentOutput() AuthomationRuleActionIncidentOutput
	ToAuthomationRuleActionIncidentOutputWithContext(context.Context) AuthomationRuleActionIncidentOutput
}

AuthomationRuleActionIncidentInput is an input type that accepts AuthomationRuleActionIncidentArgs and AuthomationRuleActionIncidentOutput values. You can construct a concrete instance of `AuthomationRuleActionIncidentInput` via: 

AuthomationRuleActionIncidentArgs{...}

type AuthomationRuleActionIncidentOutput 

type AuthomationRuleActionIncidentOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionIncidentOutput) Classification 

func (o AuthomationRuleActionIncidentOutput) Classification() pulumi.StringPtrOutput

The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.

> **Note:** The `classification` is required when `status` is `Closed`.

func (AuthomationRuleActionIncidentOutput) ClassificationComment 

func (o AuthomationRuleActionIncidentOutput) ClassificationComment() pulumi.StringPtrOutput

The comment why the incident is to be closed.

> **Note:** The `classificationComment` is allowed to set only when `status` is `Closed`.

func (AuthomationRuleActionIncidentOutput) ElementType 

func (AuthomationRuleActionIncidentOutput) ElementType() reflect.Type

func (AuthomationRuleActionIncidentOutput) Labels 

func (o AuthomationRuleActionIncidentOutput) Labels() pulumi.StringArrayOutput

Specifies a list of labels to add to the incident.

func (AuthomationRuleActionIncidentOutput) Order 

func (o AuthomationRuleActionIncidentOutput) Order() pulumi.IntOutput

The execution order of this action.

func (AuthomationRuleActionIncidentOutput) OwnerId 

func (o AuthomationRuleActionIncidentOutput) OwnerId() pulumi.StringPtrOutput

The object ID of the entity this incident is assigned to.

func (AuthomationRuleActionIncidentOutput) Severity 

func (o AuthomationRuleActionIncidentOutput) Severity() pulumi.StringPtrOutput

The severity to add to the incident. Possible values are `High`, `Informational`, `Low` and `Medium`.

> **Note:**: At least one of `status`, `labels`, `ownerId` and `severity` has to be set.

func (AuthomationRuleActionIncidentOutput) Status 

func (o AuthomationRuleActionIncidentOutput) Status() pulumi.StringPtrOutput

The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.

func (AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutput 

func (o AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutput() AuthomationRuleActionIncidentOutput

func (AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutputWithContext 

func (o AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentOutput

type AuthomationRuleActionPlaybook 

type AuthomationRuleActionPlaybook struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId string `pulumi:"logicAppId"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId *string `pulumi:"tenantId"`
}

type AuthomationRuleActionPlaybookArgs 

type AuthomationRuleActionPlaybookArgs struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId pulumi.StringInput `pulumi:"logicAppId"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId pulumi.StringPtrInput `pulumi:"tenantId"`
}

func (AuthomationRuleActionPlaybookArgs) ElementType 

func (AuthomationRuleActionPlaybookArgs) ElementType() reflect.Type

func (AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutput 

func (i AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutput() AuthomationRuleActionPlaybookOutput

func (AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutputWithContext 

func (i AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookOutput

type AuthomationRuleActionPlaybookArray 

type AuthomationRuleActionPlaybookArray []AuthomationRuleActionPlaybookInput

func (AuthomationRuleActionPlaybookArray) ElementType 

func (AuthomationRuleActionPlaybookArray) ElementType() reflect.Type

func (AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutput 

func (i AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutput() AuthomationRuleActionPlaybookArrayOutput

func (AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutputWithContext 

func (i AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookArrayOutput

type AuthomationRuleActionPlaybookArrayInput 

type AuthomationRuleActionPlaybookArrayInput interface {
	pulumi.Input

	ToAuthomationRuleActionPlaybookArrayOutput() AuthomationRuleActionPlaybookArrayOutput
	ToAuthomationRuleActionPlaybookArrayOutputWithContext(context.Context) AuthomationRuleActionPlaybookArrayOutput
}

AuthomationRuleActionPlaybookArrayInput is an input type that accepts AuthomationRuleActionPlaybookArray and AuthomationRuleActionPlaybookArrayOutput values. You can construct a concrete instance of `AuthomationRuleActionPlaybookArrayInput` via: 

AuthomationRuleActionPlaybookArray{ AuthomationRuleActionPlaybookArgs{...} }

type AuthomationRuleActionPlaybookArrayOutput 

type AuthomationRuleActionPlaybookArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionPlaybookArrayOutput) ElementType 

func (AuthomationRuleActionPlaybookArrayOutput) ElementType() reflect.Type

func (AuthomationRuleActionPlaybookArrayOutput) Index 

func (o AuthomationRuleActionPlaybookArrayOutput) Index(i pulumi.IntInput) AuthomationRuleActionPlaybookOutput

func (AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutput 

func (o AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutput() AuthomationRuleActionPlaybookArrayOutput

func (AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutputWithContext 

func (o AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookArrayOutput

type AuthomationRuleActionPlaybookInput 

type AuthomationRuleActionPlaybookInput interface {
	pulumi.Input

	ToAuthomationRuleActionPlaybookOutput() AuthomationRuleActionPlaybookOutput
	ToAuthomationRuleActionPlaybookOutputWithContext(context.Context) AuthomationRuleActionPlaybookOutput
}

AuthomationRuleActionPlaybookInput is an input type that accepts AuthomationRuleActionPlaybookArgs and AuthomationRuleActionPlaybookOutput values. You can construct a concrete instance of `AuthomationRuleActionPlaybookInput` via: 

AuthomationRuleActionPlaybookArgs{...}

type AuthomationRuleActionPlaybookOutput 

type AuthomationRuleActionPlaybookOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionPlaybookOutput) ElementType 

func (AuthomationRuleActionPlaybookOutput) ElementType() reflect.Type

func (AuthomationRuleActionPlaybookOutput) LogicAppId 

func (o AuthomationRuleActionPlaybookOutput) LogicAppId() pulumi.StringOutput

The ID of the Logic App that defines the playbook's logic.

func (AuthomationRuleActionPlaybookOutput) Order 

func (o AuthomationRuleActionPlaybookOutput) Order() pulumi.IntOutput

The execution order of this action.

func (AuthomationRuleActionPlaybookOutput) TenantId 

func (o AuthomationRuleActionPlaybookOutput) TenantId() pulumi.StringPtrOutput

The ID of the Tenant that owns the playbook.

func (AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutput 

func (o AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutput() AuthomationRuleActionPlaybookOutput

func (AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutputWithContext 

func (o AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookOutput

type AuthomationRuleArgs 

type AuthomationRuleArgs struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AuthomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	//
	// > **Note:** Either one `actionIncident` block or `actionPlaybook` block has to be specified.
	ActionPlaybooks AuthomationRuleActionPlaybookArrayInput
	// A JSON array of one or more condition JSON objects as is defined [here](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#automationruletriggeringlogic).
	ConditionJson pulumi.StringPtrInput
	// One or more `condition` blocks as defined below.
	//
	// > **Note:** `condition` only supports the [`Property` condition type](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#propertyconditionproperties). Please use `conditionJson` if you want other condition types.
	//
	// Deprecated: This is deprecated in favor of `conditionJson`
	Conditions AuthomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntInput
	// Specifies what triggers this automation rule. Possible values are `Alerts` and `Incidents`. Defaults to `Incidents`.
	TriggersOn pulumi.StringPtrInput
	// Specifies when will this automation rule be triggered. Possible values are `Created` and `Updated`. Defaults to `Created`.
	TriggersWhen pulumi.StringPtrInput
}

The set of arguments for constructing a AuthomationRule resource.

func (AuthomationRuleArgs) ElementType 

func (AuthomationRuleArgs) ElementType() reflect.Type

type AuthomationRuleArray 

type AuthomationRuleArray []AuthomationRuleInput

func (AuthomationRuleArray) ElementType 

func (AuthomationRuleArray) ElementType() reflect.Type

func (AuthomationRuleArray) ToAuthomationRuleArrayOutput 

func (i AuthomationRuleArray) ToAuthomationRuleArrayOutput() AuthomationRuleArrayOutput

func (AuthomationRuleArray) ToAuthomationRuleArrayOutputWithContext 

func (i AuthomationRuleArray) ToAuthomationRuleArrayOutputWithContext(ctx context.Context) AuthomationRuleArrayOutput

type AuthomationRuleArrayInput 

type AuthomationRuleArrayInput interface {
	pulumi.Input

	ToAuthomationRuleArrayOutput() AuthomationRuleArrayOutput
	ToAuthomationRuleArrayOutputWithContext(context.Context) AuthomationRuleArrayOutput
}

AuthomationRuleArrayInput is an input type that accepts AuthomationRuleArray and AuthomationRuleArrayOutput values. You can construct a concrete instance of `AuthomationRuleArrayInput` via: 

AuthomationRuleArray{ AuthomationRuleArgs{...} }

type AuthomationRuleArrayOutput 

type AuthomationRuleArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleArrayOutput) ElementType 

func (AuthomationRuleArrayOutput) ElementType() reflect.Type

func (AuthomationRuleArrayOutput) Index 

func (o AuthomationRuleArrayOutput) Index(i pulumi.IntInput) AuthomationRuleOutput

func (AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutput 

func (o AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutput() AuthomationRuleArrayOutput

func (AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutputWithContext 

func (o AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutputWithContext(ctx context.Context) AuthomationRuleArrayOutput

type AuthomationRuleCondition 

type AuthomationRuleCondition struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator string `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values are `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AlertAnalyticRuleIds`, `AlertProductNames`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentCustomDetailsKey`, `IncidentCustomDetailsValue`, `IncidentDescription`, `IncidentLabel`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IncidentUpdatedBySource`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData` and `Url`.
	Property string `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values []string `pulumi:"values"`
}

type AuthomationRuleConditionArgs 

type AuthomationRuleConditionArgs struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator pulumi.StringInput `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values are `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AlertAnalyticRuleIds`, `AlertProductNames`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentCustomDetailsKey`, `IncidentCustomDetailsValue`, `IncidentDescription`, `IncidentLabel`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IncidentUpdatedBySource`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData` and `Url`.
	Property pulumi.StringInput `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (AuthomationRuleConditionArgs) ElementType 

func (AuthomationRuleConditionArgs) ElementType() reflect.Type

func (AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutput 

func (i AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutput() AuthomationRuleConditionOutput

func (AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutputWithContext 

func (i AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutputWithContext(ctx context.Context) AuthomationRuleConditionOutput

type AuthomationRuleConditionArray 

type AuthomationRuleConditionArray []AuthomationRuleConditionInput

func (AuthomationRuleConditionArray) ElementType 

func (AuthomationRuleConditionArray) ElementType() reflect.Type

func (AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutput 

func (i AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutput() AuthomationRuleConditionArrayOutput

func (AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutputWithContext 

func (i AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutputWithContext(ctx context.Context) AuthomationRuleConditionArrayOutput

type AuthomationRuleConditionArrayInput 

type AuthomationRuleConditionArrayInput interface {
	pulumi.Input

	ToAuthomationRuleConditionArrayOutput() AuthomationRuleConditionArrayOutput
	ToAuthomationRuleConditionArrayOutputWithContext(context.Context) AuthomationRuleConditionArrayOutput
}

AuthomationRuleConditionArrayInput is an input type that accepts AuthomationRuleConditionArray and AuthomationRuleConditionArrayOutput values. You can construct a concrete instance of `AuthomationRuleConditionArrayInput` via: 

AuthomationRuleConditionArray{ AuthomationRuleConditionArgs{...} }

type AuthomationRuleConditionArrayOutput 

type AuthomationRuleConditionArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleConditionArrayOutput) ElementType 

func (AuthomationRuleConditionArrayOutput) ElementType() reflect.Type

func (AuthomationRuleConditionArrayOutput) Index 

func (o AuthomationRuleConditionArrayOutput) Index(i pulumi.IntInput) AuthomationRuleConditionOutput

func (AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutput 

func (o AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutput() AuthomationRuleConditionArrayOutput

func (AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutputWithContext 

func (o AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutputWithContext(ctx context.Context) AuthomationRuleConditionArrayOutput

type AuthomationRuleConditionInput 

type AuthomationRuleConditionInput interface {
	pulumi.Input

	ToAuthomationRuleConditionOutput() AuthomationRuleConditionOutput
	ToAuthomationRuleConditionOutputWithContext(context.Context) AuthomationRuleConditionOutput
}

AuthomationRuleConditionInput is an input type that accepts AuthomationRuleConditionArgs and AuthomationRuleConditionOutput values. You can construct a concrete instance of `AuthomationRuleConditionInput` via: 

AuthomationRuleConditionArgs{...}

type AuthomationRuleConditionOutput 

type AuthomationRuleConditionOutput struct{ *pulumi.OutputState }

func (AuthomationRuleConditionOutput) ElementType 

func (AuthomationRuleConditionOutput) ElementType() reflect.Type

func (AuthomationRuleConditionOutput) Operator 

func (o AuthomationRuleConditionOutput) Operator() pulumi.StringOutput

The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.

func (AuthomationRuleConditionOutput) Property 

func (o AuthomationRuleConditionOutput) Property() pulumi.StringOutput

The property to use for evaluate the condition. Possible values are `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AlertAnalyticRuleIds`, `AlertProductNames`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentCustomDetailsKey`, `IncidentCustomDetailsValue`, `IncidentDescription`, `IncidentLabel`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IncidentUpdatedBySource`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData` and `Url`.

func (AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutput 

func (o AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutput() AuthomationRuleConditionOutput

func (AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutputWithContext 

func (o AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutputWithContext(ctx context.Context) AuthomationRuleConditionOutput

func (AuthomationRuleConditionOutput) Values 

func (o AuthomationRuleConditionOutput) Values() pulumi.StringArrayOutput

Specifies a list of values to use for evaluate the condition.

type AuthomationRuleInput 

type AuthomationRuleInput interface {
	pulumi.Input

	ToAuthomationRuleOutput() AuthomationRuleOutput
	ToAuthomationRuleOutputWithContext(ctx context.Context) AuthomationRuleOutput
}

type AuthomationRuleMap 

type AuthomationRuleMap map[string]AuthomationRuleInput

func (AuthomationRuleMap) ElementType 

func (AuthomationRuleMap) ElementType() reflect.Type

func (AuthomationRuleMap) ToAuthomationRuleMapOutput 

func (i AuthomationRuleMap) ToAuthomationRuleMapOutput() AuthomationRuleMapOutput

func (AuthomationRuleMap) ToAuthomationRuleMapOutputWithContext 

func (i AuthomationRuleMap) ToAuthomationRuleMapOutputWithContext(ctx context.Context) AuthomationRuleMapOutput

type AuthomationRuleMapInput 

type AuthomationRuleMapInput interface {
	pulumi.Input

	ToAuthomationRuleMapOutput() AuthomationRuleMapOutput
	ToAuthomationRuleMapOutputWithContext(context.Context) AuthomationRuleMapOutput
}

AuthomationRuleMapInput is an input type that accepts AuthomationRuleMap and AuthomationRuleMapOutput values. You can construct a concrete instance of `AuthomationRuleMapInput` via: 

AuthomationRuleMap{ "key": AuthomationRuleArgs{...} }

type AuthomationRuleMapOutput 

type AuthomationRuleMapOutput struct{ *pulumi.OutputState }

func (AuthomationRuleMapOutput) ElementType 

func (AuthomationRuleMapOutput) ElementType() reflect.Type

func (AuthomationRuleMapOutput) MapIndex 

func (o AuthomationRuleMapOutput) MapIndex(k pulumi.StringInput) AuthomationRuleOutput

func (AuthomationRuleMapOutput) ToAuthomationRuleMapOutput 

func (o AuthomationRuleMapOutput) ToAuthomationRuleMapOutput() AuthomationRuleMapOutput

func (AuthomationRuleMapOutput) ToAuthomationRuleMapOutputWithContext 

func (o AuthomationRuleMapOutput) ToAuthomationRuleMapOutputWithContext(ctx context.Context) AuthomationRuleMapOutput

type AuthomationRuleOutput 

type AuthomationRuleOutput struct{ *pulumi.OutputState }

func (AuthomationRuleOutput) ActionIncidents added in v5.5.0 

func (o AuthomationRuleOutput) ActionIncidents() AuthomationRuleActionIncidentArrayOutput

One or more `actionIncident` blocks as defined below.

func (AuthomationRuleOutput) ActionPlaybooks added in v5.5.0 

func (o AuthomationRuleOutput) ActionPlaybooks() AuthomationRuleActionPlaybookArrayOutput

One or more `actionPlaybook` blocks as defined below.

> **Note:** Either one `actionIncident` block or `actionPlaybook` block has to be specified.

func (AuthomationRuleOutput) ConditionJson added in v5.31.0 

func (o AuthomationRuleOutput) ConditionJson() pulumi.StringOutput

A JSON array of one or more condition JSON objects as is defined [here](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#automationruletriggeringlogic).

func (AuthomationRuleOutput) Conditions deprecated added in v5.5.0 

func (o AuthomationRuleOutput) Conditions() AuthomationRuleConditionArrayOutput

One or more `condition` blocks as defined below.

> **Note:** `condition` only supports the [`Property` condition type](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#propertyconditionproperties). Please use `conditionJson` if you want other condition types.

Deprecated: This is deprecated in favor of `conditionJson`

func (AuthomationRuleOutput) DisplayName added in v5.5.0 

func (o AuthomationRuleOutput) DisplayName() pulumi.StringOutput

The display name which should be used for this Sentinel Automation Rule.

func (AuthomationRuleOutput) ElementType 

func (AuthomationRuleOutput) ElementType() reflect.Type

func (AuthomationRuleOutput) Enabled added in v5.5.0 

func (o AuthomationRuleOutput) Enabled() pulumi.BoolPtrOutput

Whether this Sentinel Automation Rule is enabled? Defaults to `true`.

func (AuthomationRuleOutput) Expiration added in v5.5.0 

func (o AuthomationRuleOutput) Expiration() pulumi.StringPtrOutput

The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.

func (AuthomationRuleOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o AuthomationRuleOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.

func (AuthomationRuleOutput) Name added in v5.5.0 

func (o AuthomationRuleOutput) Name() pulumi.StringOutput

The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.

func (AuthomationRuleOutput) Order added in v5.5.0 

func (o AuthomationRuleOutput) Order() pulumi.IntOutput

The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.

func (AuthomationRuleOutput) ToAuthomationRuleOutput 

func (o AuthomationRuleOutput) ToAuthomationRuleOutput() AuthomationRuleOutput

func (AuthomationRuleOutput) ToAuthomationRuleOutputWithContext 

func (o AuthomationRuleOutput) ToAuthomationRuleOutputWithContext(ctx context.Context) AuthomationRuleOutput

func (AuthomationRuleOutput) TriggersOn added in v5.31.0 

func (o AuthomationRuleOutput) TriggersOn() pulumi.StringPtrOutput

Specifies what triggers this automation rule. Possible values are `Alerts` and `Incidents`. Defaults to `Incidents`.

func (AuthomationRuleOutput) TriggersWhen added in v5.31.0 

func (o AuthomationRuleOutput) TriggersWhen() pulumi.StringPtrOutput

Specifies when will this automation rule be triggered. Possible values are `Created` and `Updated`. Defaults to `Created`.

type AuthomationRuleState 

type AuthomationRuleState struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AuthomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	//
	// > **Note:** Either one `actionIncident` block or `actionPlaybook` block has to be specified.
	ActionPlaybooks AuthomationRuleActionPlaybookArrayInput
	// A JSON array of one or more condition JSON objects as is defined [here](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#automationruletriggeringlogic).
	ConditionJson pulumi.StringPtrInput
	// One or more `condition` blocks as defined below.
	//
	// > **Note:** `condition` only supports the [`Property` condition type](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#propertyconditionproperties). Please use `conditionJson` if you want other condition types.
	//
	// Deprecated: This is deprecated in favor of `conditionJson`
	Conditions AuthomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringPtrInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntPtrInput
	// Specifies what triggers this automation rule. Possible values are `Alerts` and `Incidents`. Defaults to `Incidents`.
	TriggersOn pulumi.StringPtrInput
	// Specifies when will this automation rule be triggered. Possible values are `Created` and `Updated`. Defaults to `Created`.
	TriggersWhen pulumi.StringPtrInput
}

func (AuthomationRuleState) ElementType 

func (AuthomationRuleState) ElementType() reflect.Type

type AutomationRule 

type AutomationRule struct {
	pulumi.CustomResourceState

	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AutomationRuleActionIncidentArrayOutput `pulumi:"actionIncidents"`
	// One or more `actionPlaybook` blocks as defined below.
	//
	// > **Note:** Either one `actionIncident` block or `actionPlaybook` block has to be specified.
	ActionPlaybooks AutomationRuleActionPlaybookArrayOutput `pulumi:"actionPlaybooks"`
	// A JSON array of one or more condition JSON objects as is defined [here](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#automationruletriggeringlogic).
	ConditionJson pulumi.StringOutput `pulumi:"conditionJson"`
	// One or more `condition` blocks as defined below.
	//
	// > **Note:** `condition` only supports the [`Property` condition type](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#propertyconditionproperties). Please use `conditionJson` if you want other condition types.
	//
	// Deprecated: This is deprecated in favor of `conditionJson`
	Conditions AutomationRuleConditionArrayOutput `pulumi:"conditions"`
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrOutput `pulumi:"expiration"`
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntOutput `pulumi:"order"`
	// Specifies what triggers this automation rule. Possible values are `Alerts` and `Incidents`. Defaults to `Incidents`.
	TriggersOn pulumi.StringPtrOutput `pulumi:"triggersOn"`
	// Specifies when will this automation rule be triggered. Possible values are `Created` and `Updated`. Defaults to `Created`.
	TriggersWhen pulumi.StringPtrOutput `pulumi:"triggersWhen"`
}

Manages a Sentinel Automation Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAutomationRule(ctx, "example", &sentinel.AutomationRuleArgs{
			Name:                    pulumi.String("56094f72-ac3f-40e7-a0c0-47bd95f70336"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("automation_rule1"),
			Order:                   pulumi.Int(1),
			ActionIncidents: sentinel.AutomationRuleActionIncidentArray{
				&sentinel.AutomationRuleActionIncidentArgs{
					Order:  pulumi.Int(1),
					Status: pulumi.String("Active"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Automation Rules can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/automationRule:AutomationRule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/automationRules/rule1 ```

func GetAutomationRule 

func GetAutomationRule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AutomationRuleState, opts ...pulumi.ResourceOption) (*AutomationRule, error)

GetAutomationRule gets an existing AutomationRule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAutomationRule 

func NewAutomationRule(ctx *pulumi.Context,
	name string, args *AutomationRuleArgs, opts ...pulumi.ResourceOption) (*AutomationRule, error)

NewAutomationRule registers a new resource with the given unique name, arguments, and options.

func (*AutomationRule) ElementType 

func (*AutomationRule) ElementType() reflect.Type

func (*AutomationRule) ToAutomationRuleOutput 

func (i *AutomationRule) ToAutomationRuleOutput() AutomationRuleOutput

func (*AutomationRule) ToAutomationRuleOutputWithContext 

func (i *AutomationRule) ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput

type AutomationRuleActionIncident 

type AutomationRuleActionIncident struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	//
	// > **Note:** The `classification` is required when `status` is `Closed`.
	Classification *string `pulumi:"classification"`
	// The comment why the incident is to be closed.
	//
	// > **Note:** The `classificationComment` is allowed to set only when `status` is `Closed`.
	ClassificationComment *string `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels []string `pulumi:"labels"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId *string `pulumi:"ownerId"`
	// The severity to add to the incident. Possible values are `High`, `Informational`, `Low` and `Medium`.
	//
	// > **Note:**: At least one of `status`, `labels`, `ownerId` and `severity` has to be set.
	Severity *string `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status *string `pulumi:"status"`
}

type AutomationRuleActionIncidentArgs 

type AutomationRuleActionIncidentArgs struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	//
	// > **Note:** The `classification` is required when `status` is `Closed`.
	Classification pulumi.StringPtrInput `pulumi:"classification"`
	// The comment why the incident is to be closed.
	//
	// > **Note:** The `classificationComment` is allowed to set only when `status` is `Closed`.
	ClassificationComment pulumi.StringPtrInput `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels pulumi.StringArrayInput `pulumi:"labels"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId pulumi.StringPtrInput `pulumi:"ownerId"`
	// The severity to add to the incident. Possible values are `High`, `Informational`, `Low` and `Medium`.
	//
	// > **Note:**: At least one of `status`, `labels`, `ownerId` and `severity` has to be set.
	Severity pulumi.StringPtrInput `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status pulumi.StringPtrInput `pulumi:"status"`
}

func (AutomationRuleActionIncidentArgs) ElementType 

func (AutomationRuleActionIncidentArgs) ElementType() reflect.Type

func (AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutput 

func (i AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutput() AutomationRuleActionIncidentOutput

func (AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutputWithContext 

func (i AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutputWithContext(ctx context.Context) AutomationRuleActionIncidentOutput

type AutomationRuleActionIncidentArray 

type AutomationRuleActionIncidentArray []AutomationRuleActionIncidentInput

func (AutomationRuleActionIncidentArray) ElementType 

func (AutomationRuleActionIncidentArray) ElementType() reflect.Type

func (AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutput 

func (i AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutput() AutomationRuleActionIncidentArrayOutput

func (AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutputWithContext 

func (i AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AutomationRuleActionIncidentArrayOutput

type AutomationRuleActionIncidentArrayInput 

type AutomationRuleActionIncidentArrayInput interface {
	pulumi.Input

	ToAutomationRuleActionIncidentArrayOutput() AutomationRuleActionIncidentArrayOutput
	ToAutomationRuleActionIncidentArrayOutputWithContext(context.Context) AutomationRuleActionIncidentArrayOutput
}

AutomationRuleActionIncidentArrayInput is an input type that accepts AutomationRuleActionIncidentArray and AutomationRuleActionIncidentArrayOutput values. You can construct a concrete instance of `AutomationRuleActionIncidentArrayInput` via: 

AutomationRuleActionIncidentArray{ AutomationRuleActionIncidentArgs{...} }

type AutomationRuleActionIncidentArrayOutput 

type AutomationRuleActionIncidentArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionIncidentArrayOutput) ElementType 

func (AutomationRuleActionIncidentArrayOutput) ElementType() reflect.Type

func (AutomationRuleActionIncidentArrayOutput) Index 

func (o AutomationRuleActionIncidentArrayOutput) Index(i pulumi.IntInput) AutomationRuleActionIncidentOutput

func (AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutput 

func (o AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutput() AutomationRuleActionIncidentArrayOutput

func (AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutputWithContext 

func (o AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AutomationRuleActionIncidentArrayOutput

type AutomationRuleActionIncidentInput 

type AutomationRuleActionIncidentInput interface {
	pulumi.Input

	ToAutomationRuleActionIncidentOutput() AutomationRuleActionIncidentOutput
	ToAutomationRuleActionIncidentOutputWithContext(context.Context) AutomationRuleActionIncidentOutput
}

AutomationRuleActionIncidentInput is an input type that accepts AutomationRuleActionIncidentArgs and AutomationRuleActionIncidentOutput values. You can construct a concrete instance of `AutomationRuleActionIncidentInput` via: 

AutomationRuleActionIncidentArgs{...}

type AutomationRuleActionIncidentOutput 

type AutomationRuleActionIncidentOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionIncidentOutput) Classification 

func (o AutomationRuleActionIncidentOutput) Classification() pulumi.StringPtrOutput

The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.

> **Note:** The `classification` is required when `status` is `Closed`.

func (AutomationRuleActionIncidentOutput) ClassificationComment 

func (o AutomationRuleActionIncidentOutput) ClassificationComment() pulumi.StringPtrOutput

The comment why the incident is to be closed.

> **Note:** The `classificationComment` is allowed to set only when `status` is `Closed`.

func (AutomationRuleActionIncidentOutput) ElementType 

func (AutomationRuleActionIncidentOutput) ElementType() reflect.Type

func (AutomationRuleActionIncidentOutput) Labels 

func (o AutomationRuleActionIncidentOutput) Labels() pulumi.StringArrayOutput

Specifies a list of labels to add to the incident.

func (AutomationRuleActionIncidentOutput) Order 

func (o AutomationRuleActionIncidentOutput) Order() pulumi.IntOutput

The execution order of this action.

func (AutomationRuleActionIncidentOutput) OwnerId 

func (o AutomationRuleActionIncidentOutput) OwnerId() pulumi.StringPtrOutput

The object ID of the entity this incident is assigned to.

func (AutomationRuleActionIncidentOutput) Severity 

func (o AutomationRuleActionIncidentOutput) Severity() pulumi.StringPtrOutput

The severity to add to the incident. Possible values are `High`, `Informational`, `Low` and `Medium`.

> **Note:**: At least one of `status`, `labels`, `ownerId` and `severity` has to be set.

func (AutomationRuleActionIncidentOutput) Status 

func (o AutomationRuleActionIncidentOutput) Status() pulumi.StringPtrOutput

The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.

func (AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutput 

func (o AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutput() AutomationRuleActionIncidentOutput

func (AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutputWithContext 

func (o AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutputWithContext(ctx context.Context) AutomationRuleActionIncidentOutput

type AutomationRuleActionPlaybook 

type AutomationRuleActionPlaybook struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId string `pulumi:"logicAppId"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId *string `pulumi:"tenantId"`
}

type AutomationRuleActionPlaybookArgs 

type AutomationRuleActionPlaybookArgs struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId pulumi.StringInput `pulumi:"logicAppId"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId pulumi.StringPtrInput `pulumi:"tenantId"`
}

func (AutomationRuleActionPlaybookArgs) ElementType 

func (AutomationRuleActionPlaybookArgs) ElementType() reflect.Type

func (AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutput 

func (i AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutput() AutomationRuleActionPlaybookOutput

func (AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutputWithContext 

func (i AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookOutput

type AutomationRuleActionPlaybookArray 

type AutomationRuleActionPlaybookArray []AutomationRuleActionPlaybookInput

func (AutomationRuleActionPlaybookArray) ElementType 

func (AutomationRuleActionPlaybookArray) ElementType() reflect.Type

func (AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutput 

func (i AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutput() AutomationRuleActionPlaybookArrayOutput

func (AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutputWithContext 

func (i AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookArrayOutput

type AutomationRuleActionPlaybookArrayInput 

type AutomationRuleActionPlaybookArrayInput interface {
	pulumi.Input

	ToAutomationRuleActionPlaybookArrayOutput() AutomationRuleActionPlaybookArrayOutput
	ToAutomationRuleActionPlaybookArrayOutputWithContext(context.Context) AutomationRuleActionPlaybookArrayOutput
}

AutomationRuleActionPlaybookArrayInput is an input type that accepts AutomationRuleActionPlaybookArray and AutomationRuleActionPlaybookArrayOutput values. You can construct a concrete instance of `AutomationRuleActionPlaybookArrayInput` via: 

AutomationRuleActionPlaybookArray{ AutomationRuleActionPlaybookArgs{...} }

type AutomationRuleActionPlaybookArrayOutput 

type AutomationRuleActionPlaybookArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionPlaybookArrayOutput) ElementType 

func (AutomationRuleActionPlaybookArrayOutput) ElementType() reflect.Type

func (AutomationRuleActionPlaybookArrayOutput) Index 

func (o AutomationRuleActionPlaybookArrayOutput) Index(i pulumi.IntInput) AutomationRuleActionPlaybookOutput

func (AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutput 

func (o AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutput() AutomationRuleActionPlaybookArrayOutput

func (AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutputWithContext 

func (o AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookArrayOutput

type AutomationRuleActionPlaybookInput 

type AutomationRuleActionPlaybookInput interface {
	pulumi.Input

	ToAutomationRuleActionPlaybookOutput() AutomationRuleActionPlaybookOutput
	ToAutomationRuleActionPlaybookOutputWithContext(context.Context) AutomationRuleActionPlaybookOutput
}

AutomationRuleActionPlaybookInput is an input type that accepts AutomationRuleActionPlaybookArgs and AutomationRuleActionPlaybookOutput values. You can construct a concrete instance of `AutomationRuleActionPlaybookInput` via: 

AutomationRuleActionPlaybookArgs{...}

type AutomationRuleActionPlaybookOutput 

type AutomationRuleActionPlaybookOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionPlaybookOutput) ElementType 

func (AutomationRuleActionPlaybookOutput) ElementType() reflect.Type

func (AutomationRuleActionPlaybookOutput) LogicAppId 

func (o AutomationRuleActionPlaybookOutput) LogicAppId() pulumi.StringOutput

The ID of the Logic App that defines the playbook's logic.

func (AutomationRuleActionPlaybookOutput) Order 

func (o AutomationRuleActionPlaybookOutput) Order() pulumi.IntOutput

The execution order of this action.

func (AutomationRuleActionPlaybookOutput) TenantId 

func (o AutomationRuleActionPlaybookOutput) TenantId() pulumi.StringPtrOutput

The ID of the Tenant that owns the playbook.

func (AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutput 

func (o AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutput() AutomationRuleActionPlaybookOutput

func (AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutputWithContext 

func (o AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookOutput

type AutomationRuleArgs 

type AutomationRuleArgs struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AutomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	//
	// > **Note:** Either one `actionIncident` block or `actionPlaybook` block has to be specified.
	ActionPlaybooks AutomationRuleActionPlaybookArrayInput
	// A JSON array of one or more condition JSON objects as is defined [here](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#automationruletriggeringlogic).
	ConditionJson pulumi.StringPtrInput
	// One or more `condition` blocks as defined below.
	//
	// > **Note:** `condition` only supports the [`Property` condition type](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#propertyconditionproperties). Please use `conditionJson` if you want other condition types.
	//
	// Deprecated: This is deprecated in favor of `conditionJson`
	Conditions AutomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntInput
	// Specifies what triggers this automation rule. Possible values are `Alerts` and `Incidents`. Defaults to `Incidents`.
	TriggersOn pulumi.StringPtrInput
	// Specifies when will this automation rule be triggered. Possible values are `Created` and `Updated`. Defaults to `Created`.
	TriggersWhen pulumi.StringPtrInput
}

The set of arguments for constructing a AutomationRule resource.

func (AutomationRuleArgs) ElementType 

func (AutomationRuleArgs) ElementType() reflect.Type

type AutomationRuleArray 

type AutomationRuleArray []AutomationRuleInput

func (AutomationRuleArray) ElementType 

func (AutomationRuleArray) ElementType() reflect.Type

func (AutomationRuleArray) ToAutomationRuleArrayOutput 

func (i AutomationRuleArray) ToAutomationRuleArrayOutput() AutomationRuleArrayOutput

func (AutomationRuleArray) ToAutomationRuleArrayOutputWithContext 

func (i AutomationRuleArray) ToAutomationRuleArrayOutputWithContext(ctx context.Context) AutomationRuleArrayOutput

type AutomationRuleArrayInput 

type AutomationRuleArrayInput interface {
	pulumi.Input

	ToAutomationRuleArrayOutput() AutomationRuleArrayOutput
	ToAutomationRuleArrayOutputWithContext(context.Context) AutomationRuleArrayOutput
}

AutomationRuleArrayInput is an input type that accepts AutomationRuleArray and AutomationRuleArrayOutput values. You can construct a concrete instance of `AutomationRuleArrayInput` via: 

AutomationRuleArray{ AutomationRuleArgs{...} }

type AutomationRuleArrayOutput 

type AutomationRuleArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleArrayOutput) ElementType 

func (AutomationRuleArrayOutput) ElementType() reflect.Type

func (AutomationRuleArrayOutput) Index 

func (o AutomationRuleArrayOutput) Index(i pulumi.IntInput) AutomationRuleOutput

func (AutomationRuleArrayOutput) ToAutomationRuleArrayOutput 

func (o AutomationRuleArrayOutput) ToAutomationRuleArrayOutput() AutomationRuleArrayOutput

func (AutomationRuleArrayOutput) ToAutomationRuleArrayOutputWithContext 

func (o AutomationRuleArrayOutput) ToAutomationRuleArrayOutputWithContext(ctx context.Context) AutomationRuleArrayOutput

type AutomationRuleCondition 

type AutomationRuleCondition struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator string `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values are `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AlertAnalyticRuleIds`, `AlertProductNames`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentCustomDetailsKey`, `IncidentCustomDetailsValue`, `IncidentDescription`, `IncidentLabel`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IncidentUpdatedBySource`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData` and `Url`.
	Property string `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values []string `pulumi:"values"`
}

type AutomationRuleConditionArgs 

type AutomationRuleConditionArgs struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator pulumi.StringInput `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values are `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AlertAnalyticRuleIds`, `AlertProductNames`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentCustomDetailsKey`, `IncidentCustomDetailsValue`, `IncidentDescription`, `IncidentLabel`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IncidentUpdatedBySource`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData` and `Url`.
	Property pulumi.StringInput `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (AutomationRuleConditionArgs) ElementType 

func (AutomationRuleConditionArgs) ElementType() reflect.Type

func (AutomationRuleConditionArgs) ToAutomationRuleConditionOutput 

func (i AutomationRuleConditionArgs) ToAutomationRuleConditionOutput() AutomationRuleConditionOutput

func (AutomationRuleConditionArgs) ToAutomationRuleConditionOutputWithContext 

func (i AutomationRuleConditionArgs) ToAutomationRuleConditionOutputWithContext(ctx context.Context) AutomationRuleConditionOutput

type AutomationRuleConditionArray 

type AutomationRuleConditionArray []AutomationRuleConditionInput

func (AutomationRuleConditionArray) ElementType 

func (AutomationRuleConditionArray) ElementType() reflect.Type

func (AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutput 

func (i AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutput() AutomationRuleConditionArrayOutput

func (AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutputWithContext 

func (i AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutputWithContext(ctx context.Context) AutomationRuleConditionArrayOutput

type AutomationRuleConditionArrayInput 

type AutomationRuleConditionArrayInput interface {
	pulumi.Input

	ToAutomationRuleConditionArrayOutput() AutomationRuleConditionArrayOutput
	ToAutomationRuleConditionArrayOutputWithContext(context.Context) AutomationRuleConditionArrayOutput
}

AutomationRuleConditionArrayInput is an input type that accepts AutomationRuleConditionArray and AutomationRuleConditionArrayOutput values. You can construct a concrete instance of `AutomationRuleConditionArrayInput` via: 

AutomationRuleConditionArray{ AutomationRuleConditionArgs{...} }

type AutomationRuleConditionArrayOutput 

type AutomationRuleConditionArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleConditionArrayOutput) ElementType 

func (AutomationRuleConditionArrayOutput) ElementType() reflect.Type

func (AutomationRuleConditionArrayOutput) Index 

func (o AutomationRuleConditionArrayOutput) Index(i pulumi.IntInput) AutomationRuleConditionOutput

func (AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutput 

func (o AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutput() AutomationRuleConditionArrayOutput

func (AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutputWithContext 

func (o AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutputWithContext(ctx context.Context) AutomationRuleConditionArrayOutput

type AutomationRuleConditionInput 

type AutomationRuleConditionInput interface {
	pulumi.Input

	ToAutomationRuleConditionOutput() AutomationRuleConditionOutput
	ToAutomationRuleConditionOutputWithContext(context.Context) AutomationRuleConditionOutput
}

AutomationRuleConditionInput is an input type that accepts AutomationRuleConditionArgs and AutomationRuleConditionOutput values. You can construct a concrete instance of `AutomationRuleConditionInput` via: 

AutomationRuleConditionArgs{...}

type AutomationRuleConditionOutput 

type AutomationRuleConditionOutput struct{ *pulumi.OutputState }

func (AutomationRuleConditionOutput) ElementType 

func (AutomationRuleConditionOutput) ElementType() reflect.Type

func (AutomationRuleConditionOutput) Operator 

func (o AutomationRuleConditionOutput) Operator() pulumi.StringOutput

The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.

func (AutomationRuleConditionOutput) Property 

func (o AutomationRuleConditionOutput) Property() pulumi.StringOutput

The property to use for evaluate the condition. Possible values are `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AlertAnalyticRuleIds`, `AlertProductNames`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentCustomDetailsKey`, `IncidentCustomDetailsValue`, `IncidentDescription`, `IncidentLabel`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IncidentUpdatedBySource`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData` and `Url`.

func (AutomationRuleConditionOutput) ToAutomationRuleConditionOutput 

func (o AutomationRuleConditionOutput) ToAutomationRuleConditionOutput() AutomationRuleConditionOutput

func (AutomationRuleConditionOutput) ToAutomationRuleConditionOutputWithContext 

func (o AutomationRuleConditionOutput) ToAutomationRuleConditionOutputWithContext(ctx context.Context) AutomationRuleConditionOutput

func (AutomationRuleConditionOutput) Values 

func (o AutomationRuleConditionOutput) Values() pulumi.StringArrayOutput

Specifies a list of values to use for evaluate the condition.

type AutomationRuleInput 

type AutomationRuleInput interface {
	pulumi.Input

	ToAutomationRuleOutput() AutomationRuleOutput
	ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput
}

type AutomationRuleMap 

type AutomationRuleMap map[string]AutomationRuleInput

func (AutomationRuleMap) ElementType 

func (AutomationRuleMap) ElementType() reflect.Type

func (AutomationRuleMap) ToAutomationRuleMapOutput 

func (i AutomationRuleMap) ToAutomationRuleMapOutput() AutomationRuleMapOutput

func (AutomationRuleMap) ToAutomationRuleMapOutputWithContext 

func (i AutomationRuleMap) ToAutomationRuleMapOutputWithContext(ctx context.Context) AutomationRuleMapOutput

type AutomationRuleMapInput 

type AutomationRuleMapInput interface {
	pulumi.Input

	ToAutomationRuleMapOutput() AutomationRuleMapOutput
	ToAutomationRuleMapOutputWithContext(context.Context) AutomationRuleMapOutput
}

AutomationRuleMapInput is an input type that accepts AutomationRuleMap and AutomationRuleMapOutput values. You can construct a concrete instance of `AutomationRuleMapInput` via: 

AutomationRuleMap{ "key": AutomationRuleArgs{...} }

type AutomationRuleMapOutput 

type AutomationRuleMapOutput struct{ *pulumi.OutputState }

func (AutomationRuleMapOutput) ElementType 

func (AutomationRuleMapOutput) ElementType() reflect.Type

func (AutomationRuleMapOutput) MapIndex 

func (o AutomationRuleMapOutput) MapIndex(k pulumi.StringInput) AutomationRuleOutput

func (AutomationRuleMapOutput) ToAutomationRuleMapOutput 

func (o AutomationRuleMapOutput) ToAutomationRuleMapOutput() AutomationRuleMapOutput

func (AutomationRuleMapOutput) ToAutomationRuleMapOutputWithContext 

func (o AutomationRuleMapOutput) ToAutomationRuleMapOutputWithContext(ctx context.Context) AutomationRuleMapOutput

type AutomationRuleOutput 

type AutomationRuleOutput struct{ *pulumi.OutputState }

func (AutomationRuleOutput) ActionIncidents added in v5.5.0 

func (o AutomationRuleOutput) ActionIncidents() AutomationRuleActionIncidentArrayOutput

One or more `actionIncident` blocks as defined below.

func (AutomationRuleOutput) ActionPlaybooks added in v5.5.0 

func (o AutomationRuleOutput) ActionPlaybooks() AutomationRuleActionPlaybookArrayOutput

One or more `actionPlaybook` blocks as defined below.

> **Note:** Either one `actionIncident` block or `actionPlaybook` block has to be specified.

func (AutomationRuleOutput) ConditionJson added in v5.31.0 

func (o AutomationRuleOutput) ConditionJson() pulumi.StringOutput

A JSON array of one or more condition JSON objects as is defined [here](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#automationruletriggeringlogic).

func (AutomationRuleOutput) Conditions deprecated added in v5.5.0 

func (o AutomationRuleOutput) Conditions() AutomationRuleConditionArrayOutput

One or more `condition` blocks as defined below.

> **Note:** `condition` only supports the [`Property` condition type](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#propertyconditionproperties). Please use `conditionJson` if you want other condition types.

Deprecated: This is deprecated in favor of `conditionJson`

func (AutomationRuleOutput) DisplayName added in v5.5.0 

func (o AutomationRuleOutput) DisplayName() pulumi.StringOutput

The display name which should be used for this Sentinel Automation Rule.

func (AutomationRuleOutput) ElementType 

func (AutomationRuleOutput) ElementType() reflect.Type

func (AutomationRuleOutput) Enabled added in v5.5.0 

func (o AutomationRuleOutput) Enabled() pulumi.BoolPtrOutput

Whether this Sentinel Automation Rule is enabled? Defaults to `true`.

func (AutomationRuleOutput) Expiration added in v5.5.0 

func (o AutomationRuleOutput) Expiration() pulumi.StringPtrOutput

The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.

func (AutomationRuleOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o AutomationRuleOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.

func (AutomationRuleOutput) Name added in v5.5.0 

func (o AutomationRuleOutput) Name() pulumi.StringOutput

The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.

func (AutomationRuleOutput) Order added in v5.5.0 

func (o AutomationRuleOutput) Order() pulumi.IntOutput

The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.

func (AutomationRuleOutput) ToAutomationRuleOutput 

func (o AutomationRuleOutput) ToAutomationRuleOutput() AutomationRuleOutput

func (AutomationRuleOutput) ToAutomationRuleOutputWithContext 

func (o AutomationRuleOutput) ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput

func (AutomationRuleOutput) TriggersOn added in v5.31.0 

func (o AutomationRuleOutput) TriggersOn() pulumi.StringPtrOutput

Specifies what triggers this automation rule. Possible values are `Alerts` and `Incidents`. Defaults to `Incidents`.

func (AutomationRuleOutput) TriggersWhen added in v5.31.0 

func (o AutomationRuleOutput) TriggersWhen() pulumi.StringPtrOutput

Specifies when will this automation rule be triggered. Possible values are `Created` and `Updated`. Defaults to `Created`.

type AutomationRuleState 

type AutomationRuleState struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AutomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	//
	// > **Note:** Either one `actionIncident` block or `actionPlaybook` block has to be specified.
	ActionPlaybooks AutomationRuleActionPlaybookArrayInput
	// A JSON array of one or more condition JSON objects as is defined [here](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#automationruletriggeringlogic).
	ConditionJson pulumi.StringPtrInput
	// One or more `condition` blocks as defined below.
	//
	// > **Note:** `condition` only supports the [`Property` condition type](https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/automation-rules/create-or-update?tabs=HTTP#propertyconditionproperties). Please use `conditionJson` if you want other condition types.
	//
	// Deprecated: This is deprecated in favor of `conditionJson`
	Conditions AutomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringPtrInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntPtrInput
	// Specifies what triggers this automation rule. Possible values are `Alerts` and `Incidents`. Defaults to `Incidents`.
	TriggersOn pulumi.StringPtrInput
	// Specifies when will this automation rule be triggered. Possible values are `Created` and `Updated`. Defaults to `Created`.
	TriggersWhen pulumi.StringPtrInput
}

func (AutomationRuleState) ElementType 

func (AutomationRuleState) ElementType() reflect.Type

type DataConnectorAwsCloudTrail 

type DataConnectorAwsCloudTrail struct {
	pulumi.CustomResourceState

	// The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.
	AwsRoleArn pulumi.StringOutput `pulumi:"awsRoleArn"`
	// The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a AWS CloudTrail Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAwsCloudTrail(ctx, "example", &sentinel.DataConnectorAwsCloudTrailArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			AwsRoleArn:              pulumi.String("arn:aws:iam::000000000000:role/role1"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS CloudTrail Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorAwsCloudTrail:DataConnectorAwsCloudTrail example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorAwsCloudTrail 

func GetDataConnectorAwsCloudTrail(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAwsCloudTrailState, opts ...pulumi.ResourceOption) (*DataConnectorAwsCloudTrail, error)

GetDataConnectorAwsCloudTrail gets an existing DataConnectorAwsCloudTrail resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAwsCloudTrail 

func NewDataConnectorAwsCloudTrail(ctx *pulumi.Context,
	name string, args *DataConnectorAwsCloudTrailArgs, opts ...pulumi.ResourceOption) (*DataConnectorAwsCloudTrail, error)

NewDataConnectorAwsCloudTrail registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAwsCloudTrail) ElementType 

func (*DataConnectorAwsCloudTrail) ElementType() reflect.Type

func (*DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutput 

func (i *DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutput() DataConnectorAwsCloudTrailOutput

func (*DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutputWithContext 

func (i *DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailOutput

type DataConnectorAwsCloudTrailArgs 

type DataConnectorAwsCloudTrailArgs struct {
	// The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.
	AwsRoleArn pulumi.StringInput
	// The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAwsCloudTrail resource.

func (DataConnectorAwsCloudTrailArgs) ElementType 

func (DataConnectorAwsCloudTrailArgs) ElementType() reflect.Type

type DataConnectorAwsCloudTrailArray 

type DataConnectorAwsCloudTrailArray []DataConnectorAwsCloudTrailInput

func (DataConnectorAwsCloudTrailArray) ElementType 

func (DataConnectorAwsCloudTrailArray) ElementType() reflect.Type

func (DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutput 

func (i DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutput() DataConnectorAwsCloudTrailArrayOutput

func (DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutputWithContext 

func (i DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailArrayOutput

type DataConnectorAwsCloudTrailArrayInput 

type DataConnectorAwsCloudTrailArrayInput interface {
	pulumi.Input

	ToDataConnectorAwsCloudTrailArrayOutput() DataConnectorAwsCloudTrailArrayOutput
	ToDataConnectorAwsCloudTrailArrayOutputWithContext(context.Context) DataConnectorAwsCloudTrailArrayOutput
}

DataConnectorAwsCloudTrailArrayInput is an input type that accepts DataConnectorAwsCloudTrailArray and DataConnectorAwsCloudTrailArrayOutput values. You can construct a concrete instance of `DataConnectorAwsCloudTrailArrayInput` via: 

DataConnectorAwsCloudTrailArray{ DataConnectorAwsCloudTrailArgs{...} }

type DataConnectorAwsCloudTrailArrayOutput 

type DataConnectorAwsCloudTrailArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsCloudTrailArrayOutput) ElementType 

func (DataConnectorAwsCloudTrailArrayOutput) ElementType() reflect.Type

func (DataConnectorAwsCloudTrailArrayOutput) Index 

func (o DataConnectorAwsCloudTrailArrayOutput) Index(i pulumi.IntInput) DataConnectorAwsCloudTrailOutput

func (DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutput 

func (o DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutput() DataConnectorAwsCloudTrailArrayOutput

func (DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutputWithContext 

func (o DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailArrayOutput

type DataConnectorAwsCloudTrailInput 

type DataConnectorAwsCloudTrailInput interface {
	pulumi.Input

	ToDataConnectorAwsCloudTrailOutput() DataConnectorAwsCloudTrailOutput
	ToDataConnectorAwsCloudTrailOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailOutput
}

type DataConnectorAwsCloudTrailMap 

type DataConnectorAwsCloudTrailMap map[string]DataConnectorAwsCloudTrailInput

func (DataConnectorAwsCloudTrailMap) ElementType 

func (DataConnectorAwsCloudTrailMap) ElementType() reflect.Type

func (DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutput 

func (i DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutput() DataConnectorAwsCloudTrailMapOutput

func (DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutputWithContext 

func (i DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailMapOutput

type DataConnectorAwsCloudTrailMapInput 

type DataConnectorAwsCloudTrailMapInput interface {
	pulumi.Input

	ToDataConnectorAwsCloudTrailMapOutput() DataConnectorAwsCloudTrailMapOutput
	ToDataConnectorAwsCloudTrailMapOutputWithContext(context.Context) DataConnectorAwsCloudTrailMapOutput
}

DataConnectorAwsCloudTrailMapInput is an input type that accepts DataConnectorAwsCloudTrailMap and DataConnectorAwsCloudTrailMapOutput values. You can construct a concrete instance of `DataConnectorAwsCloudTrailMapInput` via: 

DataConnectorAwsCloudTrailMap{ "key": DataConnectorAwsCloudTrailArgs{...} }

type DataConnectorAwsCloudTrailMapOutput 

type DataConnectorAwsCloudTrailMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsCloudTrailMapOutput) ElementType 

func (DataConnectorAwsCloudTrailMapOutput) ElementType() reflect.Type

func (DataConnectorAwsCloudTrailMapOutput) MapIndex 

func (o DataConnectorAwsCloudTrailMapOutput) MapIndex(k pulumi.StringInput) DataConnectorAwsCloudTrailOutput

func (DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutput 

func (o DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutput() DataConnectorAwsCloudTrailMapOutput

func (DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutputWithContext 

func (o DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailMapOutput

type DataConnectorAwsCloudTrailOutput 

type DataConnectorAwsCloudTrailOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsCloudTrailOutput) AwsRoleArn added in v5.5.0 

func (o DataConnectorAwsCloudTrailOutput) AwsRoleArn() pulumi.StringOutput

The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.

func (DataConnectorAwsCloudTrailOutput) ElementType 

func (DataConnectorAwsCloudTrailOutput) ElementType() reflect.Type

func (DataConnectorAwsCloudTrailOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o DataConnectorAwsCloudTrailOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.

func (DataConnectorAwsCloudTrailOutput) Name added in v5.5.0 

func (o DataConnectorAwsCloudTrailOutput) Name() pulumi.StringOutput

The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.

func (DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutput 

func (o DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutput() DataConnectorAwsCloudTrailOutput

func (DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutputWithContext 

func (o DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailOutput

type DataConnectorAwsCloudTrailState 

type DataConnectorAwsCloudTrailState struct {
	// The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.
	AwsRoleArn pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.
	Name pulumi.StringPtrInput
}

func (DataConnectorAwsCloudTrailState) ElementType 

func (DataConnectorAwsCloudTrailState) ElementType() reflect.Type

type DataConnectorAwsS3 added in v5.6.0 

type DataConnectorAwsS3 struct {
	pulumi.CustomResourceState

	// The ARN of the AWS role, which is connected to this AWS CloudTrail Data Connector. See the [Azure document](https://docs.microsoft.com/azure/sentinel/connect-aws?tabs=s3#create-an-aws-assumed-role-and-grant-access-to-the-aws-sentinel-account) for details.
	AwsRoleArn pulumi.StringOutput `pulumi:"awsRoleArn"`
	// The name of the Log Analytics table that will store the ingested data.
	DestinationTable pulumi.StringOutput `pulumi:"destinationTable"`
	// The ID of the Log Analytics Workspace that this AWS S3 Data Connector resides in. Changing this forces a new AWS S3 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this AWS S3 Data Connector. Changing this forces a new AWS S3 Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// Specifies a list of AWS SQS urls for the AWS S3 Data Connector.
	SqsUrls pulumi.StringArrayOutput `pulumi:"sqsUrls"`
}

Manages a AWS S3 Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAwsS3(ctx, "example", &sentinel.DataConnectorAwsS3Args{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			AwsRoleArn:              pulumi.String("arn:aws:iam::000000000000:role/role1"),
			DestinationTable:        pulumi.String("AWSGuardDuty"),
			SqsUrls: pulumi.StringArray{
				pulumi.String("https://sqs.us-east-1.amazonaws.com/000000000000/example"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS S3 Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorAwsS3:DataConnectorAwsS3 example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorAwsS3 added in v5.6.0 

func GetDataConnectorAwsS3(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAwsS3State, opts ...pulumi.ResourceOption) (*DataConnectorAwsS3, error)

GetDataConnectorAwsS3 gets an existing DataConnectorAwsS3 resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAwsS3 added in v5.6.0 

func NewDataConnectorAwsS3(ctx *pulumi.Context,
	name string, args *DataConnectorAwsS3Args, opts ...pulumi.ResourceOption) (*DataConnectorAwsS3, error)

NewDataConnectorAwsS3 registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAwsS3) ElementType added in v5.6.0 

func (*DataConnectorAwsS3) ElementType() reflect.Type

func (*DataConnectorAwsS3) ToDataConnectorAwsS3Output added in v5.6.0 

func (i *DataConnectorAwsS3) ToDataConnectorAwsS3Output() DataConnectorAwsS3Output

func (*DataConnectorAwsS3) ToDataConnectorAwsS3OutputWithContext added in v5.6.0 

func (i *DataConnectorAwsS3) ToDataConnectorAwsS3OutputWithContext(ctx context.Context) DataConnectorAwsS3Output

type DataConnectorAwsS3Args added in v5.6.0 

type DataConnectorAwsS3Args struct {
	// The ARN of the AWS role, which is connected to this AWS CloudTrail Data Connector. See the [Azure document](https://docs.microsoft.com/azure/sentinel/connect-aws?tabs=s3#create-an-aws-assumed-role-and-grant-access-to-the-aws-sentinel-account) for details.
	AwsRoleArn pulumi.StringInput
	// The name of the Log Analytics table that will store the ingested data.
	DestinationTable pulumi.StringInput
	// The ID of the Log Analytics Workspace that this AWS S3 Data Connector resides in. Changing this forces a new AWS S3 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this AWS S3 Data Connector. Changing this forces a new AWS S3 Data Connector to be created.
	Name pulumi.StringPtrInput
	// Specifies a list of AWS SQS urls for the AWS S3 Data Connector.
	SqsUrls pulumi.StringArrayInput
}

The set of arguments for constructing a DataConnectorAwsS3 resource.

func (DataConnectorAwsS3Args) ElementType added in v5.6.0 

func (DataConnectorAwsS3Args) ElementType() reflect.Type

type DataConnectorAwsS3Array added in v5.6.0 

type DataConnectorAwsS3Array []DataConnectorAwsS3Input

func (DataConnectorAwsS3Array) ElementType added in v5.6.0 

func (DataConnectorAwsS3Array) ElementType() reflect.Type

func (DataConnectorAwsS3Array) ToDataConnectorAwsS3ArrayOutput added in v5.6.0 

func (i DataConnectorAwsS3Array) ToDataConnectorAwsS3ArrayOutput() DataConnectorAwsS3ArrayOutput

func (DataConnectorAwsS3Array) ToDataConnectorAwsS3ArrayOutputWithContext added in v5.6.0 

func (i DataConnectorAwsS3Array) ToDataConnectorAwsS3ArrayOutputWithContext(ctx context.Context) DataConnectorAwsS3ArrayOutput

type DataConnectorAwsS3ArrayInput added in v5.6.0 

type DataConnectorAwsS3ArrayInput interface {
	pulumi.Input

	ToDataConnectorAwsS3ArrayOutput() DataConnectorAwsS3ArrayOutput
	ToDataConnectorAwsS3ArrayOutputWithContext(context.Context) DataConnectorAwsS3ArrayOutput
}

DataConnectorAwsS3ArrayInput is an input type that accepts DataConnectorAwsS3Array and DataConnectorAwsS3ArrayOutput values. You can construct a concrete instance of `DataConnectorAwsS3ArrayInput` via: 

DataConnectorAwsS3Array{ DataConnectorAwsS3Args{...} }

type DataConnectorAwsS3ArrayOutput added in v5.6.0 

type DataConnectorAwsS3ArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsS3ArrayOutput) ElementType added in v5.6.0 

func (DataConnectorAwsS3ArrayOutput) ElementType() reflect.Type

func (DataConnectorAwsS3ArrayOutput) Index added in v5.6.0 

func (o DataConnectorAwsS3ArrayOutput) Index(i pulumi.IntInput) DataConnectorAwsS3Output

func (DataConnectorAwsS3ArrayOutput) ToDataConnectorAwsS3ArrayOutput added in v5.6.0 

func (o DataConnectorAwsS3ArrayOutput) ToDataConnectorAwsS3ArrayOutput() DataConnectorAwsS3ArrayOutput

func (DataConnectorAwsS3ArrayOutput) ToDataConnectorAwsS3ArrayOutputWithContext added in v5.6.0 

func (o DataConnectorAwsS3ArrayOutput) ToDataConnectorAwsS3ArrayOutputWithContext(ctx context.Context) DataConnectorAwsS3ArrayOutput

type DataConnectorAwsS3Input added in v5.6.0 

type DataConnectorAwsS3Input interface {
	pulumi.Input

	ToDataConnectorAwsS3Output() DataConnectorAwsS3Output
	ToDataConnectorAwsS3OutputWithContext(ctx context.Context) DataConnectorAwsS3Output
}

type DataConnectorAwsS3Map added in v5.6.0 

type DataConnectorAwsS3Map map[string]DataConnectorAwsS3Input

func (DataConnectorAwsS3Map) ElementType added in v5.6.0 

func (DataConnectorAwsS3Map) ElementType() reflect.Type

func (DataConnectorAwsS3Map) ToDataConnectorAwsS3MapOutput added in v5.6.0 

func (i DataConnectorAwsS3Map) ToDataConnectorAwsS3MapOutput() DataConnectorAwsS3MapOutput

func (DataConnectorAwsS3Map) ToDataConnectorAwsS3MapOutputWithContext added in v5.6.0 

func (i DataConnectorAwsS3Map) ToDataConnectorAwsS3MapOutputWithContext(ctx context.Context) DataConnectorAwsS3MapOutput

type DataConnectorAwsS3MapInput added in v5.6.0 

type DataConnectorAwsS3MapInput interface {
	pulumi.Input

	ToDataConnectorAwsS3MapOutput() DataConnectorAwsS3MapOutput
	ToDataConnectorAwsS3MapOutputWithContext(context.Context) DataConnectorAwsS3MapOutput
}

DataConnectorAwsS3MapInput is an input type that accepts DataConnectorAwsS3Map and DataConnectorAwsS3MapOutput values. You can construct a concrete instance of `DataConnectorAwsS3MapInput` via: 

DataConnectorAwsS3Map{ "key": DataConnectorAwsS3Args{...} }

type DataConnectorAwsS3MapOutput added in v5.6.0 

type DataConnectorAwsS3MapOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsS3MapOutput) ElementType added in v5.6.0 

func (DataConnectorAwsS3MapOutput) ElementType() reflect.Type

func (DataConnectorAwsS3MapOutput) MapIndex added in v5.6.0 

func (o DataConnectorAwsS3MapOutput) MapIndex(k pulumi.StringInput) DataConnectorAwsS3Output

func (DataConnectorAwsS3MapOutput) ToDataConnectorAwsS3MapOutput added in v5.6.0 

func (o DataConnectorAwsS3MapOutput) ToDataConnectorAwsS3MapOutput() DataConnectorAwsS3MapOutput

func (DataConnectorAwsS3MapOutput) ToDataConnectorAwsS3MapOutputWithContext added in v5.6.0 

func (o DataConnectorAwsS3MapOutput) ToDataConnectorAwsS3MapOutputWithContext(ctx context.Context) DataConnectorAwsS3MapOutput

type DataConnectorAwsS3Output added in v5.6.0 

type DataConnectorAwsS3Output struct{ *pulumi.OutputState }

func (DataConnectorAwsS3Output) AwsRoleArn added in v5.6.0 

func (o DataConnectorAwsS3Output) AwsRoleArn() pulumi.StringOutput

The ARN of the AWS role, which is connected to this AWS CloudTrail Data Connector. See the [Azure document](https://docs.microsoft.com/azure/sentinel/connect-aws?tabs=s3#create-an-aws-assumed-role-and-grant-access-to-the-aws-sentinel-account) for details.

func (DataConnectorAwsS3Output) DestinationTable added in v5.6.0 

func (o DataConnectorAwsS3Output) DestinationTable() pulumi.StringOutput

The name of the Log Analytics table that will store the ingested data.

func (DataConnectorAwsS3Output) ElementType added in v5.6.0 

func (DataConnectorAwsS3Output) ElementType() reflect.Type

func (DataConnectorAwsS3Output) LogAnalyticsWorkspaceId added in v5.6.0 

func (o DataConnectorAwsS3Output) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this AWS S3 Data Connector resides in. Changing this forces a new AWS S3 Data Connector to be created.

func (DataConnectorAwsS3Output) Name added in v5.6.0 

func (o DataConnectorAwsS3Output) Name() pulumi.StringOutput

The name which should be used for this AWS S3 Data Connector. Changing this forces a new AWS S3 Data Connector to be created.

func (DataConnectorAwsS3Output) SqsUrls added in v5.6.0 

func (o DataConnectorAwsS3Output) SqsUrls() pulumi.StringArrayOutput

Specifies a list of AWS SQS urls for the AWS S3 Data Connector.

func (DataConnectorAwsS3Output) ToDataConnectorAwsS3Output added in v5.6.0 

func (o DataConnectorAwsS3Output) ToDataConnectorAwsS3Output() DataConnectorAwsS3Output

func (DataConnectorAwsS3Output) ToDataConnectorAwsS3OutputWithContext added in v5.6.0 

func (o DataConnectorAwsS3Output) ToDataConnectorAwsS3OutputWithContext(ctx context.Context) DataConnectorAwsS3Output

type DataConnectorAwsS3State added in v5.6.0 

type DataConnectorAwsS3State struct {
	// The ARN of the AWS role, which is connected to this AWS CloudTrail Data Connector. See the [Azure document](https://docs.microsoft.com/azure/sentinel/connect-aws?tabs=s3#create-an-aws-assumed-role-and-grant-access-to-the-aws-sentinel-account) for details.
	AwsRoleArn pulumi.StringPtrInput
	// The name of the Log Analytics table that will store the ingested data.
	DestinationTable pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace that this AWS S3 Data Connector resides in. Changing this forces a new AWS S3 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this AWS S3 Data Connector. Changing this forces a new AWS S3 Data Connector to be created.
	Name pulumi.StringPtrInput
	// Specifies a list of AWS SQS urls for the AWS S3 Data Connector.
	SqsUrls pulumi.StringArrayInput
}

func (DataConnectorAwsS3State) ElementType added in v5.6.0 

func (DataConnectorAwsS3State) ElementType() reflect.Type

type DataConnectorAzureActiveDirectory 

type DataConnectorAzureActiveDirectory struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. Changing this forces a new Azure Active Directory Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Azure Active Directory Data Connector. Changing this forces a new Azure Active Directory Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Azure Active Directory Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAzureActiveDirectory(ctx, "example", &sentinel.DataConnectorAzureActiveDirectoryArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure Active Directory Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorAzureActiveDirectory:DataConnectorAzureActiveDirectory example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorAzureActiveDirectory 

func GetDataConnectorAzureActiveDirectory(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAzureActiveDirectoryState, opts ...pulumi.ResourceOption) (*DataConnectorAzureActiveDirectory, error)

GetDataConnectorAzureActiveDirectory gets an existing DataConnectorAzureActiveDirectory resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAzureActiveDirectory 

func NewDataConnectorAzureActiveDirectory(ctx *pulumi.Context,
	name string, args *DataConnectorAzureActiveDirectoryArgs, opts ...pulumi.ResourceOption) (*DataConnectorAzureActiveDirectory, error)

NewDataConnectorAzureActiveDirectory registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAzureActiveDirectory) ElementType 

func (*DataConnectorAzureActiveDirectory) ElementType() reflect.Type

func (*DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutput 

func (i *DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutput() DataConnectorAzureActiveDirectoryOutput

func (*DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutputWithContext 

func (i *DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryOutput

type DataConnectorAzureActiveDirectoryArgs 

type DataConnectorAzureActiveDirectoryArgs struct {
	// The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. Changing this forces a new Azure Active Directory Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Azure Active Directory Data Connector. Changing this forces a new Azure Active Directory Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAzureActiveDirectory resource.

func (DataConnectorAzureActiveDirectoryArgs) ElementType 

func (DataConnectorAzureActiveDirectoryArgs) ElementType() reflect.Type

type DataConnectorAzureActiveDirectoryArray 

type DataConnectorAzureActiveDirectoryArray []DataConnectorAzureActiveDirectoryInput

func (DataConnectorAzureActiveDirectoryArray) ElementType 

func (DataConnectorAzureActiveDirectoryArray) ElementType() reflect.Type

func (DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutput 

func (i DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutput() DataConnectorAzureActiveDirectoryArrayOutput

func (DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext 

func (i DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryArrayOutput

type DataConnectorAzureActiveDirectoryArrayInput 

type DataConnectorAzureActiveDirectoryArrayInput interface {
	pulumi.Input

	ToDataConnectorAzureActiveDirectoryArrayOutput() DataConnectorAzureActiveDirectoryArrayOutput
	ToDataConnectorAzureActiveDirectoryArrayOutputWithContext(context.Context) DataConnectorAzureActiveDirectoryArrayOutput
}

DataConnectorAzureActiveDirectoryArrayInput is an input type that accepts DataConnectorAzureActiveDirectoryArray and DataConnectorAzureActiveDirectoryArrayOutput values. You can construct a concrete instance of `DataConnectorAzureActiveDirectoryArrayInput` via: 

DataConnectorAzureActiveDirectoryArray{ DataConnectorAzureActiveDirectoryArgs{...} }

type DataConnectorAzureActiveDirectoryArrayOutput 

type DataConnectorAzureActiveDirectoryArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureActiveDirectoryArrayOutput) ElementType 

func (DataConnectorAzureActiveDirectoryArrayOutput) ElementType() reflect.Type

func (DataConnectorAzureActiveDirectoryArrayOutput) Index 

func (o DataConnectorAzureActiveDirectoryArrayOutput) Index(i pulumi.IntInput) DataConnectorAzureActiveDirectoryOutput

func (DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutput 

func (o DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutput() DataConnectorAzureActiveDirectoryArrayOutput

func (DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext 

func (o DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryArrayOutput

type DataConnectorAzureActiveDirectoryInput 

type DataConnectorAzureActiveDirectoryInput interface {
	pulumi.Input

	ToDataConnectorAzureActiveDirectoryOutput() DataConnectorAzureActiveDirectoryOutput
	ToDataConnectorAzureActiveDirectoryOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryOutput
}

type DataConnectorAzureActiveDirectoryMap 

type DataConnectorAzureActiveDirectoryMap map[string]DataConnectorAzureActiveDirectoryInput

func (DataConnectorAzureActiveDirectoryMap) ElementType 

func (DataConnectorAzureActiveDirectoryMap) ElementType() reflect.Type

func (DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutput 

func (i DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutput() DataConnectorAzureActiveDirectoryMapOutput

func (DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutputWithContext 

func (i DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryMapOutput

type DataConnectorAzureActiveDirectoryMapInput 

type DataConnectorAzureActiveDirectoryMapInput interface {
	pulumi.Input

	ToDataConnectorAzureActiveDirectoryMapOutput() DataConnectorAzureActiveDirectoryMapOutput
	ToDataConnectorAzureActiveDirectoryMapOutputWithContext(context.Context) DataConnectorAzureActiveDirectoryMapOutput
}

DataConnectorAzureActiveDirectoryMapInput is an input type that accepts DataConnectorAzureActiveDirectoryMap and DataConnectorAzureActiveDirectoryMapOutput values. You can construct a concrete instance of `DataConnectorAzureActiveDirectoryMapInput` via: 

DataConnectorAzureActiveDirectoryMap{ "key": DataConnectorAzureActiveDirectoryArgs{...} }

type DataConnectorAzureActiveDirectoryMapOutput 

type DataConnectorAzureActiveDirectoryMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureActiveDirectoryMapOutput) ElementType 

func (DataConnectorAzureActiveDirectoryMapOutput) ElementType() reflect.Type

func (DataConnectorAzureActiveDirectoryMapOutput) MapIndex 

func (o DataConnectorAzureActiveDirectoryMapOutput) MapIndex(k pulumi.StringInput) DataConnectorAzureActiveDirectoryOutput

func (DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutput 

func (o DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutput() DataConnectorAzureActiveDirectoryMapOutput

func (DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutputWithContext 

func (o DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryMapOutput

type DataConnectorAzureActiveDirectoryOutput 

type DataConnectorAzureActiveDirectoryOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureActiveDirectoryOutput) ElementType 

func (DataConnectorAzureActiveDirectoryOutput) ElementType() reflect.Type

func (DataConnectorAzureActiveDirectoryOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o DataConnectorAzureActiveDirectoryOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. Changing this forces a new Azure Active Directory Data Connector to be created.

func (DataConnectorAzureActiveDirectoryOutput) Name added in v5.5.0 

func (o DataConnectorAzureActiveDirectoryOutput) Name() pulumi.StringOutput

The name which should be used for this Azure Active Directory Data Connector. Changing this forces a new Azure Active Directory Data Connector to be created.

func (DataConnectorAzureActiveDirectoryOutput) TenantId added in v5.5.0 

func (o DataConnectorAzureActiveDirectoryOutput) TenantId() pulumi.StringOutput

The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutput 

func (o DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutput() DataConnectorAzureActiveDirectoryOutput

func (DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutputWithContext 

func (o DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryOutput

type DataConnectorAzureActiveDirectoryState 

type DataConnectorAzureActiveDirectoryState struct {
	// The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. Changing this forces a new Azure Active Directory Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Azure Active Directory Data Connector. Changing this forces a new Azure Active Directory Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorAzureActiveDirectoryState) ElementType 

func (DataConnectorAzureActiveDirectoryState) ElementType() reflect.Type

type DataConnectorAzureAdvancedThreadProtection 

type DataConnectorAzureAdvancedThreadProtection struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Azure Advanced Threat Protection Data Connector. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Azure Advanced Threat Protection Data Connector.

!> **NOTE:** This resource requires that [Enterprise Mobility + Security E5](https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security) is enabled on the tenant being connected to.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAzureAdvancedThreadProtection(ctx, "example", &sentinel.DataConnectorAzureAdvancedThreadProtectionArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure Advanced Threat Protection Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorAzureAdvancedThreadProtection:DataConnectorAzureAdvancedThreadProtection example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorAzureAdvancedThreadProtection 

func GetDataConnectorAzureAdvancedThreadProtection(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAzureAdvancedThreadProtectionState, opts ...pulumi.ResourceOption) (*DataConnectorAzureAdvancedThreadProtection, error)

GetDataConnectorAzureAdvancedThreadProtection gets an existing DataConnectorAzureAdvancedThreadProtection resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAzureAdvancedThreadProtection 

func NewDataConnectorAzureAdvancedThreadProtection(ctx *pulumi.Context,
	name string, args *DataConnectorAzureAdvancedThreadProtectionArgs, opts ...pulumi.ResourceOption) (*DataConnectorAzureAdvancedThreadProtection, error)

NewDataConnectorAzureAdvancedThreadProtection registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAzureAdvancedThreadProtection) ElementType 

func (*DataConnectorAzureAdvancedThreadProtection) ElementType() reflect.Type

func (*DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutput 

func (i *DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutput() DataConnectorAzureAdvancedThreadProtectionOutput

func (*DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext 

func (i *DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionOutput

type DataConnectorAzureAdvancedThreadProtectionArgs 

type DataConnectorAzureAdvancedThreadProtectionArgs struct {
	// The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Azure Advanced Threat Protection Data Connector. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAzureAdvancedThreadProtection resource.

func (DataConnectorAzureAdvancedThreadProtectionArgs) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionArgs) ElementType() reflect.Type

type DataConnectorAzureAdvancedThreadProtectionArray 

type DataConnectorAzureAdvancedThreadProtectionArray []DataConnectorAzureAdvancedThreadProtectionInput

func (DataConnectorAzureAdvancedThreadProtectionArray) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionArray) ElementType() reflect.Type

func (DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutput 

func (i DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutput() DataConnectorAzureAdvancedThreadProtectionArrayOutput

func (DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext 

func (i DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionArrayOutput

type DataConnectorAzureAdvancedThreadProtectionArrayInput 

type DataConnectorAzureAdvancedThreadProtectionArrayInput interface {
	pulumi.Input

	ToDataConnectorAzureAdvancedThreadProtectionArrayOutput() DataConnectorAzureAdvancedThreadProtectionArrayOutput
	ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext(context.Context) DataConnectorAzureAdvancedThreadProtectionArrayOutput
}

DataConnectorAzureAdvancedThreadProtectionArrayInput is an input type that accepts DataConnectorAzureAdvancedThreadProtectionArray and DataConnectorAzureAdvancedThreadProtectionArrayOutput values. You can construct a concrete instance of `DataConnectorAzureAdvancedThreadProtectionArrayInput` via: 

DataConnectorAzureAdvancedThreadProtectionArray{ DataConnectorAzureAdvancedThreadProtectionArgs{...} }

type DataConnectorAzureAdvancedThreadProtectionArrayOutput 

type DataConnectorAzureAdvancedThreadProtectionArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) ElementType() reflect.Type

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) Index 

func (o DataConnectorAzureAdvancedThreadProtectionArrayOutput) Index(i pulumi.IntInput) DataConnectorAzureAdvancedThreadProtectionOutput

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) ToDataConnectorAzureAdvancedThreadProtectionArrayOutput 

func (o DataConnectorAzureAdvancedThreadProtectionArrayOutput) ToDataConnectorAzureAdvancedThreadProtectionArrayOutput() DataConnectorAzureAdvancedThreadProtectionArrayOutput

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext 

func (o DataConnectorAzureAdvancedThreadProtectionArrayOutput) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionArrayOutput

type DataConnectorAzureAdvancedThreadProtectionInput 

type DataConnectorAzureAdvancedThreadProtectionInput interface {
	pulumi.Input

	ToDataConnectorAzureAdvancedThreadProtectionOutput() DataConnectorAzureAdvancedThreadProtectionOutput
	ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionOutput
}

type DataConnectorAzureAdvancedThreadProtectionMap 

type DataConnectorAzureAdvancedThreadProtectionMap map[string]DataConnectorAzureAdvancedThreadProtectionInput

func (DataConnectorAzureAdvancedThreadProtectionMap) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionMap) ElementType() reflect.Type

func (DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutput 

func (i DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutput() DataConnectorAzureAdvancedThreadProtectionMapOutput

func (DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext 

func (i DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionMapOutput

type DataConnectorAzureAdvancedThreadProtectionMapInput 

type DataConnectorAzureAdvancedThreadProtectionMapInput interface {
	pulumi.Input

	ToDataConnectorAzureAdvancedThreadProtectionMapOutput() DataConnectorAzureAdvancedThreadProtectionMapOutput
	ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext(context.Context) DataConnectorAzureAdvancedThreadProtectionMapOutput
}

DataConnectorAzureAdvancedThreadProtectionMapInput is an input type that accepts DataConnectorAzureAdvancedThreadProtectionMap and DataConnectorAzureAdvancedThreadProtectionMapOutput values. You can construct a concrete instance of `DataConnectorAzureAdvancedThreadProtectionMapInput` via: 

DataConnectorAzureAdvancedThreadProtectionMap{ "key": DataConnectorAzureAdvancedThreadProtectionArgs{...} }

type DataConnectorAzureAdvancedThreadProtectionMapOutput 

type DataConnectorAzureAdvancedThreadProtectionMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) ElementType() reflect.Type

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) MapIndex 

func (o DataConnectorAzureAdvancedThreadProtectionMapOutput) MapIndex(k pulumi.StringInput) DataConnectorAzureAdvancedThreadProtectionOutput

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutput 

func (o DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutput() DataConnectorAzureAdvancedThreadProtectionMapOutput

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext 

func (o DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionMapOutput

type DataConnectorAzureAdvancedThreadProtectionOutput 

type DataConnectorAzureAdvancedThreadProtectionOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureAdvancedThreadProtectionOutput) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionOutput) ElementType() reflect.Type

func (DataConnectorAzureAdvancedThreadProtectionOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o DataConnectorAzureAdvancedThreadProtectionOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.

func (DataConnectorAzureAdvancedThreadProtectionOutput) Name added in v5.5.0 

func (o DataConnectorAzureAdvancedThreadProtectionOutput) Name() pulumi.StringOutput

The name which should be used for this Azure Advanced Threat Protection Data Connector. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.

func (DataConnectorAzureAdvancedThreadProtectionOutput) TenantId added in v5.5.0 

func (o DataConnectorAzureAdvancedThreadProtectionOutput) TenantId() pulumi.StringOutput

The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutput 

func (o DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutput() DataConnectorAzureAdvancedThreadProtectionOutput

func (DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext 

func (o DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionOutput

type DataConnectorAzureAdvancedThreadProtectionState 

type DataConnectorAzureAdvancedThreadProtectionState struct {
	// The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Azure Advanced Threat Protection Data Connector. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorAzureAdvancedThreadProtectionState) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionState) ElementType() reflect.Type

type DataConnectorAzureSecurityCenter 

type DataConnectorAzureSecurityCenter struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. Changing this forces a new Azure Security Center Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Azure Security Center Data Connector. Changing this forces a new Azure Security Center Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the subscription that this Azure Security Center Data Connector connects to. Changing this forces a new Azure Security Center Data Connector to be created.
	SubscriptionId pulumi.StringOutput `pulumi:"subscriptionId"`
}

Manages a Azure Security Center Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAzureSecurityCenter(ctx, "example", &sentinel.DataConnectorAzureSecurityCenterArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure Security Center Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorAzureSecurityCenter:DataConnectorAzureSecurityCenter example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorAzureSecurityCenter 

func GetDataConnectorAzureSecurityCenter(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAzureSecurityCenterState, opts ...pulumi.ResourceOption) (*DataConnectorAzureSecurityCenter, error)

GetDataConnectorAzureSecurityCenter gets an existing DataConnectorAzureSecurityCenter resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAzureSecurityCenter 

func NewDataConnectorAzureSecurityCenter(ctx *pulumi.Context,
	name string, args *DataConnectorAzureSecurityCenterArgs, opts ...pulumi.ResourceOption) (*DataConnectorAzureSecurityCenter, error)

NewDataConnectorAzureSecurityCenter registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAzureSecurityCenter) ElementType 

func (*DataConnectorAzureSecurityCenter) ElementType() reflect.Type

func (*DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutput 

func (i *DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutput() DataConnectorAzureSecurityCenterOutput

func (*DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutputWithContext 

func (i *DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterOutput

type DataConnectorAzureSecurityCenterArgs 

type DataConnectorAzureSecurityCenterArgs struct {
	// The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. Changing this forces a new Azure Security Center Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Azure Security Center Data Connector. Changing this forces a new Azure Security Center Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the subscription that this Azure Security Center Data Connector connects to. Changing this forces a new Azure Security Center Data Connector to be created.
	SubscriptionId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAzureSecurityCenter resource.

func (DataConnectorAzureSecurityCenterArgs) ElementType 

func (DataConnectorAzureSecurityCenterArgs) ElementType() reflect.Type

type DataConnectorAzureSecurityCenterArray 

type DataConnectorAzureSecurityCenterArray []DataConnectorAzureSecurityCenterInput

func (DataConnectorAzureSecurityCenterArray) ElementType 

func (DataConnectorAzureSecurityCenterArray) ElementType() reflect.Type

func (DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutput 

func (i DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutput() DataConnectorAzureSecurityCenterArrayOutput

func (DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutputWithContext 

func (i DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterArrayOutput

type DataConnectorAzureSecurityCenterArrayInput 

type DataConnectorAzureSecurityCenterArrayInput interface {
	pulumi.Input

	ToDataConnectorAzureSecurityCenterArrayOutput() DataConnectorAzureSecurityCenterArrayOutput
	ToDataConnectorAzureSecurityCenterArrayOutputWithContext(context.Context) DataConnectorAzureSecurityCenterArrayOutput
}

DataConnectorAzureSecurityCenterArrayInput is an input type that accepts DataConnectorAzureSecurityCenterArray and DataConnectorAzureSecurityCenterArrayOutput values. You can construct a concrete instance of `DataConnectorAzureSecurityCenterArrayInput` via: 

DataConnectorAzureSecurityCenterArray{ DataConnectorAzureSecurityCenterArgs{...} }

type DataConnectorAzureSecurityCenterArrayOutput 

type DataConnectorAzureSecurityCenterArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureSecurityCenterArrayOutput) ElementType 

func (DataConnectorAzureSecurityCenterArrayOutput) ElementType() reflect.Type

func (DataConnectorAzureSecurityCenterArrayOutput) Index 

func (o DataConnectorAzureSecurityCenterArrayOutput) Index(i pulumi.IntInput) DataConnectorAzureSecurityCenterOutput

func (DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutput 

func (o DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutput() DataConnectorAzureSecurityCenterArrayOutput

func (DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutputWithContext 

func (o DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterArrayOutput

type DataConnectorAzureSecurityCenterInput 

type DataConnectorAzureSecurityCenterInput interface {
	pulumi.Input

	ToDataConnectorAzureSecurityCenterOutput() DataConnectorAzureSecurityCenterOutput
	ToDataConnectorAzureSecurityCenterOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterOutput
}

type DataConnectorAzureSecurityCenterMap 

type DataConnectorAzureSecurityCenterMap map[string]DataConnectorAzureSecurityCenterInput

func (DataConnectorAzureSecurityCenterMap) ElementType 

func (DataConnectorAzureSecurityCenterMap) ElementType() reflect.Type

func (DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutput 

func (i DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutput() DataConnectorAzureSecurityCenterMapOutput

func (DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutputWithContext 

func (i DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterMapOutput

type DataConnectorAzureSecurityCenterMapInput 

type DataConnectorAzureSecurityCenterMapInput interface {
	pulumi.Input

	ToDataConnectorAzureSecurityCenterMapOutput() DataConnectorAzureSecurityCenterMapOutput
	ToDataConnectorAzureSecurityCenterMapOutputWithContext(context.Context) DataConnectorAzureSecurityCenterMapOutput
}

DataConnectorAzureSecurityCenterMapInput is an input type that accepts DataConnectorAzureSecurityCenterMap and DataConnectorAzureSecurityCenterMapOutput values. You can construct a concrete instance of `DataConnectorAzureSecurityCenterMapInput` via: 

DataConnectorAzureSecurityCenterMap{ "key": DataConnectorAzureSecurityCenterArgs{...} }

type DataConnectorAzureSecurityCenterMapOutput 

type DataConnectorAzureSecurityCenterMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureSecurityCenterMapOutput) ElementType 

func (DataConnectorAzureSecurityCenterMapOutput) ElementType() reflect.Type

func (DataConnectorAzureSecurityCenterMapOutput) MapIndex 

func (o DataConnectorAzureSecurityCenterMapOutput) MapIndex(k pulumi.StringInput) DataConnectorAzureSecurityCenterOutput

func (DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutput 

func (o DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutput() DataConnectorAzureSecurityCenterMapOutput

func (DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutputWithContext 

func (o DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterMapOutput

type DataConnectorAzureSecurityCenterOutput 

type DataConnectorAzureSecurityCenterOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureSecurityCenterOutput) ElementType 

func (DataConnectorAzureSecurityCenterOutput) ElementType() reflect.Type

func (DataConnectorAzureSecurityCenterOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o DataConnectorAzureSecurityCenterOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. Changing this forces a new Azure Security Center Data Connector to be created.

func (DataConnectorAzureSecurityCenterOutput) Name added in v5.5.0 

func (o DataConnectorAzureSecurityCenterOutput) Name() pulumi.StringOutput

The name which should be used for this Azure Security Center Data Connector. Changing this forces a new Azure Security Center Data Connector to be created.

func (DataConnectorAzureSecurityCenterOutput) SubscriptionId added in v5.5.0 

func (o DataConnectorAzureSecurityCenterOutput) SubscriptionId() pulumi.StringOutput

The ID of the subscription that this Azure Security Center Data Connector connects to. Changing this forces a new Azure Security Center Data Connector to be created.

func (DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutput 

func (o DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutput() DataConnectorAzureSecurityCenterOutput

func (DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutputWithContext 

func (o DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterOutput

type DataConnectorAzureSecurityCenterState 

type DataConnectorAzureSecurityCenterState struct {
	// The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. Changing this forces a new Azure Security Center Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Azure Security Center Data Connector. Changing this forces a new Azure Security Center Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the subscription that this Azure Security Center Data Connector connects to. Changing this forces a new Azure Security Center Data Connector to be created.
	SubscriptionId pulumi.StringPtrInput
}

func (DataConnectorAzureSecurityCenterState) ElementType 

func (DataConnectorAzureSecurityCenterState) ElementType() reflect.Type

type DataConnectorDynamics365 added in v5.23.0 

type DataConnectorDynamics365 struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Dynamics 365 Data Connector resides in. Changing this forces a new Dynamics 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Dynamics 365 Data Connector. Changing this forces a new Dynamics 365 Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Dynamics 365 Data Connector connects to. Changing this forces a new Dynamics 365 Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Dynamics 365 Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorDynamics365(ctx, "example", &sentinel.DataConnectorDynamics365Args{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Dynamics 365 Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorDynamics365:DataConnectorDynamics365 example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorDynamics365 added in v5.23.0 

func GetDataConnectorDynamics365(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorDynamics365State, opts ...pulumi.ResourceOption) (*DataConnectorDynamics365, error)

GetDataConnectorDynamics365 gets an existing DataConnectorDynamics365 resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorDynamics365 added in v5.23.0 

func NewDataConnectorDynamics365(ctx *pulumi.Context,
	name string, args *DataConnectorDynamics365Args, opts ...pulumi.ResourceOption) (*DataConnectorDynamics365, error)

NewDataConnectorDynamics365 registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorDynamics365) ElementType added in v5.23.0 

func (*DataConnectorDynamics365) ElementType() reflect.Type

func (*DataConnectorDynamics365) ToDataConnectorDynamics365Output added in v5.23.0 

func (i *DataConnectorDynamics365) ToDataConnectorDynamics365Output() DataConnectorDynamics365Output

func (*DataConnectorDynamics365) ToDataConnectorDynamics365OutputWithContext added in v5.23.0 

func (i *DataConnectorDynamics365) ToDataConnectorDynamics365OutputWithContext(ctx context.Context) DataConnectorDynamics365Output

type DataConnectorDynamics365Args added in v5.23.0 

type DataConnectorDynamics365Args struct {
	// The ID of the Log Analytics Workspace that this Dynamics 365 Data Connector resides in. Changing this forces a new Dynamics 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Dynamics 365 Data Connector. Changing this forces a new Dynamics 365 Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Dynamics 365 Data Connector connects to. Changing this forces a new Dynamics 365 Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorDynamics365 resource.

func (DataConnectorDynamics365Args) ElementType added in v5.23.0 

func (DataConnectorDynamics365Args) ElementType() reflect.Type

type DataConnectorDynamics365Array added in v5.23.0 

type DataConnectorDynamics365Array []DataConnectorDynamics365Input

func (DataConnectorDynamics365Array) ElementType added in v5.23.0 

func (DataConnectorDynamics365Array) ElementType() reflect.Type

func (DataConnectorDynamics365Array) ToDataConnectorDynamics365ArrayOutput added in v5.23.0 

func (i DataConnectorDynamics365Array) ToDataConnectorDynamics365ArrayOutput() DataConnectorDynamics365ArrayOutput

func (DataConnectorDynamics365Array) ToDataConnectorDynamics365ArrayOutputWithContext added in v5.23.0 

func (i DataConnectorDynamics365Array) ToDataConnectorDynamics365ArrayOutputWithContext(ctx context.Context) DataConnectorDynamics365ArrayOutput

type DataConnectorDynamics365ArrayInput added in v5.23.0 

type DataConnectorDynamics365ArrayInput interface {
	pulumi.Input

	ToDataConnectorDynamics365ArrayOutput() DataConnectorDynamics365ArrayOutput
	ToDataConnectorDynamics365ArrayOutputWithContext(context.Context) DataConnectorDynamics365ArrayOutput
}

DataConnectorDynamics365ArrayInput is an input type that accepts DataConnectorDynamics365Array and DataConnectorDynamics365ArrayOutput values. You can construct a concrete instance of `DataConnectorDynamics365ArrayInput` via: 

DataConnectorDynamics365Array{ DataConnectorDynamics365Args{...} }

type DataConnectorDynamics365ArrayOutput added in v5.23.0 

type DataConnectorDynamics365ArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorDynamics365ArrayOutput) ElementType added in v5.23.0 

func (DataConnectorDynamics365ArrayOutput) ElementType() reflect.Type

func (DataConnectorDynamics365ArrayOutput) Index added in v5.23.0 

func (o DataConnectorDynamics365ArrayOutput) Index(i pulumi.IntInput) DataConnectorDynamics365Output

func (DataConnectorDynamics365ArrayOutput) ToDataConnectorDynamics365ArrayOutput added in v5.23.0 

func (o DataConnectorDynamics365ArrayOutput) ToDataConnectorDynamics365ArrayOutput() DataConnectorDynamics365ArrayOutput

func (DataConnectorDynamics365ArrayOutput) ToDataConnectorDynamics365ArrayOutputWithContext added in v5.23.0 

func (o DataConnectorDynamics365ArrayOutput) ToDataConnectorDynamics365ArrayOutputWithContext(ctx context.Context) DataConnectorDynamics365ArrayOutput

type DataConnectorDynamics365Input added in v5.23.0 

type DataConnectorDynamics365Input interface {
	pulumi.Input

	ToDataConnectorDynamics365Output() DataConnectorDynamics365Output
	ToDataConnectorDynamics365OutputWithContext(ctx context.Context) DataConnectorDynamics365Output
}

type DataConnectorDynamics365Map added in v5.23.0 

type DataConnectorDynamics365Map map[string]DataConnectorDynamics365Input

func (DataConnectorDynamics365Map) ElementType added in v5.23.0 

func (DataConnectorDynamics365Map) ElementType() reflect.Type

func (DataConnectorDynamics365Map) ToDataConnectorDynamics365MapOutput added in v5.23.0 

func (i DataConnectorDynamics365Map) ToDataConnectorDynamics365MapOutput() DataConnectorDynamics365MapOutput

func (DataConnectorDynamics365Map) ToDataConnectorDynamics365MapOutputWithContext added in v5.23.0 

func (i DataConnectorDynamics365Map) ToDataConnectorDynamics365MapOutputWithContext(ctx context.Context) DataConnectorDynamics365MapOutput

type DataConnectorDynamics365MapInput added in v5.23.0 

type DataConnectorDynamics365MapInput interface {
	pulumi.Input

	ToDataConnectorDynamics365MapOutput() DataConnectorDynamics365MapOutput
	ToDataConnectorDynamics365MapOutputWithContext(context.Context) DataConnectorDynamics365MapOutput
}

DataConnectorDynamics365MapInput is an input type that accepts DataConnectorDynamics365Map and DataConnectorDynamics365MapOutput values. You can construct a concrete instance of `DataConnectorDynamics365MapInput` via: 

DataConnectorDynamics365Map{ "key": DataConnectorDynamics365Args{...} }

type DataConnectorDynamics365MapOutput added in v5.23.0 

type DataConnectorDynamics365MapOutput struct{ *pulumi.OutputState }

func (DataConnectorDynamics365MapOutput) ElementType added in v5.23.0 

func (DataConnectorDynamics365MapOutput) ElementType() reflect.Type

func (DataConnectorDynamics365MapOutput) MapIndex added in v5.23.0 

func (o DataConnectorDynamics365MapOutput) MapIndex(k pulumi.StringInput) DataConnectorDynamics365Output

func (DataConnectorDynamics365MapOutput) ToDataConnectorDynamics365MapOutput added in v5.23.0 

func (o DataConnectorDynamics365MapOutput) ToDataConnectorDynamics365MapOutput() DataConnectorDynamics365MapOutput

func (DataConnectorDynamics365MapOutput) ToDataConnectorDynamics365MapOutputWithContext added in v5.23.0 

func (o DataConnectorDynamics365MapOutput) ToDataConnectorDynamics365MapOutputWithContext(ctx context.Context) DataConnectorDynamics365MapOutput

type DataConnectorDynamics365Output added in v5.23.0 

type DataConnectorDynamics365Output struct{ *pulumi.OutputState }

func (DataConnectorDynamics365Output) ElementType added in v5.23.0 

func (DataConnectorDynamics365Output) ElementType() reflect.Type

func (DataConnectorDynamics365Output) LogAnalyticsWorkspaceId added in v5.23.0 

func (o DataConnectorDynamics365Output) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Dynamics 365 Data Connector resides in. Changing this forces a new Dynamics 365 Data Connector to be created.

func (DataConnectorDynamics365Output) Name added in v5.23.0 

func (o DataConnectorDynamics365Output) Name() pulumi.StringOutput

The name which should be used for this Dynamics 365 Data Connector. Changing this forces a new Dynamics 365 Data Connector to be created.

func (DataConnectorDynamics365Output) TenantId added in v5.23.0 

func (o DataConnectorDynamics365Output) TenantId() pulumi.StringOutput

The ID of the tenant that this Dynamics 365 Data Connector connects to. Changing this forces a new Dynamics 365 Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorDynamics365Output) ToDataConnectorDynamics365Output added in v5.23.0 

func (o DataConnectorDynamics365Output) ToDataConnectorDynamics365Output() DataConnectorDynamics365Output

func (DataConnectorDynamics365Output) ToDataConnectorDynamics365OutputWithContext added in v5.23.0 

func (o DataConnectorDynamics365Output) ToDataConnectorDynamics365OutputWithContext(ctx context.Context) DataConnectorDynamics365Output

type DataConnectorDynamics365State added in v5.23.0 

type DataConnectorDynamics365State struct {
	// The ID of the Log Analytics Workspace that this Dynamics 365 Data Connector resides in. Changing this forces a new Dynamics 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Dynamics 365 Data Connector. Changing this forces a new Dynamics 365 Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Dynamics 365 Data Connector connects to. Changing this forces a new Dynamics 365 Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorDynamics365State) ElementType added in v5.23.0 

func (DataConnectorDynamics365State) ElementType() reflect.Type

type DataConnectorIot added in v5.23.0 

type DataConnectorIot struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Iot Data Connector resides in. Changing this forces a new Iot Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Iot Data Connector. Changing this forces a new Iot Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the subscription that this Iot Data Connector connects to. Changing this forces a new Iot Data Connector to be created.
	SubscriptionId pulumi.StringOutput `pulumi:"subscriptionId"`
}

Manages an Iot Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorIot(ctx, "example", &sentinel.DataConnectorIotArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Iot Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorIot:DataConnectorIot example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorIot added in v5.23.0 

func GetDataConnectorIot(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorIotState, opts ...pulumi.ResourceOption) (*DataConnectorIot, error)

GetDataConnectorIot gets an existing DataConnectorIot resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorIot added in v5.23.0 

func NewDataConnectorIot(ctx *pulumi.Context,
	name string, args *DataConnectorIotArgs, opts ...pulumi.ResourceOption) (*DataConnectorIot, error)

NewDataConnectorIot registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorIot) ElementType added in v5.23.0 

func (*DataConnectorIot) ElementType() reflect.Type

func (*DataConnectorIot) ToDataConnectorIotOutput added in v5.23.0 

func (i *DataConnectorIot) ToDataConnectorIotOutput() DataConnectorIotOutput

func (*DataConnectorIot) ToDataConnectorIotOutputWithContext added in v5.23.0 

func (i *DataConnectorIot) ToDataConnectorIotOutputWithContext(ctx context.Context) DataConnectorIotOutput

type DataConnectorIotArgs added in v5.23.0 

type DataConnectorIotArgs struct {
	// The ID of the Log Analytics Workspace that this Iot Data Connector resides in. Changing this forces a new Iot Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Iot Data Connector. Changing this forces a new Iot Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the subscription that this Iot Data Connector connects to. Changing this forces a new Iot Data Connector to be created.
	SubscriptionId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorIot resource.

func (DataConnectorIotArgs) ElementType added in v5.23.0 

func (DataConnectorIotArgs) ElementType() reflect.Type

type DataConnectorIotArray added in v5.23.0 

type DataConnectorIotArray []DataConnectorIotInput

func (DataConnectorIotArray) ElementType added in v5.23.0 

func (DataConnectorIotArray) ElementType() reflect.Type

func (DataConnectorIotArray) ToDataConnectorIotArrayOutput added in v5.23.0 

func (i DataConnectorIotArray) ToDataConnectorIotArrayOutput() DataConnectorIotArrayOutput

func (DataConnectorIotArray) ToDataConnectorIotArrayOutputWithContext added in v5.23.0 

func (i DataConnectorIotArray) ToDataConnectorIotArrayOutputWithContext(ctx context.Context) DataConnectorIotArrayOutput

type DataConnectorIotArrayInput added in v5.23.0 

type DataConnectorIotArrayInput interface {
	pulumi.Input

	ToDataConnectorIotArrayOutput() DataConnectorIotArrayOutput
	ToDataConnectorIotArrayOutputWithContext(context.Context) DataConnectorIotArrayOutput
}

DataConnectorIotArrayInput is an input type that accepts DataConnectorIotArray and DataConnectorIotArrayOutput values. You can construct a concrete instance of `DataConnectorIotArrayInput` via: 

DataConnectorIotArray{ DataConnectorIotArgs{...} }

type DataConnectorIotArrayOutput added in v5.23.0 

type DataConnectorIotArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorIotArrayOutput) ElementType added in v5.23.0 

func (DataConnectorIotArrayOutput) ElementType() reflect.Type

func (DataConnectorIotArrayOutput) Index added in v5.23.0 

func (o DataConnectorIotArrayOutput) Index(i pulumi.IntInput) DataConnectorIotOutput

func (DataConnectorIotArrayOutput) ToDataConnectorIotArrayOutput added in v5.23.0 

func (o DataConnectorIotArrayOutput) ToDataConnectorIotArrayOutput() DataConnectorIotArrayOutput

func (DataConnectorIotArrayOutput) ToDataConnectorIotArrayOutputWithContext added in v5.23.0 

func (o DataConnectorIotArrayOutput) ToDataConnectorIotArrayOutputWithContext(ctx context.Context) DataConnectorIotArrayOutput

type DataConnectorIotInput added in v5.23.0 

type DataConnectorIotInput interface {
	pulumi.Input

	ToDataConnectorIotOutput() DataConnectorIotOutput
	ToDataConnectorIotOutputWithContext(ctx context.Context) DataConnectorIotOutput
}

type DataConnectorIotMap added in v5.23.0 

type DataConnectorIotMap map[string]DataConnectorIotInput

func (DataConnectorIotMap) ElementType added in v5.23.0 

func (DataConnectorIotMap) ElementType() reflect.Type

func (DataConnectorIotMap) ToDataConnectorIotMapOutput added in v5.23.0 

func (i DataConnectorIotMap) ToDataConnectorIotMapOutput() DataConnectorIotMapOutput

func (DataConnectorIotMap) ToDataConnectorIotMapOutputWithContext added in v5.23.0 

func (i DataConnectorIotMap) ToDataConnectorIotMapOutputWithContext(ctx context.Context) DataConnectorIotMapOutput

type DataConnectorIotMapInput added in v5.23.0 

type DataConnectorIotMapInput interface {
	pulumi.Input

	ToDataConnectorIotMapOutput() DataConnectorIotMapOutput
	ToDataConnectorIotMapOutputWithContext(context.Context) DataConnectorIotMapOutput
}

DataConnectorIotMapInput is an input type that accepts DataConnectorIotMap and DataConnectorIotMapOutput values. You can construct a concrete instance of `DataConnectorIotMapInput` via: 

DataConnectorIotMap{ "key": DataConnectorIotArgs{...} }

type DataConnectorIotMapOutput added in v5.23.0 

type DataConnectorIotMapOutput struct{ *pulumi.OutputState }

func (DataConnectorIotMapOutput) ElementType added in v5.23.0 

func (DataConnectorIotMapOutput) ElementType() reflect.Type

func (DataConnectorIotMapOutput) MapIndex added in v5.23.0 

func (o DataConnectorIotMapOutput) MapIndex(k pulumi.StringInput) DataConnectorIotOutput

func (DataConnectorIotMapOutput) ToDataConnectorIotMapOutput added in v5.23.0 

func (o DataConnectorIotMapOutput) ToDataConnectorIotMapOutput() DataConnectorIotMapOutput

func (DataConnectorIotMapOutput) ToDataConnectorIotMapOutputWithContext added in v5.23.0 

func (o DataConnectorIotMapOutput) ToDataConnectorIotMapOutputWithContext(ctx context.Context) DataConnectorIotMapOutput

type DataConnectorIotOutput added in v5.23.0 

type DataConnectorIotOutput struct{ *pulumi.OutputState }

func (DataConnectorIotOutput) ElementType added in v5.23.0 

func (DataConnectorIotOutput) ElementType() reflect.Type

func (DataConnectorIotOutput) LogAnalyticsWorkspaceId added in v5.23.0 

func (o DataConnectorIotOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Iot Data Connector resides in. Changing this forces a new Iot Data Connector to be created.

func (DataConnectorIotOutput) Name added in v5.23.0 

func (o DataConnectorIotOutput) Name() pulumi.StringOutput

The name which should be used for this Iot Data Connector. Changing this forces a new Iot Data Connector to be created.

func (DataConnectorIotOutput) SubscriptionId added in v5.23.0 

func (o DataConnectorIotOutput) SubscriptionId() pulumi.StringOutput

The ID of the subscription that this Iot Data Connector connects to. Changing this forces a new Iot Data Connector to be created.

func (DataConnectorIotOutput) ToDataConnectorIotOutput added in v5.23.0 

func (o DataConnectorIotOutput) ToDataConnectorIotOutput() DataConnectorIotOutput

func (DataConnectorIotOutput) ToDataConnectorIotOutputWithContext added in v5.23.0 

func (o DataConnectorIotOutput) ToDataConnectorIotOutputWithContext(ctx context.Context) DataConnectorIotOutput

type DataConnectorIotState added in v5.23.0 

type DataConnectorIotState struct {
	// The ID of the Log Analytics Workspace that this Iot Data Connector resides in. Changing this forces a new Iot Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Iot Data Connector. Changing this forces a new Iot Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the subscription that this Iot Data Connector connects to. Changing this forces a new Iot Data Connector to be created.
	SubscriptionId pulumi.StringPtrInput
}

func (DataConnectorIotState) ElementType added in v5.23.0 

func (DataConnectorIotState) ElementType() reflect.Type

type DataConnectorMicrosoftCloudAppSecurity 

type DataConnectorMicrosoftCloudAppSecurity struct {
	pulumi.CustomResourceState

	// Should the alerts be enabled? Defaults to `true`.
	AlertsEnabled pulumi.BoolPtrOutput `pulumi:"alertsEnabled"`
	// Should the Discovery Logs be enabled? Defaults to `true`.
	//
	// > **NOTE:** One of either `alertsEnabled` or `discoveryLogsEnabled` has to be specified.
	DiscoveryLogsEnabled pulumi.BoolPtrOutput `pulumi:"discoveryLogsEnabled"`
	// The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Microsoft Cloud App Security Data Connector. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Microsoft Cloud App Security Data Connector. 

!> **NOTE:** This resource requires that [Enterprise Mobility + Security E5](https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security) is enabled on the tenant being connected to.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorMicrosoftCloudAppSecurity(ctx, "example", &sentinel.DataConnectorMicrosoftCloudAppSecurityArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Microsoft Cloud App Security Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorMicrosoftCloudAppSecurity:DataConnectorMicrosoftCloudAppSecurity example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorMicrosoftCloudAppSecurity 

func GetDataConnectorMicrosoftCloudAppSecurity(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorMicrosoftCloudAppSecurityState, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftCloudAppSecurity, error)

GetDataConnectorMicrosoftCloudAppSecurity gets an existing DataConnectorMicrosoftCloudAppSecurity resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorMicrosoftCloudAppSecurity 

func NewDataConnectorMicrosoftCloudAppSecurity(ctx *pulumi.Context,
	name string, args *DataConnectorMicrosoftCloudAppSecurityArgs, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftCloudAppSecurity, error)

NewDataConnectorMicrosoftCloudAppSecurity registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorMicrosoftCloudAppSecurity) ElementType 

func (*DataConnectorMicrosoftCloudAppSecurity) ElementType() reflect.Type

func (*DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutput 

func (i *DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutput() DataConnectorMicrosoftCloudAppSecurityOutput

func (*DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext 

func (i *DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityOutput

type DataConnectorMicrosoftCloudAppSecurityArgs 

type DataConnectorMicrosoftCloudAppSecurityArgs struct {
	// Should the alerts be enabled? Defaults to `true`.
	AlertsEnabled pulumi.BoolPtrInput
	// Should the Discovery Logs be enabled? Defaults to `true`.
	//
	// > **NOTE:** One of either `alertsEnabled` or `discoveryLogsEnabled` has to be specified.
	DiscoveryLogsEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Microsoft Cloud App Security Data Connector. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorMicrosoftCloudAppSecurity resource.

func (DataConnectorMicrosoftCloudAppSecurityArgs) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityArgs) ElementType() reflect.Type

type DataConnectorMicrosoftCloudAppSecurityArray 

type DataConnectorMicrosoftCloudAppSecurityArray []DataConnectorMicrosoftCloudAppSecurityInput

func (DataConnectorMicrosoftCloudAppSecurityArray) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityArray) ElementType() reflect.Type

func (DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput 

func (i DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput() DataConnectorMicrosoftCloudAppSecurityArrayOutput

func (DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext 

func (i DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityArrayOutput

type DataConnectorMicrosoftCloudAppSecurityArrayInput 

type DataConnectorMicrosoftCloudAppSecurityArrayInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftCloudAppSecurityArrayOutput() DataConnectorMicrosoftCloudAppSecurityArrayOutput
	ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext(context.Context) DataConnectorMicrosoftCloudAppSecurityArrayOutput
}

DataConnectorMicrosoftCloudAppSecurityArrayInput is an input type that accepts DataConnectorMicrosoftCloudAppSecurityArray and DataConnectorMicrosoftCloudAppSecurityArrayOutput values. You can construct a concrete instance of `DataConnectorMicrosoftCloudAppSecurityArrayInput` via: 

DataConnectorMicrosoftCloudAppSecurityArray{ DataConnectorMicrosoftCloudAppSecurityArgs{...} }

type DataConnectorMicrosoftCloudAppSecurityArrayOutput 

type DataConnectorMicrosoftCloudAppSecurityArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) Index 

func (o DataConnectorMicrosoftCloudAppSecurityArrayOutput) Index(i pulumi.IntInput) DataConnectorMicrosoftCloudAppSecurityOutput

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput 

func (o DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput() DataConnectorMicrosoftCloudAppSecurityArrayOutput

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext 

func (o DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityArrayOutput

type DataConnectorMicrosoftCloudAppSecurityInput 

type DataConnectorMicrosoftCloudAppSecurityInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftCloudAppSecurityOutput() DataConnectorMicrosoftCloudAppSecurityOutput
	ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityOutput
}

type DataConnectorMicrosoftCloudAppSecurityMap 

type DataConnectorMicrosoftCloudAppSecurityMap map[string]DataConnectorMicrosoftCloudAppSecurityInput

func (DataConnectorMicrosoftCloudAppSecurityMap) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityMap) ElementType() reflect.Type

func (DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutput 

func (i DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutput() DataConnectorMicrosoftCloudAppSecurityMapOutput

func (DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext 

func (i DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityMapOutput

type DataConnectorMicrosoftCloudAppSecurityMapInput 

type DataConnectorMicrosoftCloudAppSecurityMapInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftCloudAppSecurityMapOutput() DataConnectorMicrosoftCloudAppSecurityMapOutput
	ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext(context.Context) DataConnectorMicrosoftCloudAppSecurityMapOutput
}

DataConnectorMicrosoftCloudAppSecurityMapInput is an input type that accepts DataConnectorMicrosoftCloudAppSecurityMap and DataConnectorMicrosoftCloudAppSecurityMapOutput values. You can construct a concrete instance of `DataConnectorMicrosoftCloudAppSecurityMapInput` via: 

DataConnectorMicrosoftCloudAppSecurityMap{ "key": DataConnectorMicrosoftCloudAppSecurityArgs{...} }

type DataConnectorMicrosoftCloudAppSecurityMapOutput 

type DataConnectorMicrosoftCloudAppSecurityMapOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) MapIndex 

func (o DataConnectorMicrosoftCloudAppSecurityMapOutput) MapIndex(k pulumi.StringInput) DataConnectorMicrosoftCloudAppSecurityOutput

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutput 

func (o DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutput() DataConnectorMicrosoftCloudAppSecurityMapOutput

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext 

func (o DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityMapOutput

type DataConnectorMicrosoftCloudAppSecurityOutput 

type DataConnectorMicrosoftCloudAppSecurityOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftCloudAppSecurityOutput) AlertsEnabled added in v5.5.0 

func (o DataConnectorMicrosoftCloudAppSecurityOutput) AlertsEnabled() pulumi.BoolPtrOutput

Should the alerts be enabled? Defaults to `true`.

func (DataConnectorMicrosoftCloudAppSecurityOutput) DiscoveryLogsEnabled added in v5.5.0 

func (o DataConnectorMicrosoftCloudAppSecurityOutput) DiscoveryLogsEnabled() pulumi.BoolPtrOutput

Should the Discovery Logs be enabled? Defaults to `true`.

> **NOTE:** One of either `alertsEnabled` or `discoveryLogsEnabled` has to be specified.

func (DataConnectorMicrosoftCloudAppSecurityOutput) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftCloudAppSecurityOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o DataConnectorMicrosoftCloudAppSecurityOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.

func (DataConnectorMicrosoftCloudAppSecurityOutput) Name added in v5.5.0 

func (o DataConnectorMicrosoftCloudAppSecurityOutput) Name() pulumi.StringOutput

The name which should be used for this Microsoft Cloud App Security Data Connector. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.

func (DataConnectorMicrosoftCloudAppSecurityOutput) TenantId added in v5.5.0 

func (o DataConnectorMicrosoftCloudAppSecurityOutput) TenantId() pulumi.StringOutput

The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutput 

func (o DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutput() DataConnectorMicrosoftCloudAppSecurityOutput

func (DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext 

func (o DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityOutput

type DataConnectorMicrosoftCloudAppSecurityState 

type DataConnectorMicrosoftCloudAppSecurityState struct {
	// Should the alerts be enabled? Defaults to `true`.
	AlertsEnabled pulumi.BoolPtrInput
	// Should the Discovery Logs be enabled? Defaults to `true`.
	//
	// > **NOTE:** One of either `alertsEnabled` or `discoveryLogsEnabled` has to be specified.
	DiscoveryLogsEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Microsoft Cloud App Security Data Connector. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorMicrosoftCloudAppSecurityState) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityState) ElementType() reflect.Type

type DataConnectorMicrosoftDefenderAdvancedThreatProtection 

type DataConnectorMicrosoftDefenderAdvancedThreatProtection struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Microsoft Defender Advanced Threat Protection Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorMicrosoftDefenderAdvancedThreatProtection(ctx, "example", &sentinel.DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Microsoft Defender Advanced Threat Protection Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorMicrosoftDefenderAdvancedThreatProtection:DataConnectorMicrosoftDefenderAdvancedThreatProtection example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorMicrosoftDefenderAdvancedThreatProtection 

func GetDataConnectorMicrosoftDefenderAdvancedThreatProtection(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorMicrosoftDefenderAdvancedThreatProtectionState, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftDefenderAdvancedThreatProtection, error)

GetDataConnectorMicrosoftDefenderAdvancedThreatProtection gets an existing DataConnectorMicrosoftDefenderAdvancedThreatProtection resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorMicrosoftDefenderAdvancedThreatProtection 

func NewDataConnectorMicrosoftDefenderAdvancedThreatProtection(ctx *pulumi.Context,
	name string, args *DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftDefenderAdvancedThreatProtection, error)

NewDataConnectorMicrosoftDefenderAdvancedThreatProtection registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorMicrosoftDefenderAdvancedThreatProtection) ElementType 

func (*DataConnectorMicrosoftDefenderAdvancedThreatProtection) ElementType() reflect.Type

func (*DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput 

func (i *DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

func (*DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext 

func (i *DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs struct {
	// The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorMicrosoftDefenderAdvancedThreatProtection resource.

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs) ElementType 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs) ElementType() reflect.Type

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray []DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ElementType 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ElementType() reflect.Type

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput 

func (i DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext 

func (i DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput
	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext(context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput
}

DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput is an input type that accepts DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray and DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput values. You can construct a concrete instance of `DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput` via: 

DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray{ DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs{...} }

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ElementType 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) Index 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) Index(i pulumi.IntInput) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput
	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput
}

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap map[string]DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ElementType 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ElementType() reflect.Type

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput 

func (i DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext 

func (i DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput
	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext(context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput
}

DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput is an input type that accepts DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap and DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput values. You can construct a concrete instance of `DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput` via: 

DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap{ "key": DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs{...} }

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ElementType 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) MapIndex 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) MapIndex(k pulumi.StringInput) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ElementType 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) Name added in v5.5.0 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) Name() pulumi.StringOutput

The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) TenantId added in v5.5.0 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) TenantId() pulumi.StringOutput

The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionState 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionState struct {
	// The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionState) ElementType 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionState) ElementType() reflect.Type

type DataConnectorMicrosoftThreatIntelligence added in v5.35.0 

type DataConnectorMicrosoftThreatIntelligence struct {
	pulumi.CustomResourceState

	// The lookback date for the Bing Safety Phishing Url in RFC3339. Changing this forces a new Data Connector to be created.
	//
	// > **Note:** `bingSafetyPhishingUrlLookbackDate` has been deprecated as the API no longer supports it and will be removed in version 4.0 of the provider.
	//
	// Deprecated: This field is deprecated and will be removed in version 4.0 of the AzureRM Provider.
	BingSafetyPhishingUrlLookbackDate pulumi.StringPtrOutput `pulumi:"bingSafetyPhishingUrlLookbackDate"`
	// The ID of the Log Analytics Workspace. Changing this forces a new Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The lookback date for the Microsoft Emerging Threat Feed in RFC3339. Changing this forces a new Data Connector to be created.
	//
	// > **Note:** `microsoftEmergingThreatFeedLookbackDate` will be required in version 4.0 of the provider.
	//
	// > **NOTE:** At least one of `bingSafetyPhishingUrlLookbackDate` and `microsoftEmergingThreatFeedLookbackDate` must be specified.
	MicrosoftEmergingThreatFeedLookbackDate pulumi.StringPtrOutput `pulumi:"microsoftEmergingThreatFeedLookbackDate"`
	// The name which should be used for this Microsoft Threat Intelligence Data Connector. Changing this forces a new Microsoft Threat Intelligence Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Microsoft Threat Intelligence Data Connector connects to. Changing this forces a new Microsoft Threat Intelligence Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Microsoft Threat Intelligence Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("east us"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorMicrosoftThreatIntelligence(ctx, "example", &sentinel.DataConnectorMicrosoftThreatIntelligenceArgs{
			Name:                                    pulumi.String("example-dc-msti"),
			LogAnalyticsWorkspaceId:                 exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			MicrosoftEmergingThreatFeedLookbackDate: pulumi.String("1970-01-01T00:00:00Z"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

sentinels can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorMicrosoftThreatIntelligence:DataConnectorMicrosoftThreatIntelligence example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorMicrosoftThreatIntelligence added in v5.35.0 

func GetDataConnectorMicrosoftThreatIntelligence(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorMicrosoftThreatIntelligenceState, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftThreatIntelligence, error)

GetDataConnectorMicrosoftThreatIntelligence gets an existing DataConnectorMicrosoftThreatIntelligence resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorMicrosoftThreatIntelligence added in v5.35.0 

func NewDataConnectorMicrosoftThreatIntelligence(ctx *pulumi.Context,
	name string, args *DataConnectorMicrosoftThreatIntelligenceArgs, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftThreatIntelligence, error)

NewDataConnectorMicrosoftThreatIntelligence registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorMicrosoftThreatIntelligence) ElementType added in v5.35.0 

func (*DataConnectorMicrosoftThreatIntelligence) ElementType() reflect.Type

func (*DataConnectorMicrosoftThreatIntelligence) ToDataConnectorMicrosoftThreatIntelligenceOutput added in v5.35.0 

func (i *DataConnectorMicrosoftThreatIntelligence) ToDataConnectorMicrosoftThreatIntelligenceOutput() DataConnectorMicrosoftThreatIntelligenceOutput

func (*DataConnectorMicrosoftThreatIntelligence) ToDataConnectorMicrosoftThreatIntelligenceOutputWithContext added in v5.35.0 

func (i *DataConnectorMicrosoftThreatIntelligence) ToDataConnectorMicrosoftThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatIntelligenceOutput

type DataConnectorMicrosoftThreatIntelligenceArgs added in v5.35.0 

type DataConnectorMicrosoftThreatIntelligenceArgs struct {
	// The lookback date for the Bing Safety Phishing Url in RFC3339. Changing this forces a new Data Connector to be created.
	//
	// > **Note:** `bingSafetyPhishingUrlLookbackDate` has been deprecated as the API no longer supports it and will be removed in version 4.0 of the provider.
	//
	// Deprecated: This field is deprecated and will be removed in version 4.0 of the AzureRM Provider.
	BingSafetyPhishingUrlLookbackDate pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace. Changing this forces a new Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The lookback date for the Microsoft Emerging Threat Feed in RFC3339. Changing this forces a new Data Connector to be created.
	//
	// > **Note:** `microsoftEmergingThreatFeedLookbackDate` will be required in version 4.0 of the provider.
	//
	// > **NOTE:** At least one of `bingSafetyPhishingUrlLookbackDate` and `microsoftEmergingThreatFeedLookbackDate` must be specified.
	MicrosoftEmergingThreatFeedLookbackDate pulumi.StringPtrInput
	// The name which should be used for this Microsoft Threat Intelligence Data Connector. Changing this forces a new Microsoft Threat Intelligence Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Microsoft Threat Intelligence Data Connector connects to. Changing this forces a new Microsoft Threat Intelligence Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorMicrosoftThreatIntelligence resource.

func (DataConnectorMicrosoftThreatIntelligenceArgs) ElementType added in v5.35.0 

func (DataConnectorMicrosoftThreatIntelligenceArgs) ElementType() reflect.Type

type DataConnectorMicrosoftThreatIntelligenceArray added in v5.35.0 

type DataConnectorMicrosoftThreatIntelligenceArray []DataConnectorMicrosoftThreatIntelligenceInput

func (DataConnectorMicrosoftThreatIntelligenceArray) ElementType added in v5.35.0 

func (DataConnectorMicrosoftThreatIntelligenceArray) ElementType() reflect.Type

func (DataConnectorMicrosoftThreatIntelligenceArray) ToDataConnectorMicrosoftThreatIntelligenceArrayOutput added in v5.35.0 

func (i DataConnectorMicrosoftThreatIntelligenceArray) ToDataConnectorMicrosoftThreatIntelligenceArrayOutput() DataConnectorMicrosoftThreatIntelligenceArrayOutput

func (DataConnectorMicrosoftThreatIntelligenceArray) ToDataConnectorMicrosoftThreatIntelligenceArrayOutputWithContext added in v5.35.0 

func (i DataConnectorMicrosoftThreatIntelligenceArray) ToDataConnectorMicrosoftThreatIntelligenceArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatIntelligenceArrayOutput

type DataConnectorMicrosoftThreatIntelligenceArrayInput added in v5.35.0 

type DataConnectorMicrosoftThreatIntelligenceArrayInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftThreatIntelligenceArrayOutput() DataConnectorMicrosoftThreatIntelligenceArrayOutput
	ToDataConnectorMicrosoftThreatIntelligenceArrayOutputWithContext(context.Context) DataConnectorMicrosoftThreatIntelligenceArrayOutput
}

DataConnectorMicrosoftThreatIntelligenceArrayInput is an input type that accepts DataConnectorMicrosoftThreatIntelligenceArray and DataConnectorMicrosoftThreatIntelligenceArrayOutput values. You can construct a concrete instance of `DataConnectorMicrosoftThreatIntelligenceArrayInput` via: 

DataConnectorMicrosoftThreatIntelligenceArray{ DataConnectorMicrosoftThreatIntelligenceArgs{...} }

type DataConnectorMicrosoftThreatIntelligenceArrayOutput added in v5.35.0 

type DataConnectorMicrosoftThreatIntelligenceArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftThreatIntelligenceArrayOutput) ElementType added in v5.35.0 

func (DataConnectorMicrosoftThreatIntelligenceArrayOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftThreatIntelligenceArrayOutput) Index added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceArrayOutput) Index(i pulumi.IntInput) DataConnectorMicrosoftThreatIntelligenceOutput

func (DataConnectorMicrosoftThreatIntelligenceArrayOutput) ToDataConnectorMicrosoftThreatIntelligenceArrayOutput added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceArrayOutput) ToDataConnectorMicrosoftThreatIntelligenceArrayOutput() DataConnectorMicrosoftThreatIntelligenceArrayOutput

func (DataConnectorMicrosoftThreatIntelligenceArrayOutput) ToDataConnectorMicrosoftThreatIntelligenceArrayOutputWithContext added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceArrayOutput) ToDataConnectorMicrosoftThreatIntelligenceArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatIntelligenceArrayOutput

type DataConnectorMicrosoftThreatIntelligenceInput added in v5.35.0 

type DataConnectorMicrosoftThreatIntelligenceInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftThreatIntelligenceOutput() DataConnectorMicrosoftThreatIntelligenceOutput
	ToDataConnectorMicrosoftThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatIntelligenceOutput
}

type DataConnectorMicrosoftThreatIntelligenceMap added in v5.35.0 

type DataConnectorMicrosoftThreatIntelligenceMap map[string]DataConnectorMicrosoftThreatIntelligenceInput

func (DataConnectorMicrosoftThreatIntelligenceMap) ElementType added in v5.35.0 

func (DataConnectorMicrosoftThreatIntelligenceMap) ElementType() reflect.Type

func (DataConnectorMicrosoftThreatIntelligenceMap) ToDataConnectorMicrosoftThreatIntelligenceMapOutput added in v5.35.0 

func (i DataConnectorMicrosoftThreatIntelligenceMap) ToDataConnectorMicrosoftThreatIntelligenceMapOutput() DataConnectorMicrosoftThreatIntelligenceMapOutput

func (DataConnectorMicrosoftThreatIntelligenceMap) ToDataConnectorMicrosoftThreatIntelligenceMapOutputWithContext added in v5.35.0 

func (i DataConnectorMicrosoftThreatIntelligenceMap) ToDataConnectorMicrosoftThreatIntelligenceMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatIntelligenceMapOutput

type DataConnectorMicrosoftThreatIntelligenceMapInput added in v5.35.0 

type DataConnectorMicrosoftThreatIntelligenceMapInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftThreatIntelligenceMapOutput() DataConnectorMicrosoftThreatIntelligenceMapOutput
	ToDataConnectorMicrosoftThreatIntelligenceMapOutputWithContext(context.Context) DataConnectorMicrosoftThreatIntelligenceMapOutput
}

DataConnectorMicrosoftThreatIntelligenceMapInput is an input type that accepts DataConnectorMicrosoftThreatIntelligenceMap and DataConnectorMicrosoftThreatIntelligenceMapOutput values. You can construct a concrete instance of `DataConnectorMicrosoftThreatIntelligenceMapInput` via: 

DataConnectorMicrosoftThreatIntelligenceMap{ "key": DataConnectorMicrosoftThreatIntelligenceArgs{...} }

type DataConnectorMicrosoftThreatIntelligenceMapOutput added in v5.35.0 

type DataConnectorMicrosoftThreatIntelligenceMapOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftThreatIntelligenceMapOutput) ElementType added in v5.35.0 

func (DataConnectorMicrosoftThreatIntelligenceMapOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftThreatIntelligenceMapOutput) MapIndex added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceMapOutput) MapIndex(k pulumi.StringInput) DataConnectorMicrosoftThreatIntelligenceOutput

func (DataConnectorMicrosoftThreatIntelligenceMapOutput) ToDataConnectorMicrosoftThreatIntelligenceMapOutput added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceMapOutput) ToDataConnectorMicrosoftThreatIntelligenceMapOutput() DataConnectorMicrosoftThreatIntelligenceMapOutput

func (DataConnectorMicrosoftThreatIntelligenceMapOutput) ToDataConnectorMicrosoftThreatIntelligenceMapOutputWithContext added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceMapOutput) ToDataConnectorMicrosoftThreatIntelligenceMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatIntelligenceMapOutput

type DataConnectorMicrosoftThreatIntelligenceOutput added in v5.35.0 

type DataConnectorMicrosoftThreatIntelligenceOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftThreatIntelligenceOutput) BingSafetyPhishingUrlLookbackDate deprecated added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceOutput) BingSafetyPhishingUrlLookbackDate() pulumi.StringPtrOutput

The lookback date for the Bing Safety Phishing Url in RFC3339. Changing this forces a new Data Connector to be created.

> **Note:** `bingSafetyPhishingUrlLookbackDate` has been deprecated as the API no longer supports it and will be removed in version 4.0 of the provider.

Deprecated: This field is deprecated and will be removed in version 4.0 of the AzureRM Provider.

func (DataConnectorMicrosoftThreatIntelligenceOutput) ElementType added in v5.35.0 

func (DataConnectorMicrosoftThreatIntelligenceOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftThreatIntelligenceOutput) LogAnalyticsWorkspaceId added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace. Changing this forces a new Data Connector to be created.

func (DataConnectorMicrosoftThreatIntelligenceOutput) MicrosoftEmergingThreatFeedLookbackDate added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceOutput) MicrosoftEmergingThreatFeedLookbackDate() pulumi.StringPtrOutput

The lookback date for the Microsoft Emerging Threat Feed in RFC3339. Changing this forces a new Data Connector to be created.

> **Note:** `microsoftEmergingThreatFeedLookbackDate` will be required in version 4.0 of the provider.

> **NOTE:** At least one of `bingSafetyPhishingUrlLookbackDate` and `microsoftEmergingThreatFeedLookbackDate` must be specified.

func (DataConnectorMicrosoftThreatIntelligenceOutput) Name added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceOutput) Name() pulumi.StringOutput

The name which should be used for this Microsoft Threat Intelligence Data Connector. Changing this forces a new Microsoft Threat Intelligence Data Connector to be created.

func (DataConnectorMicrosoftThreatIntelligenceOutput) TenantId added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceOutput) TenantId() pulumi.StringOutput

The ID of the tenant that this Microsoft Threat Intelligence Data Connector connects to. Changing this forces a new Microsoft Threat Intelligence Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorMicrosoftThreatIntelligenceOutput) ToDataConnectorMicrosoftThreatIntelligenceOutput added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceOutput) ToDataConnectorMicrosoftThreatIntelligenceOutput() DataConnectorMicrosoftThreatIntelligenceOutput

func (DataConnectorMicrosoftThreatIntelligenceOutput) ToDataConnectorMicrosoftThreatIntelligenceOutputWithContext added in v5.35.0 

func (o DataConnectorMicrosoftThreatIntelligenceOutput) ToDataConnectorMicrosoftThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatIntelligenceOutput

type DataConnectorMicrosoftThreatIntelligenceState added in v5.35.0 

type DataConnectorMicrosoftThreatIntelligenceState struct {
	// The lookback date for the Bing Safety Phishing Url in RFC3339. Changing this forces a new Data Connector to be created.
	//
	// > **Note:** `bingSafetyPhishingUrlLookbackDate` has been deprecated as the API no longer supports it and will be removed in version 4.0 of the provider.
	//
	// Deprecated: This field is deprecated and will be removed in version 4.0 of the AzureRM Provider.
	BingSafetyPhishingUrlLookbackDate pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace. Changing this forces a new Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The lookback date for the Microsoft Emerging Threat Feed in RFC3339. Changing this forces a new Data Connector to be created.
	//
	// > **Note:** `microsoftEmergingThreatFeedLookbackDate` will be required in version 4.0 of the provider.
	//
	// > **NOTE:** At least one of `bingSafetyPhishingUrlLookbackDate` and `microsoftEmergingThreatFeedLookbackDate` must be specified.
	MicrosoftEmergingThreatFeedLookbackDate pulumi.StringPtrInput
	// The name which should be used for this Microsoft Threat Intelligence Data Connector. Changing this forces a new Microsoft Threat Intelligence Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Microsoft Threat Intelligence Data Connector connects to. Changing this forces a new Microsoft Threat Intelligence Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorMicrosoftThreatIntelligenceState) ElementType added in v5.35.0 

func (DataConnectorMicrosoftThreatIntelligenceState) ElementType() reflect.Type

type DataConnectorMicrosoftThreatProtection added in v5.27.0 

type DataConnectorMicrosoftThreatProtection struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Microsoft Threat Protection Data Connector resides in. Changing this forces a new Microsoft Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Microsoft Threat Protection Data Connector. Changing this forces a new Microsoft Threat Protection Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Microsoft Threat Protection Data Connector connects to. Changing this forces a new Microsoft Threat Protection Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Microsoft Threat Protection Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorMicrosoftThreatProtection(ctx, "example", &sentinel.DataConnectorMicrosoftThreatProtectionArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Microsoft Threat Protection Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorMicrosoftThreatProtection:DataConnectorMicrosoftThreatProtection example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorMicrosoftThreatProtection added in v5.27.0 

func GetDataConnectorMicrosoftThreatProtection(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorMicrosoftThreatProtectionState, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftThreatProtection, error)

GetDataConnectorMicrosoftThreatProtection gets an existing DataConnectorMicrosoftThreatProtection resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorMicrosoftThreatProtection added in v5.27.0 

func NewDataConnectorMicrosoftThreatProtection(ctx *pulumi.Context,
	name string, args *DataConnectorMicrosoftThreatProtectionArgs, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftThreatProtection, error)

NewDataConnectorMicrosoftThreatProtection registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorMicrosoftThreatProtection) ElementType added in v5.27.0 

func (*DataConnectorMicrosoftThreatProtection) ElementType() reflect.Type

func (*DataConnectorMicrosoftThreatProtection) ToDataConnectorMicrosoftThreatProtectionOutput added in v5.27.0 

func (i *DataConnectorMicrosoftThreatProtection) ToDataConnectorMicrosoftThreatProtectionOutput() DataConnectorMicrosoftThreatProtectionOutput

func (*DataConnectorMicrosoftThreatProtection) ToDataConnectorMicrosoftThreatProtectionOutputWithContext added in v5.27.0 

func (i *DataConnectorMicrosoftThreatProtection) ToDataConnectorMicrosoftThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatProtectionOutput

type DataConnectorMicrosoftThreatProtectionArgs added in v5.27.0 

type DataConnectorMicrosoftThreatProtectionArgs struct {
	// The ID of the Log Analytics Workspace that this Microsoft Threat Protection Data Connector resides in. Changing this forces a new Microsoft Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Microsoft Threat Protection Data Connector. Changing this forces a new Microsoft Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Microsoft Threat Protection Data Connector connects to. Changing this forces a new Microsoft Threat Protection Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorMicrosoftThreatProtection resource.

func (DataConnectorMicrosoftThreatProtectionArgs) ElementType added in v5.27.0 

func (DataConnectorMicrosoftThreatProtectionArgs) ElementType() reflect.Type

type DataConnectorMicrosoftThreatProtectionArray added in v5.27.0 

type DataConnectorMicrosoftThreatProtectionArray []DataConnectorMicrosoftThreatProtectionInput

func (DataConnectorMicrosoftThreatProtectionArray) ElementType added in v5.27.0 

func (DataConnectorMicrosoftThreatProtectionArray) ElementType() reflect.Type

func (DataConnectorMicrosoftThreatProtectionArray) ToDataConnectorMicrosoftThreatProtectionArrayOutput added in v5.27.0 

func (i DataConnectorMicrosoftThreatProtectionArray) ToDataConnectorMicrosoftThreatProtectionArrayOutput() DataConnectorMicrosoftThreatProtectionArrayOutput

func (DataConnectorMicrosoftThreatProtectionArray) ToDataConnectorMicrosoftThreatProtectionArrayOutputWithContext added in v5.27.0 

func (i DataConnectorMicrosoftThreatProtectionArray) ToDataConnectorMicrosoftThreatProtectionArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatProtectionArrayOutput

type DataConnectorMicrosoftThreatProtectionArrayInput added in v5.27.0 

type DataConnectorMicrosoftThreatProtectionArrayInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftThreatProtectionArrayOutput() DataConnectorMicrosoftThreatProtectionArrayOutput
	ToDataConnectorMicrosoftThreatProtectionArrayOutputWithContext(context.Context) DataConnectorMicrosoftThreatProtectionArrayOutput
}

DataConnectorMicrosoftThreatProtectionArrayInput is an input type that accepts DataConnectorMicrosoftThreatProtectionArray and DataConnectorMicrosoftThreatProtectionArrayOutput values. You can construct a concrete instance of `DataConnectorMicrosoftThreatProtectionArrayInput` via: 

DataConnectorMicrosoftThreatProtectionArray{ DataConnectorMicrosoftThreatProtectionArgs{...} }

type DataConnectorMicrosoftThreatProtectionArrayOutput added in v5.27.0 

type DataConnectorMicrosoftThreatProtectionArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftThreatProtectionArrayOutput) ElementType added in v5.27.0 

func (DataConnectorMicrosoftThreatProtectionArrayOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftThreatProtectionArrayOutput) Index added in v5.27.0 

func (o DataConnectorMicrosoftThreatProtectionArrayOutput) Index(i pulumi.IntInput) DataConnectorMicrosoftThreatProtectionOutput

func (DataConnectorMicrosoftThreatProtectionArrayOutput) ToDataConnectorMicrosoftThreatProtectionArrayOutput added in v5.27.0 

func (o DataConnectorMicrosoftThreatProtectionArrayOutput) ToDataConnectorMicrosoftThreatProtectionArrayOutput() DataConnectorMicrosoftThreatProtectionArrayOutput

func (DataConnectorMicrosoftThreatProtectionArrayOutput) ToDataConnectorMicrosoftThreatProtectionArrayOutputWithContext added in v5.27.0 

func (o DataConnectorMicrosoftThreatProtectionArrayOutput) ToDataConnectorMicrosoftThreatProtectionArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatProtectionArrayOutput

type DataConnectorMicrosoftThreatProtectionInput added in v5.27.0 

type DataConnectorMicrosoftThreatProtectionInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftThreatProtectionOutput() DataConnectorMicrosoftThreatProtectionOutput
	ToDataConnectorMicrosoftThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatProtectionOutput
}

type DataConnectorMicrosoftThreatProtectionMap added in v5.27.0 

type DataConnectorMicrosoftThreatProtectionMap map[string]DataConnectorMicrosoftThreatProtectionInput

func (DataConnectorMicrosoftThreatProtectionMap) ElementType added in v5.27.0 

func (DataConnectorMicrosoftThreatProtectionMap) ElementType() reflect.Type

func (DataConnectorMicrosoftThreatProtectionMap) ToDataConnectorMicrosoftThreatProtectionMapOutput added in v5.27.0 

func (i DataConnectorMicrosoftThreatProtectionMap) ToDataConnectorMicrosoftThreatProtectionMapOutput() DataConnectorMicrosoftThreatProtectionMapOutput

func (DataConnectorMicrosoftThreatProtectionMap) ToDataConnectorMicrosoftThreatProtectionMapOutputWithContext added in v5.27.0 

func (i DataConnectorMicrosoftThreatProtectionMap) ToDataConnectorMicrosoftThreatProtectionMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatProtectionMapOutput

type DataConnectorMicrosoftThreatProtectionMapInput added in v5.27.0 

type DataConnectorMicrosoftThreatProtectionMapInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftThreatProtectionMapOutput() DataConnectorMicrosoftThreatProtectionMapOutput
	ToDataConnectorMicrosoftThreatProtectionMapOutputWithContext(context.Context) DataConnectorMicrosoftThreatProtectionMapOutput
}

DataConnectorMicrosoftThreatProtectionMapInput is an input type that accepts DataConnectorMicrosoftThreatProtectionMap and DataConnectorMicrosoftThreatProtectionMapOutput values. You can construct a concrete instance of `DataConnectorMicrosoftThreatProtectionMapInput` via: 

DataConnectorMicrosoftThreatProtectionMap{ "key": DataConnectorMicrosoftThreatProtectionArgs{...} }

type DataConnectorMicrosoftThreatProtectionMapOutput added in v5.27.0 

type DataConnectorMicrosoftThreatProtectionMapOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftThreatProtectionMapOutput) ElementType added in v5.27.0 

func (DataConnectorMicrosoftThreatProtectionMapOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftThreatProtectionMapOutput) MapIndex added in v5.27.0 

func (o DataConnectorMicrosoftThreatProtectionMapOutput) MapIndex(k pulumi.StringInput) DataConnectorMicrosoftThreatProtectionOutput

func (DataConnectorMicrosoftThreatProtectionMapOutput) ToDataConnectorMicrosoftThreatProtectionMapOutput added in v5.27.0 

func (o DataConnectorMicrosoftThreatProtectionMapOutput) ToDataConnectorMicrosoftThreatProtectionMapOutput() DataConnectorMicrosoftThreatProtectionMapOutput

func (DataConnectorMicrosoftThreatProtectionMapOutput) ToDataConnectorMicrosoftThreatProtectionMapOutputWithContext added in v5.27.0 

func (o DataConnectorMicrosoftThreatProtectionMapOutput) ToDataConnectorMicrosoftThreatProtectionMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatProtectionMapOutput

type DataConnectorMicrosoftThreatProtectionOutput added in v5.27.0 

type DataConnectorMicrosoftThreatProtectionOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftThreatProtectionOutput) ElementType added in v5.27.0 

func (DataConnectorMicrosoftThreatProtectionOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftThreatProtectionOutput) LogAnalyticsWorkspaceId added in v5.27.0 

func (o DataConnectorMicrosoftThreatProtectionOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Microsoft Threat Protection Data Connector resides in. Changing this forces a new Microsoft Threat Protection Data Connector to be created.

func (DataConnectorMicrosoftThreatProtectionOutput) Name added in v5.27.0 

func (o DataConnectorMicrosoftThreatProtectionOutput) Name() pulumi.StringOutput

The name which should be used for this Microsoft Threat Protection Data Connector. Changing this forces a new Microsoft Threat Protection Data Connector to be created.

func (DataConnectorMicrosoftThreatProtectionOutput) TenantId added in v5.27.0 

func (o DataConnectorMicrosoftThreatProtectionOutput) TenantId() pulumi.StringOutput

The ID of the tenant that this Microsoft Threat Protection Data Connector connects to. Changing this forces a new Microsoft Threat Protection Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorMicrosoftThreatProtectionOutput) ToDataConnectorMicrosoftThreatProtectionOutput added in v5.27.0 

func (o DataConnectorMicrosoftThreatProtectionOutput) ToDataConnectorMicrosoftThreatProtectionOutput() DataConnectorMicrosoftThreatProtectionOutput

func (DataConnectorMicrosoftThreatProtectionOutput) ToDataConnectorMicrosoftThreatProtectionOutputWithContext added in v5.27.0 

func (o DataConnectorMicrosoftThreatProtectionOutput) ToDataConnectorMicrosoftThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftThreatProtectionOutput

type DataConnectorMicrosoftThreatProtectionState added in v5.27.0 

type DataConnectorMicrosoftThreatProtectionState struct {
	// The ID of the Log Analytics Workspace that this Microsoft Threat Protection Data Connector resides in. Changing this forces a new Microsoft Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Microsoft Threat Protection Data Connector. Changing this forces a new Microsoft Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Microsoft Threat Protection Data Connector connects to. Changing this forces a new Microsoft Threat Protection Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorMicrosoftThreatProtectionState) ElementType added in v5.27.0 

func (DataConnectorMicrosoftThreatProtectionState) ElementType() reflect.Type

type DataConnectorOffice365 

type DataConnectorOffice365 struct {
	pulumi.CustomResourceState

	// Should the Exchange data connector be enabled? Defaults to `true`.
	ExchangeEnabled pulumi.BoolPtrOutput `pulumi:"exchangeEnabled"`
	// The ID of the Log Analytics Workspace that this Office 365 Data Connector resides in. Changing this forces a new Office 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Office 365 Data Connector. Changing this forces a new Office 365 Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// Should the SharePoint data connector be enabled? Defaults to `true`.
	SharepointEnabled pulumi.BoolPtrOutput `pulumi:"sharepointEnabled"`
	// Should the Microsoft Teams data connector be enabled? Defaults to `true`.
	//
	// > **NOTE:** At least one of `exchangeEnabled`, `sharedpointEnabled` and `teamsEnabled` has to be specified.
	TeamsEnabled pulumi.BoolPtrOutput `pulumi:"teamsEnabled"`
	// The ID of the Tenant that this Office 365 Data Connector connects to. Changing this forces a new Office 365 Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Office 365 Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorOffice365(ctx, "example", &sentinel.DataConnectorOffice365Args{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Office 365 Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorOffice365:DataConnectorOffice365 example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorOffice365 

func GetDataConnectorOffice365(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorOffice365State, opts ...pulumi.ResourceOption) (*DataConnectorOffice365, error)

GetDataConnectorOffice365 gets an existing DataConnectorOffice365 resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorOffice365 

func NewDataConnectorOffice365(ctx *pulumi.Context,
	name string, args *DataConnectorOffice365Args, opts ...pulumi.ResourceOption) (*DataConnectorOffice365, error)

NewDataConnectorOffice365 registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorOffice365) ElementType 

func (*DataConnectorOffice365) ElementType() reflect.Type

func (*DataConnectorOffice365) ToDataConnectorOffice365Output 

func (i *DataConnectorOffice365) ToDataConnectorOffice365Output() DataConnectorOffice365Output

func (*DataConnectorOffice365) ToDataConnectorOffice365OutputWithContext 

func (i *DataConnectorOffice365) ToDataConnectorOffice365OutputWithContext(ctx context.Context) DataConnectorOffice365Output

type DataConnectorOffice365Args 

type DataConnectorOffice365Args struct {
	// Should the Exchange data connector be enabled? Defaults to `true`.
	ExchangeEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Office 365 Data Connector resides in. Changing this forces a new Office 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Office 365 Data Connector. Changing this forces a new Office 365 Data Connector to be created.
	Name pulumi.StringPtrInput
	// Should the SharePoint data connector be enabled? Defaults to `true`.
	SharepointEnabled pulumi.BoolPtrInput
	// Should the Microsoft Teams data connector be enabled? Defaults to `true`.
	//
	// > **NOTE:** At least one of `exchangeEnabled`, `sharedpointEnabled` and `teamsEnabled` has to be specified.
	TeamsEnabled pulumi.BoolPtrInput
	// The ID of the Tenant that this Office 365 Data Connector connects to. Changing this forces a new Office 365 Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorOffice365 resource.

func (DataConnectorOffice365Args) ElementType 

func (DataConnectorOffice365Args) ElementType() reflect.Type

type DataConnectorOffice365Array 

type DataConnectorOffice365Array []DataConnectorOffice365Input

func (DataConnectorOffice365Array) ElementType 

func (DataConnectorOffice365Array) ElementType() reflect.Type

func (DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutput 

func (i DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutput() DataConnectorOffice365ArrayOutput

func (DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutputWithContext 

func (i DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutputWithContext(ctx context.Context) DataConnectorOffice365ArrayOutput

type DataConnectorOffice365ArrayInput 

type DataConnectorOffice365ArrayInput interface {
	pulumi.Input

	ToDataConnectorOffice365ArrayOutput() DataConnectorOffice365ArrayOutput
	ToDataConnectorOffice365ArrayOutputWithContext(context.Context) DataConnectorOffice365ArrayOutput
}

DataConnectorOffice365ArrayInput is an input type that accepts DataConnectorOffice365Array and DataConnectorOffice365ArrayOutput values. You can construct a concrete instance of `DataConnectorOffice365ArrayInput` via: 

DataConnectorOffice365Array{ DataConnectorOffice365Args{...} }

type DataConnectorOffice365ArrayOutput 

type DataConnectorOffice365ArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorOffice365ArrayOutput) ElementType 

func (DataConnectorOffice365ArrayOutput) ElementType() reflect.Type

func (DataConnectorOffice365ArrayOutput) Index 

func (o DataConnectorOffice365ArrayOutput) Index(i pulumi.IntInput) DataConnectorOffice365Output

func (DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutput 

func (o DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutput() DataConnectorOffice365ArrayOutput

func (DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutputWithContext 

func (o DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutputWithContext(ctx context.Context) DataConnectorOffice365ArrayOutput

type DataConnectorOffice365Input 

type DataConnectorOffice365Input interface {
	pulumi.Input

	ToDataConnectorOffice365Output() DataConnectorOffice365Output
	ToDataConnectorOffice365OutputWithContext(ctx context.Context) DataConnectorOffice365Output
}

type DataConnectorOffice365Map 

type DataConnectorOffice365Map map[string]DataConnectorOffice365Input

func (DataConnectorOffice365Map) ElementType 

func (DataConnectorOffice365Map) ElementType() reflect.Type

func (DataConnectorOffice365Map) ToDataConnectorOffice365MapOutput 

func (i DataConnectorOffice365Map) ToDataConnectorOffice365MapOutput() DataConnectorOffice365MapOutput

func (DataConnectorOffice365Map) ToDataConnectorOffice365MapOutputWithContext 

func (i DataConnectorOffice365Map) ToDataConnectorOffice365MapOutputWithContext(ctx context.Context) DataConnectorOffice365MapOutput

type DataConnectorOffice365MapInput 

type DataConnectorOffice365MapInput interface {
	pulumi.Input

	ToDataConnectorOffice365MapOutput() DataConnectorOffice365MapOutput
	ToDataConnectorOffice365MapOutputWithContext(context.Context) DataConnectorOffice365MapOutput
}

DataConnectorOffice365MapInput is an input type that accepts DataConnectorOffice365Map and DataConnectorOffice365MapOutput values. You can construct a concrete instance of `DataConnectorOffice365MapInput` via: 

DataConnectorOffice365Map{ "key": DataConnectorOffice365Args{...} }

type DataConnectorOffice365MapOutput 

type DataConnectorOffice365MapOutput struct{ *pulumi.OutputState }

func (DataConnectorOffice365MapOutput) ElementType 

func (DataConnectorOffice365MapOutput) ElementType() reflect.Type

func (DataConnectorOffice365MapOutput) MapIndex 

func (o DataConnectorOffice365MapOutput) MapIndex(k pulumi.StringInput) DataConnectorOffice365Output

func (DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutput 

func (o DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutput() DataConnectorOffice365MapOutput

func (DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutputWithContext 

func (o DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutputWithContext(ctx context.Context) DataConnectorOffice365MapOutput

type DataConnectorOffice365Output 

type DataConnectorOffice365Output struct{ *pulumi.OutputState }

func (DataConnectorOffice365Output) ElementType 

func (DataConnectorOffice365Output) ElementType() reflect.Type

func (DataConnectorOffice365Output) ExchangeEnabled added in v5.5.0 

func (o DataConnectorOffice365Output) ExchangeEnabled() pulumi.BoolPtrOutput

Should the Exchange data connector be enabled? Defaults to `true`.

func (DataConnectorOffice365Output) LogAnalyticsWorkspaceId added in v5.5.0 

func (o DataConnectorOffice365Output) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Office 365 Data Connector resides in. Changing this forces a new Office 365 Data Connector to be created.

func (DataConnectorOffice365Output) Name added in v5.5.0 

func (o DataConnectorOffice365Output) Name() pulumi.StringOutput

The name which should be used for this Office 365 Data Connector. Changing this forces a new Office 365 Data Connector to be created.

func (DataConnectorOffice365Output) SharepointEnabled added in v5.5.0 

func (o DataConnectorOffice365Output) SharepointEnabled() pulumi.BoolPtrOutput

Should the SharePoint data connector be enabled? Defaults to `true`.

func (DataConnectorOffice365Output) TeamsEnabled added in v5.5.0 

func (o DataConnectorOffice365Output) TeamsEnabled() pulumi.BoolPtrOutput

Should the Microsoft Teams data connector be enabled? Defaults to `true`.

> **NOTE:** At least one of `exchangeEnabled`, `sharedpointEnabled` and `teamsEnabled` has to be specified.

func (DataConnectorOffice365Output) TenantId added in v5.5.0 

func (o DataConnectorOffice365Output) TenantId() pulumi.StringOutput

The ID of the Tenant that this Office 365 Data Connector connects to. Changing this forces a new Office 365 Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorOffice365Output) ToDataConnectorOffice365Output 

func (o DataConnectorOffice365Output) ToDataConnectorOffice365Output() DataConnectorOffice365Output

func (DataConnectorOffice365Output) ToDataConnectorOffice365OutputWithContext 

func (o DataConnectorOffice365Output) ToDataConnectorOffice365OutputWithContext(ctx context.Context) DataConnectorOffice365Output

type DataConnectorOffice365Project added in v5.23.0 

type DataConnectorOffice365Project struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Office 365 Project Data Connector resides in. Changing this forces a new Office 365 Project Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Office 365 Project Data Connector. Changing this forces a new Office 365 Project Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Office 365 Project Data Connector connects to. Changing this forces a new Office 365 Project Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages an Office 365 Project Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorOffice365Project(ctx, "example", &sentinel.DataConnectorOffice365ProjectArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Office 365 Project Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorOffice365Project:DataConnectorOffice365Project example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorOffice365Project added in v5.23.0 

func GetDataConnectorOffice365Project(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorOffice365ProjectState, opts ...pulumi.ResourceOption) (*DataConnectorOffice365Project, error)

GetDataConnectorOffice365Project gets an existing DataConnectorOffice365Project resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorOffice365Project added in v5.23.0 

func NewDataConnectorOffice365Project(ctx *pulumi.Context,
	name string, args *DataConnectorOffice365ProjectArgs, opts ...pulumi.ResourceOption) (*DataConnectorOffice365Project, error)

NewDataConnectorOffice365Project registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorOffice365Project) ElementType added in v5.23.0 

func (*DataConnectorOffice365Project) ElementType() reflect.Type

func (*DataConnectorOffice365Project) ToDataConnectorOffice365ProjectOutput added in v5.23.0 

func (i *DataConnectorOffice365Project) ToDataConnectorOffice365ProjectOutput() DataConnectorOffice365ProjectOutput

func (*DataConnectorOffice365Project) ToDataConnectorOffice365ProjectOutputWithContext added in v5.23.0 

func (i *DataConnectorOffice365Project) ToDataConnectorOffice365ProjectOutputWithContext(ctx context.Context) DataConnectorOffice365ProjectOutput

type DataConnectorOffice365ProjectArgs added in v5.23.0 

type DataConnectorOffice365ProjectArgs struct {
	// The ID of the Log Analytics Workspace that this Office 365 Project Data Connector resides in. Changing this forces a new Office 365 Project Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Office 365 Project Data Connector. Changing this forces a new Office 365 Project Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Office 365 Project Data Connector connects to. Changing this forces a new Office 365 Project Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorOffice365Project resource.

func (DataConnectorOffice365ProjectArgs) ElementType added in v5.23.0 

func (DataConnectorOffice365ProjectArgs) ElementType() reflect.Type

type DataConnectorOffice365ProjectArray added in v5.23.0 

type DataConnectorOffice365ProjectArray []DataConnectorOffice365ProjectInput

func (DataConnectorOffice365ProjectArray) ElementType added in v5.23.0 

func (DataConnectorOffice365ProjectArray) ElementType() reflect.Type

func (DataConnectorOffice365ProjectArray) ToDataConnectorOffice365ProjectArrayOutput added in v5.23.0 

func (i DataConnectorOffice365ProjectArray) ToDataConnectorOffice365ProjectArrayOutput() DataConnectorOffice365ProjectArrayOutput

func (DataConnectorOffice365ProjectArray) ToDataConnectorOffice365ProjectArrayOutputWithContext added in v5.23.0 

func (i DataConnectorOffice365ProjectArray) ToDataConnectorOffice365ProjectArrayOutputWithContext(ctx context.Context) DataConnectorOffice365ProjectArrayOutput

type DataConnectorOffice365ProjectArrayInput added in v5.23.0 

type DataConnectorOffice365ProjectArrayInput interface {
	pulumi.Input

	ToDataConnectorOffice365ProjectArrayOutput() DataConnectorOffice365ProjectArrayOutput
	ToDataConnectorOffice365ProjectArrayOutputWithContext(context.Context) DataConnectorOffice365ProjectArrayOutput
}

DataConnectorOffice365ProjectArrayInput is an input type that accepts DataConnectorOffice365ProjectArray and DataConnectorOffice365ProjectArrayOutput values. You can construct a concrete instance of `DataConnectorOffice365ProjectArrayInput` via: 

DataConnectorOffice365ProjectArray{ DataConnectorOffice365ProjectArgs{...} }

type DataConnectorOffice365ProjectArrayOutput added in v5.23.0 

type DataConnectorOffice365ProjectArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorOffice365ProjectArrayOutput) ElementType added in v5.23.0 

func (DataConnectorOffice365ProjectArrayOutput) ElementType() reflect.Type

func (DataConnectorOffice365ProjectArrayOutput) Index added in v5.23.0 

func (o DataConnectorOffice365ProjectArrayOutput) Index(i pulumi.IntInput) DataConnectorOffice365ProjectOutput

func (DataConnectorOffice365ProjectArrayOutput) ToDataConnectorOffice365ProjectArrayOutput added in v5.23.0 

func (o DataConnectorOffice365ProjectArrayOutput) ToDataConnectorOffice365ProjectArrayOutput() DataConnectorOffice365ProjectArrayOutput

func (DataConnectorOffice365ProjectArrayOutput) ToDataConnectorOffice365ProjectArrayOutputWithContext added in v5.23.0 

func (o DataConnectorOffice365ProjectArrayOutput) ToDataConnectorOffice365ProjectArrayOutputWithContext(ctx context.Context) DataConnectorOffice365ProjectArrayOutput

type DataConnectorOffice365ProjectInput added in v5.23.0 

type DataConnectorOffice365ProjectInput interface {
	pulumi.Input

	ToDataConnectorOffice365ProjectOutput() DataConnectorOffice365ProjectOutput
	ToDataConnectorOffice365ProjectOutputWithContext(ctx context.Context) DataConnectorOffice365ProjectOutput
}

type DataConnectorOffice365ProjectMap added in v5.23.0 

type DataConnectorOffice365ProjectMap map[string]DataConnectorOffice365ProjectInput

func (DataConnectorOffice365ProjectMap) ElementType added in v5.23.0 

func (DataConnectorOffice365ProjectMap) ElementType() reflect.Type

func (DataConnectorOffice365ProjectMap) ToDataConnectorOffice365ProjectMapOutput added in v5.23.0 

func (i DataConnectorOffice365ProjectMap) ToDataConnectorOffice365ProjectMapOutput() DataConnectorOffice365ProjectMapOutput

func (DataConnectorOffice365ProjectMap) ToDataConnectorOffice365ProjectMapOutputWithContext added in v5.23.0 

func (i DataConnectorOffice365ProjectMap) ToDataConnectorOffice365ProjectMapOutputWithContext(ctx context.Context) DataConnectorOffice365ProjectMapOutput

type DataConnectorOffice365ProjectMapInput added in v5.23.0 

type DataConnectorOffice365ProjectMapInput interface {
	pulumi.Input

	ToDataConnectorOffice365ProjectMapOutput() DataConnectorOffice365ProjectMapOutput
	ToDataConnectorOffice365ProjectMapOutputWithContext(context.Context) DataConnectorOffice365ProjectMapOutput
}

DataConnectorOffice365ProjectMapInput is an input type that accepts DataConnectorOffice365ProjectMap and DataConnectorOffice365ProjectMapOutput values. You can construct a concrete instance of `DataConnectorOffice365ProjectMapInput` via: 

DataConnectorOffice365ProjectMap{ "key": DataConnectorOffice365ProjectArgs{...} }

type DataConnectorOffice365ProjectMapOutput added in v5.23.0 

type DataConnectorOffice365ProjectMapOutput struct{ *pulumi.OutputState }

func (DataConnectorOffice365ProjectMapOutput) ElementType added in v5.23.0 

func (DataConnectorOffice365ProjectMapOutput) ElementType() reflect.Type

func (DataConnectorOffice365ProjectMapOutput) MapIndex added in v5.23.0 

func (o DataConnectorOffice365ProjectMapOutput) MapIndex(k pulumi.StringInput) DataConnectorOffice365ProjectOutput

func (DataConnectorOffice365ProjectMapOutput) ToDataConnectorOffice365ProjectMapOutput added in v5.23.0 

func (o DataConnectorOffice365ProjectMapOutput) ToDataConnectorOffice365ProjectMapOutput() DataConnectorOffice365ProjectMapOutput

func (DataConnectorOffice365ProjectMapOutput) ToDataConnectorOffice365ProjectMapOutputWithContext added in v5.23.0 

func (o DataConnectorOffice365ProjectMapOutput) ToDataConnectorOffice365ProjectMapOutputWithContext(ctx context.Context) DataConnectorOffice365ProjectMapOutput

type DataConnectorOffice365ProjectOutput added in v5.23.0 

type DataConnectorOffice365ProjectOutput struct{ *pulumi.OutputState }

func (DataConnectorOffice365ProjectOutput) ElementType added in v5.23.0 

func (DataConnectorOffice365ProjectOutput) ElementType() reflect.Type

func (DataConnectorOffice365ProjectOutput) LogAnalyticsWorkspaceId added in v5.23.0 

func (o DataConnectorOffice365ProjectOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Office 365 Project Data Connector resides in. Changing this forces a new Office 365 Project Data Connector to be created.

func (DataConnectorOffice365ProjectOutput) Name added in v5.23.0 

func (o DataConnectorOffice365ProjectOutput) Name() pulumi.StringOutput

The name which should be used for this Office 365 Project Data Connector. Changing this forces a new Office 365 Project Data Connector to be created.

func (DataConnectorOffice365ProjectOutput) TenantId added in v5.23.0 

func (o DataConnectorOffice365ProjectOutput) TenantId() pulumi.StringOutput

The ID of the tenant that this Office 365 Project Data Connector connects to. Changing this forces a new Office 365 Project Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorOffice365ProjectOutput) ToDataConnectorOffice365ProjectOutput added in v5.23.0 

func (o DataConnectorOffice365ProjectOutput) ToDataConnectorOffice365ProjectOutput() DataConnectorOffice365ProjectOutput

func (DataConnectorOffice365ProjectOutput) ToDataConnectorOffice365ProjectOutputWithContext added in v5.23.0 

func (o DataConnectorOffice365ProjectOutput) ToDataConnectorOffice365ProjectOutputWithContext(ctx context.Context) DataConnectorOffice365ProjectOutput

type DataConnectorOffice365ProjectState added in v5.23.0 

type DataConnectorOffice365ProjectState struct {
	// The ID of the Log Analytics Workspace that this Office 365 Project Data Connector resides in. Changing this forces a new Office 365 Project Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Office 365 Project Data Connector. Changing this forces a new Office 365 Project Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Office 365 Project Data Connector connects to. Changing this forces a new Office 365 Project Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorOffice365ProjectState) ElementType added in v5.23.0 

func (DataConnectorOffice365ProjectState) ElementType() reflect.Type

type DataConnectorOffice365State 

type DataConnectorOffice365State struct {
	// Should the Exchange data connector be enabled? Defaults to `true`.
	ExchangeEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Office 365 Data Connector resides in. Changing this forces a new Office 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Office 365 Data Connector. Changing this forces a new Office 365 Data Connector to be created.
	Name pulumi.StringPtrInput
	// Should the SharePoint data connector be enabled? Defaults to `true`.
	SharepointEnabled pulumi.BoolPtrInput
	// Should the Microsoft Teams data connector be enabled? Defaults to `true`.
	//
	// > **NOTE:** At least one of `exchangeEnabled`, `sharedpointEnabled` and `teamsEnabled` has to be specified.
	TeamsEnabled pulumi.BoolPtrInput
	// The ID of the Tenant that this Office 365 Data Connector connects to. Changing this forces a new Office 365 Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorOffice365State) ElementType 

func (DataConnectorOffice365State) ElementType() reflect.Type

type DataConnectorOfficeAtp added in v5.22.0 

type DataConnectorOfficeAtp struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Office ATP Data Connector resides in. Changing this forces a new Office ATP Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Office ATP Data Connector. Changing this forces a new Office ATP Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Office ATP Data Connector connects to. Changing this forces a new Office ATP Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Office ATP Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorOfficeAtp(ctx, "example", &sentinel.DataConnectorOfficeAtpArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Office ATP Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorOfficeAtp:DataConnectorOfficeAtp example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorOfficeAtp added in v5.22.0 

func GetDataConnectorOfficeAtp(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorOfficeAtpState, opts ...pulumi.ResourceOption) (*DataConnectorOfficeAtp, error)

GetDataConnectorOfficeAtp gets an existing DataConnectorOfficeAtp resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorOfficeAtp added in v5.22.0 

func NewDataConnectorOfficeAtp(ctx *pulumi.Context,
	name string, args *DataConnectorOfficeAtpArgs, opts ...pulumi.ResourceOption) (*DataConnectorOfficeAtp, error)

NewDataConnectorOfficeAtp registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorOfficeAtp) ElementType added in v5.22.0 

func (*DataConnectorOfficeAtp) ElementType() reflect.Type

func (*DataConnectorOfficeAtp) ToDataConnectorOfficeAtpOutput added in v5.22.0 

func (i *DataConnectorOfficeAtp) ToDataConnectorOfficeAtpOutput() DataConnectorOfficeAtpOutput

func (*DataConnectorOfficeAtp) ToDataConnectorOfficeAtpOutputWithContext added in v5.22.0 

func (i *DataConnectorOfficeAtp) ToDataConnectorOfficeAtpOutputWithContext(ctx context.Context) DataConnectorOfficeAtpOutput

type DataConnectorOfficeAtpArgs added in v5.22.0 

type DataConnectorOfficeAtpArgs struct {
	// The ID of the Log Analytics Workspace that this Office ATP Data Connector resides in. Changing this forces a new Office ATP Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Office ATP Data Connector. Changing this forces a new Office ATP Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Office ATP Data Connector connects to. Changing this forces a new Office ATP Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorOfficeAtp resource.

func (DataConnectorOfficeAtpArgs) ElementType added in v5.22.0 

func (DataConnectorOfficeAtpArgs) ElementType() reflect.Type

type DataConnectorOfficeAtpArray added in v5.22.0 

type DataConnectorOfficeAtpArray []DataConnectorOfficeAtpInput

func (DataConnectorOfficeAtpArray) ElementType added in v5.22.0 

func (DataConnectorOfficeAtpArray) ElementType() reflect.Type

func (DataConnectorOfficeAtpArray) ToDataConnectorOfficeAtpArrayOutput added in v5.22.0 

func (i DataConnectorOfficeAtpArray) ToDataConnectorOfficeAtpArrayOutput() DataConnectorOfficeAtpArrayOutput

func (DataConnectorOfficeAtpArray) ToDataConnectorOfficeAtpArrayOutputWithContext added in v5.22.0 

func (i DataConnectorOfficeAtpArray) ToDataConnectorOfficeAtpArrayOutputWithContext(ctx context.Context) DataConnectorOfficeAtpArrayOutput

type DataConnectorOfficeAtpArrayInput added in v5.22.0 

type DataConnectorOfficeAtpArrayInput interface {
	pulumi.Input

	ToDataConnectorOfficeAtpArrayOutput() DataConnectorOfficeAtpArrayOutput
	ToDataConnectorOfficeAtpArrayOutputWithContext(context.Context) DataConnectorOfficeAtpArrayOutput
}

DataConnectorOfficeAtpArrayInput is an input type that accepts DataConnectorOfficeAtpArray and DataConnectorOfficeAtpArrayOutput values. You can construct a concrete instance of `DataConnectorOfficeAtpArrayInput` via: 

DataConnectorOfficeAtpArray{ DataConnectorOfficeAtpArgs{...} }

type DataConnectorOfficeAtpArrayOutput added in v5.22.0 

type DataConnectorOfficeAtpArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorOfficeAtpArrayOutput) ElementType added in v5.22.0 

func (DataConnectorOfficeAtpArrayOutput) ElementType() reflect.Type

func (DataConnectorOfficeAtpArrayOutput) Index added in v5.22.0 

func (o DataConnectorOfficeAtpArrayOutput) Index(i pulumi.IntInput) DataConnectorOfficeAtpOutput

func (DataConnectorOfficeAtpArrayOutput) ToDataConnectorOfficeAtpArrayOutput added in v5.22.0 

func (o DataConnectorOfficeAtpArrayOutput) ToDataConnectorOfficeAtpArrayOutput() DataConnectorOfficeAtpArrayOutput

func (DataConnectorOfficeAtpArrayOutput) ToDataConnectorOfficeAtpArrayOutputWithContext added in v5.22.0 

func (o DataConnectorOfficeAtpArrayOutput) ToDataConnectorOfficeAtpArrayOutputWithContext(ctx context.Context) DataConnectorOfficeAtpArrayOutput

type DataConnectorOfficeAtpInput added in v5.22.0 

type DataConnectorOfficeAtpInput interface {
	pulumi.Input

	ToDataConnectorOfficeAtpOutput() DataConnectorOfficeAtpOutput
	ToDataConnectorOfficeAtpOutputWithContext(ctx context.Context) DataConnectorOfficeAtpOutput
}

type DataConnectorOfficeAtpMap added in v5.22.0 

type DataConnectorOfficeAtpMap map[string]DataConnectorOfficeAtpInput

func (DataConnectorOfficeAtpMap) ElementType added in v5.22.0 

func (DataConnectorOfficeAtpMap) ElementType() reflect.Type

func (DataConnectorOfficeAtpMap) ToDataConnectorOfficeAtpMapOutput added in v5.22.0 

func (i DataConnectorOfficeAtpMap) ToDataConnectorOfficeAtpMapOutput() DataConnectorOfficeAtpMapOutput

func (DataConnectorOfficeAtpMap) ToDataConnectorOfficeAtpMapOutputWithContext added in v5.22.0 

func (i DataConnectorOfficeAtpMap) ToDataConnectorOfficeAtpMapOutputWithContext(ctx context.Context) DataConnectorOfficeAtpMapOutput

type DataConnectorOfficeAtpMapInput added in v5.22.0 

type DataConnectorOfficeAtpMapInput interface {
	pulumi.Input

	ToDataConnectorOfficeAtpMapOutput() DataConnectorOfficeAtpMapOutput
	ToDataConnectorOfficeAtpMapOutputWithContext(context.Context) DataConnectorOfficeAtpMapOutput
}

DataConnectorOfficeAtpMapInput is an input type that accepts DataConnectorOfficeAtpMap and DataConnectorOfficeAtpMapOutput values. You can construct a concrete instance of `DataConnectorOfficeAtpMapInput` via: 

DataConnectorOfficeAtpMap{ "key": DataConnectorOfficeAtpArgs{...} }

type DataConnectorOfficeAtpMapOutput added in v5.22.0 

type DataConnectorOfficeAtpMapOutput struct{ *pulumi.OutputState }

func (DataConnectorOfficeAtpMapOutput) ElementType added in v5.22.0 

func (DataConnectorOfficeAtpMapOutput) ElementType() reflect.Type

func (DataConnectorOfficeAtpMapOutput) MapIndex added in v5.22.0 

func (o DataConnectorOfficeAtpMapOutput) MapIndex(k pulumi.StringInput) DataConnectorOfficeAtpOutput

func (DataConnectorOfficeAtpMapOutput) ToDataConnectorOfficeAtpMapOutput added in v5.22.0 

func (o DataConnectorOfficeAtpMapOutput) ToDataConnectorOfficeAtpMapOutput() DataConnectorOfficeAtpMapOutput

func (DataConnectorOfficeAtpMapOutput) ToDataConnectorOfficeAtpMapOutputWithContext added in v5.22.0 

func (o DataConnectorOfficeAtpMapOutput) ToDataConnectorOfficeAtpMapOutputWithContext(ctx context.Context) DataConnectorOfficeAtpMapOutput

type DataConnectorOfficeAtpOutput added in v5.22.0 

type DataConnectorOfficeAtpOutput struct{ *pulumi.OutputState }

func (DataConnectorOfficeAtpOutput) ElementType added in v5.22.0 

func (DataConnectorOfficeAtpOutput) ElementType() reflect.Type

func (DataConnectorOfficeAtpOutput) LogAnalyticsWorkspaceId added in v5.22.0 

func (o DataConnectorOfficeAtpOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Office ATP Data Connector resides in. Changing this forces a new Office ATP Data Connector to be created.

func (DataConnectorOfficeAtpOutput) Name added in v5.22.0 

func (o DataConnectorOfficeAtpOutput) Name() pulumi.StringOutput

The name which should be used for this Office ATP Data Connector. Changing this forces a new Office ATP Data Connector to be created.

func (DataConnectorOfficeAtpOutput) TenantId added in v5.22.0 

func (o DataConnectorOfficeAtpOutput) TenantId() pulumi.StringOutput

The ID of the tenant that this Office ATP Data Connector connects to. Changing this forces a new Office ATP Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorOfficeAtpOutput) ToDataConnectorOfficeAtpOutput added in v5.22.0 

func (o DataConnectorOfficeAtpOutput) ToDataConnectorOfficeAtpOutput() DataConnectorOfficeAtpOutput

func (DataConnectorOfficeAtpOutput) ToDataConnectorOfficeAtpOutputWithContext added in v5.22.0 

func (o DataConnectorOfficeAtpOutput) ToDataConnectorOfficeAtpOutputWithContext(ctx context.Context) DataConnectorOfficeAtpOutput

type DataConnectorOfficeAtpState added in v5.22.0 

type DataConnectorOfficeAtpState struct {
	// The ID of the Log Analytics Workspace that this Office ATP Data Connector resides in. Changing this forces a new Office ATP Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Office ATP Data Connector. Changing this forces a new Office ATP Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Office ATP Data Connector connects to. Changing this forces a new Office ATP Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorOfficeAtpState) ElementType added in v5.22.0 

func (DataConnectorOfficeAtpState) ElementType() reflect.Type

type DataConnectorOfficeIrm added in v5.23.0 

type DataConnectorOfficeIrm struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Office IRM Data Connector resides in. Changing this forces a new Office IRM Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Office IRM Data Connector. Changing this forces a new Office IRM Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Office IRM Data Connector connects to. Changing this forces a new Office IRM Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages an Office IRM Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorOfficeIrm(ctx, "example", &sentinel.DataConnectorOfficeIrmArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Office IRM Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorOfficeIrm:DataConnectorOfficeIrm example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorOfficeIrm added in v5.23.0 

func GetDataConnectorOfficeIrm(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorOfficeIrmState, opts ...pulumi.ResourceOption) (*DataConnectorOfficeIrm, error)

GetDataConnectorOfficeIrm gets an existing DataConnectorOfficeIrm resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorOfficeIrm added in v5.23.0 

func NewDataConnectorOfficeIrm(ctx *pulumi.Context,
	name string, args *DataConnectorOfficeIrmArgs, opts ...pulumi.ResourceOption) (*DataConnectorOfficeIrm, error)

NewDataConnectorOfficeIrm registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorOfficeIrm) ElementType added in v5.23.0 

func (*DataConnectorOfficeIrm) ElementType() reflect.Type

func (*DataConnectorOfficeIrm) ToDataConnectorOfficeIrmOutput added in v5.23.0 

func (i *DataConnectorOfficeIrm) ToDataConnectorOfficeIrmOutput() DataConnectorOfficeIrmOutput

func (*DataConnectorOfficeIrm) ToDataConnectorOfficeIrmOutputWithContext added in v5.23.0 

func (i *DataConnectorOfficeIrm) ToDataConnectorOfficeIrmOutputWithContext(ctx context.Context) DataConnectorOfficeIrmOutput

type DataConnectorOfficeIrmArgs added in v5.23.0 

type DataConnectorOfficeIrmArgs struct {
	// The ID of the Log Analytics Workspace that this Office IRM Data Connector resides in. Changing this forces a new Office IRM Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Office IRM Data Connector. Changing this forces a new Office IRM Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Office IRM Data Connector connects to. Changing this forces a new Office IRM Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorOfficeIrm resource.

func (DataConnectorOfficeIrmArgs) ElementType added in v5.23.0 

func (DataConnectorOfficeIrmArgs) ElementType() reflect.Type

type DataConnectorOfficeIrmArray added in v5.23.0 

type DataConnectorOfficeIrmArray []DataConnectorOfficeIrmInput

func (DataConnectorOfficeIrmArray) ElementType added in v5.23.0 

func (DataConnectorOfficeIrmArray) ElementType() reflect.Type

func (DataConnectorOfficeIrmArray) ToDataConnectorOfficeIrmArrayOutput added in v5.23.0 

func (i DataConnectorOfficeIrmArray) ToDataConnectorOfficeIrmArrayOutput() DataConnectorOfficeIrmArrayOutput

func (DataConnectorOfficeIrmArray) ToDataConnectorOfficeIrmArrayOutputWithContext added in v5.23.0 

func (i DataConnectorOfficeIrmArray) ToDataConnectorOfficeIrmArrayOutputWithContext(ctx context.Context) DataConnectorOfficeIrmArrayOutput

type DataConnectorOfficeIrmArrayInput added in v5.23.0 

type DataConnectorOfficeIrmArrayInput interface {
	pulumi.Input

	ToDataConnectorOfficeIrmArrayOutput() DataConnectorOfficeIrmArrayOutput
	ToDataConnectorOfficeIrmArrayOutputWithContext(context.Context) DataConnectorOfficeIrmArrayOutput
}

DataConnectorOfficeIrmArrayInput is an input type that accepts DataConnectorOfficeIrmArray and DataConnectorOfficeIrmArrayOutput values. You can construct a concrete instance of `DataConnectorOfficeIrmArrayInput` via: 

DataConnectorOfficeIrmArray{ DataConnectorOfficeIrmArgs{...} }

type DataConnectorOfficeIrmArrayOutput added in v5.23.0 

type DataConnectorOfficeIrmArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorOfficeIrmArrayOutput) ElementType added in v5.23.0 

func (DataConnectorOfficeIrmArrayOutput) ElementType() reflect.Type

func (DataConnectorOfficeIrmArrayOutput) Index added in v5.23.0 

func (o DataConnectorOfficeIrmArrayOutput) Index(i pulumi.IntInput) DataConnectorOfficeIrmOutput

func (DataConnectorOfficeIrmArrayOutput) ToDataConnectorOfficeIrmArrayOutput added in v5.23.0 

func (o DataConnectorOfficeIrmArrayOutput) ToDataConnectorOfficeIrmArrayOutput() DataConnectorOfficeIrmArrayOutput

func (DataConnectorOfficeIrmArrayOutput) ToDataConnectorOfficeIrmArrayOutputWithContext added in v5.23.0 

func (o DataConnectorOfficeIrmArrayOutput) ToDataConnectorOfficeIrmArrayOutputWithContext(ctx context.Context) DataConnectorOfficeIrmArrayOutput

type DataConnectorOfficeIrmInput added in v5.23.0 

type DataConnectorOfficeIrmInput interface {
	pulumi.Input

	ToDataConnectorOfficeIrmOutput() DataConnectorOfficeIrmOutput
	ToDataConnectorOfficeIrmOutputWithContext(ctx context.Context) DataConnectorOfficeIrmOutput
}

type DataConnectorOfficeIrmMap added in v5.23.0 

type DataConnectorOfficeIrmMap map[string]DataConnectorOfficeIrmInput

func (DataConnectorOfficeIrmMap) ElementType added in v5.23.0 

func (DataConnectorOfficeIrmMap) ElementType() reflect.Type

func (DataConnectorOfficeIrmMap) ToDataConnectorOfficeIrmMapOutput added in v5.23.0 

func (i DataConnectorOfficeIrmMap) ToDataConnectorOfficeIrmMapOutput() DataConnectorOfficeIrmMapOutput

func (DataConnectorOfficeIrmMap) ToDataConnectorOfficeIrmMapOutputWithContext added in v5.23.0 

func (i DataConnectorOfficeIrmMap) ToDataConnectorOfficeIrmMapOutputWithContext(ctx context.Context) DataConnectorOfficeIrmMapOutput

type DataConnectorOfficeIrmMapInput added in v5.23.0 

type DataConnectorOfficeIrmMapInput interface {
	pulumi.Input

	ToDataConnectorOfficeIrmMapOutput() DataConnectorOfficeIrmMapOutput
	ToDataConnectorOfficeIrmMapOutputWithContext(context.Context) DataConnectorOfficeIrmMapOutput
}

DataConnectorOfficeIrmMapInput is an input type that accepts DataConnectorOfficeIrmMap and DataConnectorOfficeIrmMapOutput values. You can construct a concrete instance of `DataConnectorOfficeIrmMapInput` via: 

DataConnectorOfficeIrmMap{ "key": DataConnectorOfficeIrmArgs{...} }

type DataConnectorOfficeIrmMapOutput added in v5.23.0 

type DataConnectorOfficeIrmMapOutput struct{ *pulumi.OutputState }

func (DataConnectorOfficeIrmMapOutput) ElementType added in v5.23.0 

func (DataConnectorOfficeIrmMapOutput) ElementType() reflect.Type

func (DataConnectorOfficeIrmMapOutput) MapIndex added in v5.23.0 

func (o DataConnectorOfficeIrmMapOutput) MapIndex(k pulumi.StringInput) DataConnectorOfficeIrmOutput

func (DataConnectorOfficeIrmMapOutput) ToDataConnectorOfficeIrmMapOutput added in v5.23.0 

func (o DataConnectorOfficeIrmMapOutput) ToDataConnectorOfficeIrmMapOutput() DataConnectorOfficeIrmMapOutput

func (DataConnectorOfficeIrmMapOutput) ToDataConnectorOfficeIrmMapOutputWithContext added in v5.23.0 

func (o DataConnectorOfficeIrmMapOutput) ToDataConnectorOfficeIrmMapOutputWithContext(ctx context.Context) DataConnectorOfficeIrmMapOutput

type DataConnectorOfficeIrmOutput added in v5.23.0 

type DataConnectorOfficeIrmOutput struct{ *pulumi.OutputState }

func (DataConnectorOfficeIrmOutput) ElementType added in v5.23.0 

func (DataConnectorOfficeIrmOutput) ElementType() reflect.Type

func (DataConnectorOfficeIrmOutput) LogAnalyticsWorkspaceId added in v5.23.0 

func (o DataConnectorOfficeIrmOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Office IRM Data Connector resides in. Changing this forces a new Office IRM Data Connector to be created.

func (DataConnectorOfficeIrmOutput) Name added in v5.23.0 

func (o DataConnectorOfficeIrmOutput) Name() pulumi.StringOutput

The name which should be used for this Office IRM Data Connector. Changing this forces a new Office IRM Data Connector to be created.

func (DataConnectorOfficeIrmOutput) TenantId added in v5.23.0 

func (o DataConnectorOfficeIrmOutput) TenantId() pulumi.StringOutput

The ID of the tenant that this Office IRM Data Connector connects to. Changing this forces a new Office IRM Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorOfficeIrmOutput) ToDataConnectorOfficeIrmOutput added in v5.23.0 

func (o DataConnectorOfficeIrmOutput) ToDataConnectorOfficeIrmOutput() DataConnectorOfficeIrmOutput

func (DataConnectorOfficeIrmOutput) ToDataConnectorOfficeIrmOutputWithContext added in v5.23.0 

func (o DataConnectorOfficeIrmOutput) ToDataConnectorOfficeIrmOutputWithContext(ctx context.Context) DataConnectorOfficeIrmOutput

type DataConnectorOfficeIrmState added in v5.23.0 

type DataConnectorOfficeIrmState struct {
	// The ID of the Log Analytics Workspace that this Office IRM Data Connector resides in. Changing this forces a new Office IRM Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Office IRM Data Connector. Changing this forces a new Office IRM Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Office IRM Data Connector connects to. Changing this forces a new Office IRM Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorOfficeIrmState) ElementType added in v5.23.0 

func (DataConnectorOfficeIrmState) ElementType() reflect.Type

type DataConnectorOfficePowerBi added in v5.23.0 

type DataConnectorOfficePowerBi struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Office Power BI Data Connector resides in. Changing this forces a new Office Power BI Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Office Power BI Data Connector. Changing this forces a new Office Power BI Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Office Power BI Data Connector connects to. Changing this forces a new Office Power BI Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages an Office Power BI Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorOfficePowerBi(ctx, "example", &sentinel.DataConnectorOfficePowerBiArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Office Power BI Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorOfficePowerBi:DataConnectorOfficePowerBi example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorOfficePowerBi added in v5.23.0 

func GetDataConnectorOfficePowerBi(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorOfficePowerBiState, opts ...pulumi.ResourceOption) (*DataConnectorOfficePowerBi, error)

GetDataConnectorOfficePowerBi gets an existing DataConnectorOfficePowerBi resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorOfficePowerBi added in v5.23.0 

func NewDataConnectorOfficePowerBi(ctx *pulumi.Context,
	name string, args *DataConnectorOfficePowerBiArgs, opts ...pulumi.ResourceOption) (*DataConnectorOfficePowerBi, error)

NewDataConnectorOfficePowerBi registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorOfficePowerBi) ElementType added in v5.23.0 

func (*DataConnectorOfficePowerBi) ElementType() reflect.Type

func (*DataConnectorOfficePowerBi) ToDataConnectorOfficePowerBiOutput added in v5.23.0 

func (i *DataConnectorOfficePowerBi) ToDataConnectorOfficePowerBiOutput() DataConnectorOfficePowerBiOutput

func (*DataConnectorOfficePowerBi) ToDataConnectorOfficePowerBiOutputWithContext added in v5.23.0 

func (i *DataConnectorOfficePowerBi) ToDataConnectorOfficePowerBiOutputWithContext(ctx context.Context) DataConnectorOfficePowerBiOutput

type DataConnectorOfficePowerBiArgs added in v5.23.0 

type DataConnectorOfficePowerBiArgs struct {
	// The ID of the Log Analytics Workspace that this Office Power BI Data Connector resides in. Changing this forces a new Office Power BI Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Office Power BI Data Connector. Changing this forces a new Office Power BI Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Office Power BI Data Connector connects to. Changing this forces a new Office Power BI Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorOfficePowerBi resource.

func (DataConnectorOfficePowerBiArgs) ElementType added in v5.23.0 

func (DataConnectorOfficePowerBiArgs) ElementType() reflect.Type

type DataConnectorOfficePowerBiArray added in v5.23.0 

type DataConnectorOfficePowerBiArray []DataConnectorOfficePowerBiInput

func (DataConnectorOfficePowerBiArray) ElementType added in v5.23.0 

func (DataConnectorOfficePowerBiArray) ElementType() reflect.Type

func (DataConnectorOfficePowerBiArray) ToDataConnectorOfficePowerBiArrayOutput added in v5.23.0 

func (i DataConnectorOfficePowerBiArray) ToDataConnectorOfficePowerBiArrayOutput() DataConnectorOfficePowerBiArrayOutput

func (DataConnectorOfficePowerBiArray) ToDataConnectorOfficePowerBiArrayOutputWithContext added in v5.23.0 

func (i DataConnectorOfficePowerBiArray) ToDataConnectorOfficePowerBiArrayOutputWithContext(ctx context.Context) DataConnectorOfficePowerBiArrayOutput

type DataConnectorOfficePowerBiArrayInput added in v5.23.0 

type DataConnectorOfficePowerBiArrayInput interface {
	pulumi.Input

	ToDataConnectorOfficePowerBiArrayOutput() DataConnectorOfficePowerBiArrayOutput
	ToDataConnectorOfficePowerBiArrayOutputWithContext(context.Context) DataConnectorOfficePowerBiArrayOutput
}

DataConnectorOfficePowerBiArrayInput is an input type that accepts DataConnectorOfficePowerBiArray and DataConnectorOfficePowerBiArrayOutput values. You can construct a concrete instance of `DataConnectorOfficePowerBiArrayInput` via: 

DataConnectorOfficePowerBiArray{ DataConnectorOfficePowerBiArgs{...} }

type DataConnectorOfficePowerBiArrayOutput added in v5.23.0 

type DataConnectorOfficePowerBiArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorOfficePowerBiArrayOutput) ElementType added in v5.23.0 

func (DataConnectorOfficePowerBiArrayOutput) ElementType() reflect.Type

func (DataConnectorOfficePowerBiArrayOutput) Index added in v5.23.0 

func (o DataConnectorOfficePowerBiArrayOutput) Index(i pulumi.IntInput) DataConnectorOfficePowerBiOutput

func (DataConnectorOfficePowerBiArrayOutput) ToDataConnectorOfficePowerBiArrayOutput added in v5.23.0 

func (o DataConnectorOfficePowerBiArrayOutput) ToDataConnectorOfficePowerBiArrayOutput() DataConnectorOfficePowerBiArrayOutput

func (DataConnectorOfficePowerBiArrayOutput) ToDataConnectorOfficePowerBiArrayOutputWithContext added in v5.23.0 

func (o DataConnectorOfficePowerBiArrayOutput) ToDataConnectorOfficePowerBiArrayOutputWithContext(ctx context.Context) DataConnectorOfficePowerBiArrayOutput

type DataConnectorOfficePowerBiInput added in v5.23.0 

type DataConnectorOfficePowerBiInput interface {
	pulumi.Input

	ToDataConnectorOfficePowerBiOutput() DataConnectorOfficePowerBiOutput
	ToDataConnectorOfficePowerBiOutputWithContext(ctx context.Context) DataConnectorOfficePowerBiOutput
}

type DataConnectorOfficePowerBiMap added in v5.23.0 

type DataConnectorOfficePowerBiMap map[string]DataConnectorOfficePowerBiInput

func (DataConnectorOfficePowerBiMap) ElementType added in v5.23.0 

func (DataConnectorOfficePowerBiMap) ElementType() reflect.Type

func (DataConnectorOfficePowerBiMap) ToDataConnectorOfficePowerBiMapOutput added in v5.23.0 

func (i DataConnectorOfficePowerBiMap) ToDataConnectorOfficePowerBiMapOutput() DataConnectorOfficePowerBiMapOutput

func (DataConnectorOfficePowerBiMap) ToDataConnectorOfficePowerBiMapOutputWithContext added in v5.23.0 

func (i DataConnectorOfficePowerBiMap) ToDataConnectorOfficePowerBiMapOutputWithContext(ctx context.Context) DataConnectorOfficePowerBiMapOutput

type DataConnectorOfficePowerBiMapInput added in v5.23.0 

type DataConnectorOfficePowerBiMapInput interface {
	pulumi.Input

	ToDataConnectorOfficePowerBiMapOutput() DataConnectorOfficePowerBiMapOutput
	ToDataConnectorOfficePowerBiMapOutputWithContext(context.Context) DataConnectorOfficePowerBiMapOutput
}

DataConnectorOfficePowerBiMapInput is an input type that accepts DataConnectorOfficePowerBiMap and DataConnectorOfficePowerBiMapOutput values. You can construct a concrete instance of `DataConnectorOfficePowerBiMapInput` via: 

DataConnectorOfficePowerBiMap{ "key": DataConnectorOfficePowerBiArgs{...} }

type DataConnectorOfficePowerBiMapOutput added in v5.23.0 

type DataConnectorOfficePowerBiMapOutput struct{ *pulumi.OutputState }

func (DataConnectorOfficePowerBiMapOutput) ElementType added in v5.23.0 

func (DataConnectorOfficePowerBiMapOutput) ElementType() reflect.Type

func (DataConnectorOfficePowerBiMapOutput) MapIndex added in v5.23.0 

func (o DataConnectorOfficePowerBiMapOutput) MapIndex(k pulumi.StringInput) DataConnectorOfficePowerBiOutput

func (DataConnectorOfficePowerBiMapOutput) ToDataConnectorOfficePowerBiMapOutput added in v5.23.0 

func (o DataConnectorOfficePowerBiMapOutput) ToDataConnectorOfficePowerBiMapOutput() DataConnectorOfficePowerBiMapOutput

func (DataConnectorOfficePowerBiMapOutput) ToDataConnectorOfficePowerBiMapOutputWithContext added in v5.23.0 

func (o DataConnectorOfficePowerBiMapOutput) ToDataConnectorOfficePowerBiMapOutputWithContext(ctx context.Context) DataConnectorOfficePowerBiMapOutput

type DataConnectorOfficePowerBiOutput added in v5.23.0 

type DataConnectorOfficePowerBiOutput struct{ *pulumi.OutputState }

func (DataConnectorOfficePowerBiOutput) ElementType added in v5.23.0 

func (DataConnectorOfficePowerBiOutput) ElementType() reflect.Type

func (DataConnectorOfficePowerBiOutput) LogAnalyticsWorkspaceId added in v5.23.0 

func (o DataConnectorOfficePowerBiOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Office Power BI Data Connector resides in. Changing this forces a new Office Power BI Data Connector to be created.

func (DataConnectorOfficePowerBiOutput) Name added in v5.23.0 

func (o DataConnectorOfficePowerBiOutput) Name() pulumi.StringOutput

The name which should be used for this Office Power BI Data Connector. Changing this forces a new Office Power BI Data Connector to be created.

func (DataConnectorOfficePowerBiOutput) TenantId added in v5.23.0 

func (o DataConnectorOfficePowerBiOutput) TenantId() pulumi.StringOutput

The ID of the tenant that this Office Power BI Data Connector connects to. Changing this forces a new Office Power BI Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorOfficePowerBiOutput) ToDataConnectorOfficePowerBiOutput added in v5.23.0 

func (o DataConnectorOfficePowerBiOutput) ToDataConnectorOfficePowerBiOutput() DataConnectorOfficePowerBiOutput

func (DataConnectorOfficePowerBiOutput) ToDataConnectorOfficePowerBiOutputWithContext added in v5.23.0 

func (o DataConnectorOfficePowerBiOutput) ToDataConnectorOfficePowerBiOutputWithContext(ctx context.Context) DataConnectorOfficePowerBiOutput

type DataConnectorOfficePowerBiState added in v5.23.0 

type DataConnectorOfficePowerBiState struct {
	// The ID of the Log Analytics Workspace that this Office Power BI Data Connector resides in. Changing this forces a new Office Power BI Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Office Power BI Data Connector. Changing this forces a new Office Power BI Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Office Power BI Data Connector connects to. Changing this forces a new Office Power BI Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorOfficePowerBiState) ElementType added in v5.23.0 

func (DataConnectorOfficePowerBiState) ElementType() reflect.Type

type DataConnectorThreatIntelligence 

type DataConnectorThreatIntelligence struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Threat Intelligence Data Connector resides in. Changing this forces a new Threat Intelligence Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The lookback date for the this Threat Intelligence Data Connector in RFC3339. Defaults to `1970-01-01T00:00:00Z`. Changing this forces a new resource to be created.
	LookbackDate pulumi.StringPtrOutput `pulumi:"lookbackDate"`
	// The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Threat Intelligence Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorThreatIntelligence(ctx, "example", &sentinel.DataConnectorThreatIntelligenceArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Threat Intelligence Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorThreatIntelligence:DataConnectorThreatIntelligence example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorThreatIntelligence 

func GetDataConnectorThreatIntelligence(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorThreatIntelligenceState, opts ...pulumi.ResourceOption) (*DataConnectorThreatIntelligence, error)

GetDataConnectorThreatIntelligence gets an existing DataConnectorThreatIntelligence resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorThreatIntelligence 

func NewDataConnectorThreatIntelligence(ctx *pulumi.Context,
	name string, args *DataConnectorThreatIntelligenceArgs, opts ...pulumi.ResourceOption) (*DataConnectorThreatIntelligence, error)

NewDataConnectorThreatIntelligence registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorThreatIntelligence) ElementType 

func (*DataConnectorThreatIntelligence) ElementType() reflect.Type

func (*DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutput 

func (i *DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutput() DataConnectorThreatIntelligenceOutput

func (*DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutputWithContext 

func (i *DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceOutput

type DataConnectorThreatIntelligenceArgs 

type DataConnectorThreatIntelligenceArgs struct {
	// The ID of the Log Analytics Workspace that this Threat Intelligence Data Connector resides in. Changing this forces a new Threat Intelligence Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The lookback date for the this Threat Intelligence Data Connector in RFC3339. Defaults to `1970-01-01T00:00:00Z`. Changing this forces a new resource to be created.
	LookbackDate pulumi.StringPtrInput
	// The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorThreatIntelligence resource.

func (DataConnectorThreatIntelligenceArgs) ElementType 

func (DataConnectorThreatIntelligenceArgs) ElementType() reflect.Type

type DataConnectorThreatIntelligenceArray 

type DataConnectorThreatIntelligenceArray []DataConnectorThreatIntelligenceInput

func (DataConnectorThreatIntelligenceArray) ElementType 

func (DataConnectorThreatIntelligenceArray) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutput 

func (i DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutput() DataConnectorThreatIntelligenceArrayOutput

func (DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutputWithContext 

func (i DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceArrayOutput

type DataConnectorThreatIntelligenceArrayInput 

type DataConnectorThreatIntelligenceArrayInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceArrayOutput() DataConnectorThreatIntelligenceArrayOutput
	ToDataConnectorThreatIntelligenceArrayOutputWithContext(context.Context) DataConnectorThreatIntelligenceArrayOutput
}

DataConnectorThreatIntelligenceArrayInput is an input type that accepts DataConnectorThreatIntelligenceArray and DataConnectorThreatIntelligenceArrayOutput values. You can construct a concrete instance of `DataConnectorThreatIntelligenceArrayInput` via: 

DataConnectorThreatIntelligenceArray{ DataConnectorThreatIntelligenceArgs{...} }

type DataConnectorThreatIntelligenceArrayOutput 

type DataConnectorThreatIntelligenceArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceArrayOutput) ElementType 

func (DataConnectorThreatIntelligenceArrayOutput) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceArrayOutput) Index 

func (o DataConnectorThreatIntelligenceArrayOutput) Index(i pulumi.IntInput) DataConnectorThreatIntelligenceOutput

func (DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutput 

func (o DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutput() DataConnectorThreatIntelligenceArrayOutput

func (DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutputWithContext 

func (o DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceArrayOutput

type DataConnectorThreatIntelligenceInput 

type DataConnectorThreatIntelligenceInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceOutput() DataConnectorThreatIntelligenceOutput
	ToDataConnectorThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceOutput
}

type DataConnectorThreatIntelligenceMap 

type DataConnectorThreatIntelligenceMap map[string]DataConnectorThreatIntelligenceInput

func (DataConnectorThreatIntelligenceMap) ElementType 

func (DataConnectorThreatIntelligenceMap) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutput 

func (i DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutput() DataConnectorThreatIntelligenceMapOutput

func (DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutputWithContext 

func (i DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceMapOutput

type DataConnectorThreatIntelligenceMapInput 

type DataConnectorThreatIntelligenceMapInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceMapOutput() DataConnectorThreatIntelligenceMapOutput
	ToDataConnectorThreatIntelligenceMapOutputWithContext(context.Context) DataConnectorThreatIntelligenceMapOutput
}

DataConnectorThreatIntelligenceMapInput is an input type that accepts DataConnectorThreatIntelligenceMap and DataConnectorThreatIntelligenceMapOutput values. You can construct a concrete instance of `DataConnectorThreatIntelligenceMapInput` via: 

DataConnectorThreatIntelligenceMap{ "key": DataConnectorThreatIntelligenceArgs{...} }

type DataConnectorThreatIntelligenceMapOutput 

type DataConnectorThreatIntelligenceMapOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceMapOutput) ElementType 

func (DataConnectorThreatIntelligenceMapOutput) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceMapOutput) MapIndex 

func (o DataConnectorThreatIntelligenceMapOutput) MapIndex(k pulumi.StringInput) DataConnectorThreatIntelligenceOutput

func (DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutput 

func (o DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutput() DataConnectorThreatIntelligenceMapOutput

func (DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutputWithContext 

func (o DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceMapOutput

type DataConnectorThreatIntelligenceOutput 

type DataConnectorThreatIntelligenceOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceOutput) ElementType 

func (DataConnectorThreatIntelligenceOutput) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o DataConnectorThreatIntelligenceOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Threat Intelligence Data Connector resides in. Changing this forces a new Threat Intelligence Data Connector to be created.

func (DataConnectorThreatIntelligenceOutput) LookbackDate added in v5.36.0 

func (o DataConnectorThreatIntelligenceOutput) LookbackDate() pulumi.StringPtrOutput

The lookback date for the this Threat Intelligence Data Connector in RFC3339. Defaults to `1970-01-01T00:00:00Z`. Changing this forces a new resource to be created.

func (DataConnectorThreatIntelligenceOutput) Name added in v5.5.0 

func (o DataConnectorThreatIntelligenceOutput) Name() pulumi.StringOutput

The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.

func (DataConnectorThreatIntelligenceOutput) TenantId added in v5.5.0 

func (o DataConnectorThreatIntelligenceOutput) TenantId() pulumi.StringOutput

The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutput 

func (o DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutput() DataConnectorThreatIntelligenceOutput

func (DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutputWithContext 

func (o DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceOutput

type DataConnectorThreatIntelligenceState 

type DataConnectorThreatIntelligenceState struct {
	// The ID of the Log Analytics Workspace that this Threat Intelligence Data Connector resides in. Changing this forces a new Threat Intelligence Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The lookback date for the this Threat Intelligence Data Connector in RFC3339. Defaults to `1970-01-01T00:00:00Z`. Changing this forces a new resource to be created.
	LookbackDate pulumi.StringPtrInput
	// The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorThreatIntelligenceState) ElementType 

func (DataConnectorThreatIntelligenceState) ElementType() reflect.Type

type DataConnectorThreatIntelligenceTaxii added in v5.31.0 

type DataConnectorThreatIntelligenceTaxii struct {
	pulumi.CustomResourceState

	// The API root URI of the TAXII server.
	ApiRootUrl pulumi.StringOutput `pulumi:"apiRootUrl"`
	// The collection ID of the TAXII server.
	CollectionId pulumi.StringOutput `pulumi:"collectionId"`
	// The friendly name which should be used for this Threat Intelligence TAXII Data Connector.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// The ID of the Log Analytics Workspace that this Threat Intelligence TAXII Data Connector resides in. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The lookback date for the TAXII server in RFC3339. Defaults to `1970-01-01T00:00:00Z`.
	LookbackDate pulumi.StringPtrOutput `pulumi:"lookbackDate"`
	// The name which should be used for this Threat Intelligence TAXII Data Connector. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The password for the TAXII server.
	Password pulumi.StringPtrOutput `pulumi:"password"`
	// The polling frequency for the TAXII server. Possible values are `OnceAMinute`, `OnceAnHour` and `OnceADay`. Defaults to `OnceAnHour`.
	PollingFrequency pulumi.StringPtrOutput `pulumi:"pollingFrequency"`
	// The ID of the tenant that this Threat Intelligence TAXII Data Connector connects to. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
	// The user name for the TAXII server.
	UserName pulumi.StringPtrOutput `pulumi:"userName"`
}

Manages an Threat Intelligence TAXII Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorThreatIntelligenceTaxii(ctx, "example", &sentinel.DataConnectorThreatIntelligenceTaxiiArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("example"),
			ApiRootUrl:              pulumi.String("https://foo/taxii2/api2/"),
			CollectionId:            pulumi.String("someid"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Threat Intelligence TAXII Data Connectors can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/dataConnectorThreatIntelligenceTaxii:DataConnectorThreatIntelligenceTaxii example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 ```

func GetDataConnectorThreatIntelligenceTaxii added in v5.31.0 

func GetDataConnectorThreatIntelligenceTaxii(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorThreatIntelligenceTaxiiState, opts ...pulumi.ResourceOption) (*DataConnectorThreatIntelligenceTaxii, error)

GetDataConnectorThreatIntelligenceTaxii gets an existing DataConnectorThreatIntelligenceTaxii resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorThreatIntelligenceTaxii added in v5.31.0 

func NewDataConnectorThreatIntelligenceTaxii(ctx *pulumi.Context,
	name string, args *DataConnectorThreatIntelligenceTaxiiArgs, opts ...pulumi.ResourceOption) (*DataConnectorThreatIntelligenceTaxii, error)

NewDataConnectorThreatIntelligenceTaxii registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorThreatIntelligenceTaxii) ElementType added in v5.31.0 

func (*DataConnectorThreatIntelligenceTaxii) ElementType() reflect.Type

func (*DataConnectorThreatIntelligenceTaxii) ToDataConnectorThreatIntelligenceTaxiiOutput added in v5.31.0 

func (i *DataConnectorThreatIntelligenceTaxii) ToDataConnectorThreatIntelligenceTaxiiOutput() DataConnectorThreatIntelligenceTaxiiOutput

func (*DataConnectorThreatIntelligenceTaxii) ToDataConnectorThreatIntelligenceTaxiiOutputWithContext added in v5.31.0 

func (i *DataConnectorThreatIntelligenceTaxii) ToDataConnectorThreatIntelligenceTaxiiOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceTaxiiOutput

type DataConnectorThreatIntelligenceTaxiiArgs added in v5.31.0 

type DataConnectorThreatIntelligenceTaxiiArgs struct {
	// The API root URI of the TAXII server.
	ApiRootUrl pulumi.StringInput
	// The collection ID of the TAXII server.
	CollectionId pulumi.StringInput
	// The friendly name which should be used for this Threat Intelligence TAXII Data Connector.
	DisplayName pulumi.StringInput
	// The ID of the Log Analytics Workspace that this Threat Intelligence TAXII Data Connector resides in. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The lookback date for the TAXII server in RFC3339. Defaults to `1970-01-01T00:00:00Z`.
	LookbackDate pulumi.StringPtrInput
	// The name which should be used for this Threat Intelligence TAXII Data Connector. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.
	Name pulumi.StringPtrInput
	// The password for the TAXII server.
	Password pulumi.StringPtrInput
	// The polling frequency for the TAXII server. Possible values are `OnceAMinute`, `OnceAnHour` and `OnceADay`. Defaults to `OnceAnHour`.
	PollingFrequency pulumi.StringPtrInput
	// The ID of the tenant that this Threat Intelligence TAXII Data Connector connects to. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
	// The user name for the TAXII server.
	UserName pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorThreatIntelligenceTaxii resource.

func (DataConnectorThreatIntelligenceTaxiiArgs) ElementType added in v5.31.0 

func (DataConnectorThreatIntelligenceTaxiiArgs) ElementType() reflect.Type

type DataConnectorThreatIntelligenceTaxiiArray added in v5.31.0 

type DataConnectorThreatIntelligenceTaxiiArray []DataConnectorThreatIntelligenceTaxiiInput

func (DataConnectorThreatIntelligenceTaxiiArray) ElementType added in v5.31.0 

func (DataConnectorThreatIntelligenceTaxiiArray) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceTaxiiArray) ToDataConnectorThreatIntelligenceTaxiiArrayOutput added in v5.31.0 

func (i DataConnectorThreatIntelligenceTaxiiArray) ToDataConnectorThreatIntelligenceTaxiiArrayOutput() DataConnectorThreatIntelligenceTaxiiArrayOutput

func (DataConnectorThreatIntelligenceTaxiiArray) ToDataConnectorThreatIntelligenceTaxiiArrayOutputWithContext added in v5.31.0 

func (i DataConnectorThreatIntelligenceTaxiiArray) ToDataConnectorThreatIntelligenceTaxiiArrayOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceTaxiiArrayOutput

type DataConnectorThreatIntelligenceTaxiiArrayInput added in v5.31.0 

type DataConnectorThreatIntelligenceTaxiiArrayInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceTaxiiArrayOutput() DataConnectorThreatIntelligenceTaxiiArrayOutput
	ToDataConnectorThreatIntelligenceTaxiiArrayOutputWithContext(context.Context) DataConnectorThreatIntelligenceTaxiiArrayOutput
}

DataConnectorThreatIntelligenceTaxiiArrayInput is an input type that accepts DataConnectorThreatIntelligenceTaxiiArray and DataConnectorThreatIntelligenceTaxiiArrayOutput values. You can construct a concrete instance of `DataConnectorThreatIntelligenceTaxiiArrayInput` via: 

DataConnectorThreatIntelligenceTaxiiArray{ DataConnectorThreatIntelligenceTaxiiArgs{...} }

type DataConnectorThreatIntelligenceTaxiiArrayOutput added in v5.31.0 

type DataConnectorThreatIntelligenceTaxiiArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceTaxiiArrayOutput) ElementType added in v5.31.0 

func (DataConnectorThreatIntelligenceTaxiiArrayOutput) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceTaxiiArrayOutput) Index added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiArrayOutput) Index(i pulumi.IntInput) DataConnectorThreatIntelligenceTaxiiOutput

func (DataConnectorThreatIntelligenceTaxiiArrayOutput) ToDataConnectorThreatIntelligenceTaxiiArrayOutput added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiArrayOutput) ToDataConnectorThreatIntelligenceTaxiiArrayOutput() DataConnectorThreatIntelligenceTaxiiArrayOutput

func (DataConnectorThreatIntelligenceTaxiiArrayOutput) ToDataConnectorThreatIntelligenceTaxiiArrayOutputWithContext added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiArrayOutput) ToDataConnectorThreatIntelligenceTaxiiArrayOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceTaxiiArrayOutput

type DataConnectorThreatIntelligenceTaxiiInput added in v5.31.0 

type DataConnectorThreatIntelligenceTaxiiInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceTaxiiOutput() DataConnectorThreatIntelligenceTaxiiOutput
	ToDataConnectorThreatIntelligenceTaxiiOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceTaxiiOutput
}

type DataConnectorThreatIntelligenceTaxiiMap added in v5.31.0 

type DataConnectorThreatIntelligenceTaxiiMap map[string]DataConnectorThreatIntelligenceTaxiiInput

func (DataConnectorThreatIntelligenceTaxiiMap) ElementType added in v5.31.0 

func (DataConnectorThreatIntelligenceTaxiiMap) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceTaxiiMap) ToDataConnectorThreatIntelligenceTaxiiMapOutput added in v5.31.0 

func (i DataConnectorThreatIntelligenceTaxiiMap) ToDataConnectorThreatIntelligenceTaxiiMapOutput() DataConnectorThreatIntelligenceTaxiiMapOutput

func (DataConnectorThreatIntelligenceTaxiiMap) ToDataConnectorThreatIntelligenceTaxiiMapOutputWithContext added in v5.31.0 

func (i DataConnectorThreatIntelligenceTaxiiMap) ToDataConnectorThreatIntelligenceTaxiiMapOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceTaxiiMapOutput

type DataConnectorThreatIntelligenceTaxiiMapInput added in v5.31.0 

type DataConnectorThreatIntelligenceTaxiiMapInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceTaxiiMapOutput() DataConnectorThreatIntelligenceTaxiiMapOutput
	ToDataConnectorThreatIntelligenceTaxiiMapOutputWithContext(context.Context) DataConnectorThreatIntelligenceTaxiiMapOutput
}

DataConnectorThreatIntelligenceTaxiiMapInput is an input type that accepts DataConnectorThreatIntelligenceTaxiiMap and DataConnectorThreatIntelligenceTaxiiMapOutput values. You can construct a concrete instance of `DataConnectorThreatIntelligenceTaxiiMapInput` via: 

DataConnectorThreatIntelligenceTaxiiMap{ "key": DataConnectorThreatIntelligenceTaxiiArgs{...} }

type DataConnectorThreatIntelligenceTaxiiMapOutput added in v5.31.0 

type DataConnectorThreatIntelligenceTaxiiMapOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceTaxiiMapOutput) ElementType added in v5.31.0 

func (DataConnectorThreatIntelligenceTaxiiMapOutput) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceTaxiiMapOutput) MapIndex added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiMapOutput) MapIndex(k pulumi.StringInput) DataConnectorThreatIntelligenceTaxiiOutput

func (DataConnectorThreatIntelligenceTaxiiMapOutput) ToDataConnectorThreatIntelligenceTaxiiMapOutput added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiMapOutput) ToDataConnectorThreatIntelligenceTaxiiMapOutput() DataConnectorThreatIntelligenceTaxiiMapOutput

func (DataConnectorThreatIntelligenceTaxiiMapOutput) ToDataConnectorThreatIntelligenceTaxiiMapOutputWithContext added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiMapOutput) ToDataConnectorThreatIntelligenceTaxiiMapOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceTaxiiMapOutput

type DataConnectorThreatIntelligenceTaxiiOutput added in v5.31.0 

type DataConnectorThreatIntelligenceTaxiiOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceTaxiiOutput) ApiRootUrl added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) ApiRootUrl() pulumi.StringOutput

The API root URI of the TAXII server.

func (DataConnectorThreatIntelligenceTaxiiOutput) CollectionId added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) CollectionId() pulumi.StringOutput

The collection ID of the TAXII server.

func (DataConnectorThreatIntelligenceTaxiiOutput) DisplayName added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) DisplayName() pulumi.StringOutput

The friendly name which should be used for this Threat Intelligence TAXII Data Connector.

func (DataConnectorThreatIntelligenceTaxiiOutput) ElementType added in v5.31.0 

func (DataConnectorThreatIntelligenceTaxiiOutput) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceTaxiiOutput) LogAnalyticsWorkspaceId added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Threat Intelligence TAXII Data Connector resides in. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.

func (DataConnectorThreatIntelligenceTaxiiOutput) LookbackDate added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) LookbackDate() pulumi.StringPtrOutput

The lookback date for the TAXII server in RFC3339. Defaults to `1970-01-01T00:00:00Z`.

func (DataConnectorThreatIntelligenceTaxiiOutput) Name added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) Name() pulumi.StringOutput

The name which should be used for this Threat Intelligence TAXII Data Connector. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.

func (DataConnectorThreatIntelligenceTaxiiOutput) Password added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) Password() pulumi.StringPtrOutput

The password for the TAXII server.

func (DataConnectorThreatIntelligenceTaxiiOutput) PollingFrequency added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) PollingFrequency() pulumi.StringPtrOutput

The polling frequency for the TAXII server. Possible values are `OnceAMinute`, `OnceAnHour` and `OnceADay`. Defaults to `OnceAnHour`.

func (DataConnectorThreatIntelligenceTaxiiOutput) TenantId added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) TenantId() pulumi.StringOutput

The ID of the tenant that this Threat Intelligence TAXII Data Connector connects to. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.

> **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.

func (DataConnectorThreatIntelligenceTaxiiOutput) ToDataConnectorThreatIntelligenceTaxiiOutput added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) ToDataConnectorThreatIntelligenceTaxiiOutput() DataConnectorThreatIntelligenceTaxiiOutput

func (DataConnectorThreatIntelligenceTaxiiOutput) ToDataConnectorThreatIntelligenceTaxiiOutputWithContext added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) ToDataConnectorThreatIntelligenceTaxiiOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceTaxiiOutput

func (DataConnectorThreatIntelligenceTaxiiOutput) UserName added in v5.31.0 

func (o DataConnectorThreatIntelligenceTaxiiOutput) UserName() pulumi.StringPtrOutput

The user name for the TAXII server.

type DataConnectorThreatIntelligenceTaxiiState added in v5.31.0 

type DataConnectorThreatIntelligenceTaxiiState struct {
	// The API root URI of the TAXII server.
	ApiRootUrl pulumi.StringPtrInput
	// The collection ID of the TAXII server.
	CollectionId pulumi.StringPtrInput
	// The friendly name which should be used for this Threat Intelligence TAXII Data Connector.
	DisplayName pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace that this Threat Intelligence TAXII Data Connector resides in. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The lookback date for the TAXII server in RFC3339. Defaults to `1970-01-01T00:00:00Z`.
	LookbackDate pulumi.StringPtrInput
	// The name which should be used for this Threat Intelligence TAXII Data Connector. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.
	Name pulumi.StringPtrInput
	// The password for the TAXII server.
	Password pulumi.StringPtrInput
	// The polling frequency for the TAXII server. Possible values are `OnceAMinute`, `OnceAnHour` and `OnceADay`. Defaults to `OnceAnHour`.
	PollingFrequency pulumi.StringPtrInput
	// The ID of the tenant that this Threat Intelligence TAXII Data Connector connects to. Changing this forces a new Threat Intelligence TAXII Data Connector to be created.
	//
	// > **NOTE** Currently, only the same tenant as the running account is allowed. Cross-tenant scenario is not supported yet.
	TenantId pulumi.StringPtrInput
	// The user name for the TAXII server.
	UserName pulumi.StringPtrInput
}

func (DataConnectorThreatIntelligenceTaxiiState) ElementType added in v5.31.0 

func (DataConnectorThreatIntelligenceTaxiiState) ElementType() reflect.Type

type GetAlertRuleAnomalyArgs added in v5.37.0 

type GetAlertRuleAnomalyArgs struct {
	// The display name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	//
	// > **NOTE** One of `name` or `displayName` must be specified.
	DisplayName *string `pulumi:"displayName"`
	// The ID of the Log Analytics Workspace.
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	// The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name *string `pulumi:"name"`
}

A collection of arguments for invoking getAlertRuleAnomaly.

type GetAlertRuleAnomalyMultiSelectObservation added in v5.37.0 

type GetAlertRuleAnomalyMultiSelectObservation struct {
	// The description of the threshold observation.
	Description string `pulumi:"description"`
	// The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name string `pulumi:"name"`
	// A list of supported values of the single select observation.
	SupportedValues []string `pulumi:"supportedValues"`
	// A list of values of the single select observation.
	Values []string `pulumi:"values"`
}

type GetAlertRuleAnomalyMultiSelectObservationArgs added in v5.37.0 

type GetAlertRuleAnomalyMultiSelectObservationArgs struct {
	// The description of the threshold observation.
	Description pulumi.StringInput `pulumi:"description"`
	// The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name pulumi.StringInput `pulumi:"name"`
	// A list of supported values of the single select observation.
	SupportedValues pulumi.StringArrayInput `pulumi:"supportedValues"`
	// A list of values of the single select observation.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (GetAlertRuleAnomalyMultiSelectObservationArgs) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyMultiSelectObservationArgs) ElementType() reflect.Type

func (GetAlertRuleAnomalyMultiSelectObservationArgs) ToGetAlertRuleAnomalyMultiSelectObservationOutput added in v5.37.0 

func (i GetAlertRuleAnomalyMultiSelectObservationArgs) ToGetAlertRuleAnomalyMultiSelectObservationOutput() GetAlertRuleAnomalyMultiSelectObservationOutput

func (GetAlertRuleAnomalyMultiSelectObservationArgs) ToGetAlertRuleAnomalyMultiSelectObservationOutputWithContext added in v5.37.0 

func (i GetAlertRuleAnomalyMultiSelectObservationArgs) ToGetAlertRuleAnomalyMultiSelectObservationOutputWithContext(ctx context.Context) GetAlertRuleAnomalyMultiSelectObservationOutput

type GetAlertRuleAnomalyMultiSelectObservationArray added in v5.37.0 

type GetAlertRuleAnomalyMultiSelectObservationArray []GetAlertRuleAnomalyMultiSelectObservationInput

func (GetAlertRuleAnomalyMultiSelectObservationArray) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyMultiSelectObservationArray) ElementType() reflect.Type

func (GetAlertRuleAnomalyMultiSelectObservationArray) ToGetAlertRuleAnomalyMultiSelectObservationArrayOutput added in v5.37.0 

func (i GetAlertRuleAnomalyMultiSelectObservationArray) ToGetAlertRuleAnomalyMultiSelectObservationArrayOutput() GetAlertRuleAnomalyMultiSelectObservationArrayOutput

func (GetAlertRuleAnomalyMultiSelectObservationArray) ToGetAlertRuleAnomalyMultiSelectObservationArrayOutputWithContext added in v5.37.0 

func (i GetAlertRuleAnomalyMultiSelectObservationArray) ToGetAlertRuleAnomalyMultiSelectObservationArrayOutputWithContext(ctx context.Context) GetAlertRuleAnomalyMultiSelectObservationArrayOutput

type GetAlertRuleAnomalyMultiSelectObservationArrayInput added in v5.37.0 

type GetAlertRuleAnomalyMultiSelectObservationArrayInput interface {
	pulumi.Input

	ToGetAlertRuleAnomalyMultiSelectObservationArrayOutput() GetAlertRuleAnomalyMultiSelectObservationArrayOutput
	ToGetAlertRuleAnomalyMultiSelectObservationArrayOutputWithContext(context.Context) GetAlertRuleAnomalyMultiSelectObservationArrayOutput
}

GetAlertRuleAnomalyMultiSelectObservationArrayInput is an input type that accepts GetAlertRuleAnomalyMultiSelectObservationArray and GetAlertRuleAnomalyMultiSelectObservationArrayOutput values. You can construct a concrete instance of `GetAlertRuleAnomalyMultiSelectObservationArrayInput` via: 

GetAlertRuleAnomalyMultiSelectObservationArray{ GetAlertRuleAnomalyMultiSelectObservationArgs{...} }

type GetAlertRuleAnomalyMultiSelectObservationArrayOutput added in v5.37.0 

type GetAlertRuleAnomalyMultiSelectObservationArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleAnomalyMultiSelectObservationArrayOutput) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyMultiSelectObservationArrayOutput) ElementType() reflect.Type

func (GetAlertRuleAnomalyMultiSelectObservationArrayOutput) Index added in v5.37.0 

func (o GetAlertRuleAnomalyMultiSelectObservationArrayOutput) Index(i pulumi.IntInput) GetAlertRuleAnomalyMultiSelectObservationOutput

func (GetAlertRuleAnomalyMultiSelectObservationArrayOutput) ToGetAlertRuleAnomalyMultiSelectObservationArrayOutput added in v5.37.0 

func (o GetAlertRuleAnomalyMultiSelectObservationArrayOutput) ToGetAlertRuleAnomalyMultiSelectObservationArrayOutput() GetAlertRuleAnomalyMultiSelectObservationArrayOutput

func (GetAlertRuleAnomalyMultiSelectObservationArrayOutput) ToGetAlertRuleAnomalyMultiSelectObservationArrayOutputWithContext added in v5.37.0 

func (o GetAlertRuleAnomalyMultiSelectObservationArrayOutput) ToGetAlertRuleAnomalyMultiSelectObservationArrayOutputWithContext(ctx context.Context) GetAlertRuleAnomalyMultiSelectObservationArrayOutput

type GetAlertRuleAnomalyMultiSelectObservationInput added in v5.37.0 

type GetAlertRuleAnomalyMultiSelectObservationInput interface {
	pulumi.Input

	ToGetAlertRuleAnomalyMultiSelectObservationOutput() GetAlertRuleAnomalyMultiSelectObservationOutput
	ToGetAlertRuleAnomalyMultiSelectObservationOutputWithContext(context.Context) GetAlertRuleAnomalyMultiSelectObservationOutput
}

GetAlertRuleAnomalyMultiSelectObservationInput is an input type that accepts GetAlertRuleAnomalyMultiSelectObservationArgs and GetAlertRuleAnomalyMultiSelectObservationOutput values. You can construct a concrete instance of `GetAlertRuleAnomalyMultiSelectObservationInput` via: 

GetAlertRuleAnomalyMultiSelectObservationArgs{...}

type GetAlertRuleAnomalyMultiSelectObservationOutput added in v5.37.0 

type GetAlertRuleAnomalyMultiSelectObservationOutput struct{ *pulumi.OutputState }

func (GetAlertRuleAnomalyMultiSelectObservationOutput) Description added in v5.37.0 

func (o GetAlertRuleAnomalyMultiSelectObservationOutput) Description() pulumi.StringOutput

The description of the threshold observation.

func (GetAlertRuleAnomalyMultiSelectObservationOutput) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyMultiSelectObservationOutput) ElementType() reflect.Type

func (GetAlertRuleAnomalyMultiSelectObservationOutput) Name added in v5.37.0 

func (o GetAlertRuleAnomalyMultiSelectObservationOutput) Name() pulumi.StringOutput

The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.

func (GetAlertRuleAnomalyMultiSelectObservationOutput) SupportedValues added in v5.37.0 

func (o GetAlertRuleAnomalyMultiSelectObservationOutput) SupportedValues() pulumi.StringArrayOutput

A list of supported values of the single select observation.

func (GetAlertRuleAnomalyMultiSelectObservationOutput) ToGetAlertRuleAnomalyMultiSelectObservationOutput added in v5.37.0 

func (o GetAlertRuleAnomalyMultiSelectObservationOutput) ToGetAlertRuleAnomalyMultiSelectObservationOutput() GetAlertRuleAnomalyMultiSelectObservationOutput

func (GetAlertRuleAnomalyMultiSelectObservationOutput) ToGetAlertRuleAnomalyMultiSelectObservationOutputWithContext added in v5.37.0 

func (o GetAlertRuleAnomalyMultiSelectObservationOutput) ToGetAlertRuleAnomalyMultiSelectObservationOutputWithContext(ctx context.Context) GetAlertRuleAnomalyMultiSelectObservationOutput

func (GetAlertRuleAnomalyMultiSelectObservationOutput) Values added in v5.37.0 

func (o GetAlertRuleAnomalyMultiSelectObservationOutput) Values() pulumi.StringArrayOutput

A list of values of the single select observation.

type GetAlertRuleAnomalyOutputArgs added in v5.37.0 

type GetAlertRuleAnomalyOutputArgs struct {
	// The display name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	//
	// > **NOTE** One of `name` or `displayName` must be specified.
	DisplayName pulumi.StringPtrInput `pulumi:"displayName"`
	// The ID of the Log Analytics Workspace.
	LogAnalyticsWorkspaceId pulumi.StringInput `pulumi:"logAnalyticsWorkspaceId"`
	// The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

A collection of arguments for invoking getAlertRuleAnomaly.

func (GetAlertRuleAnomalyOutputArgs) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyOutputArgs) ElementType() reflect.Type

type GetAlertRuleAnomalyPrioritizedExcludeObservation added in v5.37.0 

type GetAlertRuleAnomalyPrioritizedExcludeObservation struct {
	// The description of the threshold observation.
	Description string `pulumi:"description"`
	// The excluded value per `description`.
	Exclude string `pulumi:"exclude"`
	// The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name string `pulumi:"name"`
	// The prioritized value per `description`.
	Prioritize string `pulumi:"prioritize"`
}

type GetAlertRuleAnomalyPrioritizedExcludeObservationArgs added in v5.37.0 

type GetAlertRuleAnomalyPrioritizedExcludeObservationArgs struct {
	// The description of the threshold observation.
	Description pulumi.StringInput `pulumi:"description"`
	// The excluded value per `description`.
	Exclude pulumi.StringInput `pulumi:"exclude"`
	// The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name pulumi.StringInput `pulumi:"name"`
	// The prioritized value per `description`.
	Prioritize pulumi.StringInput `pulumi:"prioritize"`
}

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArgs) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArgs) ElementType() reflect.Type

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArgs) ToGetAlertRuleAnomalyPrioritizedExcludeObservationOutput added in v5.37.0 

func (i GetAlertRuleAnomalyPrioritizedExcludeObservationArgs) ToGetAlertRuleAnomalyPrioritizedExcludeObservationOutput() GetAlertRuleAnomalyPrioritizedExcludeObservationOutput

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArgs) ToGetAlertRuleAnomalyPrioritizedExcludeObservationOutputWithContext added in v5.37.0 

func (i GetAlertRuleAnomalyPrioritizedExcludeObservationArgs) ToGetAlertRuleAnomalyPrioritizedExcludeObservationOutputWithContext(ctx context.Context) GetAlertRuleAnomalyPrioritizedExcludeObservationOutput

type GetAlertRuleAnomalyPrioritizedExcludeObservationArray added in v5.37.0 

type GetAlertRuleAnomalyPrioritizedExcludeObservationArray []GetAlertRuleAnomalyPrioritizedExcludeObservationInput

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArray) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArray) ElementType() reflect.Type

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArray) ToGetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput added in v5.37.0 

func (i GetAlertRuleAnomalyPrioritizedExcludeObservationArray) ToGetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput() GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArray) ToGetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutputWithContext added in v5.37.0 

func (i GetAlertRuleAnomalyPrioritizedExcludeObservationArray) ToGetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutputWithContext(ctx context.Context) GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput

type GetAlertRuleAnomalyPrioritizedExcludeObservationArrayInput added in v5.37.0 

type GetAlertRuleAnomalyPrioritizedExcludeObservationArrayInput interface {
	pulumi.Input

	ToGetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput() GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput
	ToGetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutputWithContext(context.Context) GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput
}

GetAlertRuleAnomalyPrioritizedExcludeObservationArrayInput is an input type that accepts GetAlertRuleAnomalyPrioritizedExcludeObservationArray and GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput values. You can construct a concrete instance of `GetAlertRuleAnomalyPrioritizedExcludeObservationArrayInput` via: 

GetAlertRuleAnomalyPrioritizedExcludeObservationArray{ GetAlertRuleAnomalyPrioritizedExcludeObservationArgs{...} }

type GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput added in v5.37.0 

type GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput) ElementType() reflect.Type

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput) Index added in v5.37.0 

func (o GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput) Index(i pulumi.IntInput) GetAlertRuleAnomalyPrioritizedExcludeObservationOutput

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput) ToGetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput added in v5.37.0 

func (o GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput) ToGetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput() GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput

func (GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput) ToGetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutputWithContext added in v5.37.0 

func (o GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput) ToGetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutputWithContext(ctx context.Context) GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput

type GetAlertRuleAnomalyPrioritizedExcludeObservationInput added in v5.37.0 

type GetAlertRuleAnomalyPrioritizedExcludeObservationInput interface {
	pulumi.Input

	ToGetAlertRuleAnomalyPrioritizedExcludeObservationOutput() GetAlertRuleAnomalyPrioritizedExcludeObservationOutput
	ToGetAlertRuleAnomalyPrioritizedExcludeObservationOutputWithContext(context.Context) GetAlertRuleAnomalyPrioritizedExcludeObservationOutput
}

GetAlertRuleAnomalyPrioritizedExcludeObservationInput is an input type that accepts GetAlertRuleAnomalyPrioritizedExcludeObservationArgs and GetAlertRuleAnomalyPrioritizedExcludeObservationOutput values. You can construct a concrete instance of `GetAlertRuleAnomalyPrioritizedExcludeObservationInput` via: 

GetAlertRuleAnomalyPrioritizedExcludeObservationArgs{...}

type GetAlertRuleAnomalyPrioritizedExcludeObservationOutput added in v5.37.0 

type GetAlertRuleAnomalyPrioritizedExcludeObservationOutput struct{ *pulumi.OutputState }

func (GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) Description added in v5.37.0 

func (o GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) Description() pulumi.StringOutput

The description of the threshold observation.

func (GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) ElementType() reflect.Type

func (GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) Exclude added in v5.37.0 

func (o GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) Exclude() pulumi.StringOutput

The excluded value per `description`.

func (GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) Name added in v5.37.0 

func (o GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) Name() pulumi.StringOutput

The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.

func (GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) Prioritize added in v5.37.0 

func (o GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) Prioritize() pulumi.StringOutput

The prioritized value per `description`.

func (GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) ToGetAlertRuleAnomalyPrioritizedExcludeObservationOutput added in v5.37.0 

func (o GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) ToGetAlertRuleAnomalyPrioritizedExcludeObservationOutput() GetAlertRuleAnomalyPrioritizedExcludeObservationOutput

func (GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) ToGetAlertRuleAnomalyPrioritizedExcludeObservationOutputWithContext added in v5.37.0 

func (o GetAlertRuleAnomalyPrioritizedExcludeObservationOutput) ToGetAlertRuleAnomalyPrioritizedExcludeObservationOutputWithContext(ctx context.Context) GetAlertRuleAnomalyPrioritizedExcludeObservationOutput

type GetAlertRuleAnomalyRequiredDataConnector added in v5.37.0 

type GetAlertRuleAnomalyRequiredDataConnector struct {
	// The ID of the required Data Connector.
	ConnectorId string `pulumi:"connectorId"`
	// A list of data types of the required Data Connector.
	DataTypes []string `pulumi:"dataTypes"`
}

type GetAlertRuleAnomalyRequiredDataConnectorArgs added in v5.37.0 

type GetAlertRuleAnomalyRequiredDataConnectorArgs struct {
	// The ID of the required Data Connector.
	ConnectorId pulumi.StringInput `pulumi:"connectorId"`
	// A list of data types of the required Data Connector.
	DataTypes pulumi.StringArrayInput `pulumi:"dataTypes"`
}

func (GetAlertRuleAnomalyRequiredDataConnectorArgs) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyRequiredDataConnectorArgs) ElementType() reflect.Type

func (GetAlertRuleAnomalyRequiredDataConnectorArgs) ToGetAlertRuleAnomalyRequiredDataConnectorOutput added in v5.37.0 

func (i GetAlertRuleAnomalyRequiredDataConnectorArgs) ToGetAlertRuleAnomalyRequiredDataConnectorOutput() GetAlertRuleAnomalyRequiredDataConnectorOutput

func (GetAlertRuleAnomalyRequiredDataConnectorArgs) ToGetAlertRuleAnomalyRequiredDataConnectorOutputWithContext added in v5.37.0 

func (i GetAlertRuleAnomalyRequiredDataConnectorArgs) ToGetAlertRuleAnomalyRequiredDataConnectorOutputWithContext(ctx context.Context) GetAlertRuleAnomalyRequiredDataConnectorOutput

type GetAlertRuleAnomalyRequiredDataConnectorArray added in v5.37.0 

type GetAlertRuleAnomalyRequiredDataConnectorArray []GetAlertRuleAnomalyRequiredDataConnectorInput

func (GetAlertRuleAnomalyRequiredDataConnectorArray) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyRequiredDataConnectorArray) ElementType() reflect.Type

func (GetAlertRuleAnomalyRequiredDataConnectorArray) ToGetAlertRuleAnomalyRequiredDataConnectorArrayOutput added in v5.37.0 

func (i GetAlertRuleAnomalyRequiredDataConnectorArray) ToGetAlertRuleAnomalyRequiredDataConnectorArrayOutput() GetAlertRuleAnomalyRequiredDataConnectorArrayOutput

func (GetAlertRuleAnomalyRequiredDataConnectorArray) ToGetAlertRuleAnomalyRequiredDataConnectorArrayOutputWithContext added in v5.37.0 

func (i GetAlertRuleAnomalyRequiredDataConnectorArray) ToGetAlertRuleAnomalyRequiredDataConnectorArrayOutputWithContext(ctx context.Context) GetAlertRuleAnomalyRequiredDataConnectorArrayOutput

type GetAlertRuleAnomalyRequiredDataConnectorArrayInput added in v5.37.0 

type GetAlertRuleAnomalyRequiredDataConnectorArrayInput interface {
	pulumi.Input

	ToGetAlertRuleAnomalyRequiredDataConnectorArrayOutput() GetAlertRuleAnomalyRequiredDataConnectorArrayOutput
	ToGetAlertRuleAnomalyRequiredDataConnectorArrayOutputWithContext(context.Context) GetAlertRuleAnomalyRequiredDataConnectorArrayOutput
}

GetAlertRuleAnomalyRequiredDataConnectorArrayInput is an input type that accepts GetAlertRuleAnomalyRequiredDataConnectorArray and GetAlertRuleAnomalyRequiredDataConnectorArrayOutput values. You can construct a concrete instance of `GetAlertRuleAnomalyRequiredDataConnectorArrayInput` via: 

GetAlertRuleAnomalyRequiredDataConnectorArray{ GetAlertRuleAnomalyRequiredDataConnectorArgs{...} }

type GetAlertRuleAnomalyRequiredDataConnectorArrayOutput added in v5.37.0 

type GetAlertRuleAnomalyRequiredDataConnectorArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleAnomalyRequiredDataConnectorArrayOutput) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyRequiredDataConnectorArrayOutput) ElementType() reflect.Type

func (GetAlertRuleAnomalyRequiredDataConnectorArrayOutput) Index added in v5.37.0 

func (o GetAlertRuleAnomalyRequiredDataConnectorArrayOutput) Index(i pulumi.IntInput) GetAlertRuleAnomalyRequiredDataConnectorOutput

func (GetAlertRuleAnomalyRequiredDataConnectorArrayOutput) ToGetAlertRuleAnomalyRequiredDataConnectorArrayOutput added in v5.37.0 

func (o GetAlertRuleAnomalyRequiredDataConnectorArrayOutput) ToGetAlertRuleAnomalyRequiredDataConnectorArrayOutput() GetAlertRuleAnomalyRequiredDataConnectorArrayOutput

func (GetAlertRuleAnomalyRequiredDataConnectorArrayOutput) ToGetAlertRuleAnomalyRequiredDataConnectorArrayOutputWithContext added in v5.37.0 

func (o GetAlertRuleAnomalyRequiredDataConnectorArrayOutput) ToGetAlertRuleAnomalyRequiredDataConnectorArrayOutputWithContext(ctx context.Context) GetAlertRuleAnomalyRequiredDataConnectorArrayOutput

type GetAlertRuleAnomalyRequiredDataConnectorInput added in v5.37.0 

type GetAlertRuleAnomalyRequiredDataConnectorInput interface {
	pulumi.Input

	ToGetAlertRuleAnomalyRequiredDataConnectorOutput() GetAlertRuleAnomalyRequiredDataConnectorOutput
	ToGetAlertRuleAnomalyRequiredDataConnectorOutputWithContext(context.Context) GetAlertRuleAnomalyRequiredDataConnectorOutput
}

GetAlertRuleAnomalyRequiredDataConnectorInput is an input type that accepts GetAlertRuleAnomalyRequiredDataConnectorArgs and GetAlertRuleAnomalyRequiredDataConnectorOutput values. You can construct a concrete instance of `GetAlertRuleAnomalyRequiredDataConnectorInput` via: 

GetAlertRuleAnomalyRequiredDataConnectorArgs{...}

type GetAlertRuleAnomalyRequiredDataConnectorOutput added in v5.37.0 

type GetAlertRuleAnomalyRequiredDataConnectorOutput struct{ *pulumi.OutputState }

func (GetAlertRuleAnomalyRequiredDataConnectorOutput) ConnectorId added in v5.37.0 

func (o GetAlertRuleAnomalyRequiredDataConnectorOutput) ConnectorId() pulumi.StringOutput

The ID of the required Data Connector.

func (GetAlertRuleAnomalyRequiredDataConnectorOutput) DataTypes added in v5.37.0 

func (o GetAlertRuleAnomalyRequiredDataConnectorOutput) DataTypes() pulumi.StringArrayOutput

A list of data types of the required Data Connector.

func (GetAlertRuleAnomalyRequiredDataConnectorOutput) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyRequiredDataConnectorOutput) ElementType() reflect.Type

func (GetAlertRuleAnomalyRequiredDataConnectorOutput) ToGetAlertRuleAnomalyRequiredDataConnectorOutput added in v5.37.0 

func (o GetAlertRuleAnomalyRequiredDataConnectorOutput) ToGetAlertRuleAnomalyRequiredDataConnectorOutput() GetAlertRuleAnomalyRequiredDataConnectorOutput

func (GetAlertRuleAnomalyRequiredDataConnectorOutput) ToGetAlertRuleAnomalyRequiredDataConnectorOutputWithContext added in v5.37.0 

func (o GetAlertRuleAnomalyRequiredDataConnectorOutput) ToGetAlertRuleAnomalyRequiredDataConnectorOutputWithContext(ctx context.Context) GetAlertRuleAnomalyRequiredDataConnectorOutput

type GetAlertRuleAnomalyResult added in v5.37.0 

type GetAlertRuleAnomalyResult struct {
	// The version of the Anomaly Security ML Analytics Settings.
	AnomalySettingsVersion int `pulumi:"anomalySettingsVersion"`
	// The anomaly version of the Anomaly Alert Rule.
	AnomalyVersion string `pulumi:"anomalyVersion"`
	// The description of the threshold observation.
	Description string `pulumi:"description"`
	DisplayName string `pulumi:"displayName"`
	// Is the Anomaly Alert Rule enabled?
	Enabled bool `pulumi:"enabled"`
	// The frequency the Anomaly Alert Rule will be run.
	Frequency string `pulumi:"frequency"`
	// The provider-assigned unique ID for this managed resource.
	Id                      string `pulumi:"id"`
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	Mode                    string `pulumi:"mode"`
	// A list of `multiSelectObservation` blocks as defined below.
	MultiSelectObservations []GetAlertRuleAnomalyMultiSelectObservation `pulumi:"multiSelectObservations"`
	// The name of the threshold observation.
	Name string `pulumi:"name"`
	// A list of `prioritizedExcludeObservation` blocks as defined below.
	PrioritizedExcludeObservations []GetAlertRuleAnomalyPrioritizedExcludeObservation `pulumi:"prioritizedExcludeObservations"`
	// A `requiredDataConnector` block as defined below.
	RequiredDataConnectors []GetAlertRuleAnomalyRequiredDataConnector `pulumi:"requiredDataConnectors"`
	// The ID of the anomaly settings definition Id.
	SettingsDefinitionId string `pulumi:"settingsDefinitionId"`
	// A list of `singleSelectObservation` blocks as defined below.
	SingleSelectObservations []GetAlertRuleAnomalySingleSelectObservation `pulumi:"singleSelectObservations"`
	// A list of categories of attacks by which to classify the rule.
	Tactics []string `pulumi:"tactics"`
	// A list of techniques of attacks by which to classify the rule.
	Techniques []string `pulumi:"techniques"`
	// A list of `thresholdObservation` blocks as defined below.
	ThresholdObservations []GetAlertRuleAnomalyThresholdObservation `pulumi:"thresholdObservations"`
}

A collection of values returned by getAlertRuleAnomaly.

func GetAlertRuleAnomaly added in v5.37.0 

func GetAlertRuleAnomaly(ctx *pulumi.Context, args *GetAlertRuleAnomalyArgs, opts ...pulumi.InvokeOption) (*GetAlertRuleAnomalyResult, error)

Use this data source to access information about an existing Anomaly Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-law"),
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId:               exampleAnalyticsWorkspace.ID(),
			CustomerManagedKeyEnabled: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		example := sentinel.GetAlertRuleAnomalyOutput(ctx, sentinel.GetAlertRuleAnomalyOutputArgs{
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("Potential data staging"),
		}, nil)
		ctx.Export("id", example.ApplyT(func(example sentinel.GetAlertRuleAnomalyResult) (*string, error) {
			return &example.Id, nil
		}).(pulumi.StringPtrOutput))
		return nil
	})
}

```

type GetAlertRuleAnomalyResultOutput added in v5.37.0 

type GetAlertRuleAnomalyResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAlertRuleAnomaly.

func GetAlertRuleAnomalyOutput added in v5.37.0 

func GetAlertRuleAnomalyOutput(ctx *pulumi.Context, args GetAlertRuleAnomalyOutputArgs, opts ...pulumi.InvokeOption) GetAlertRuleAnomalyResultOutput

func (GetAlertRuleAnomalyResultOutput) AnomalySettingsVersion added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) AnomalySettingsVersion() pulumi.IntOutput

The version of the Anomaly Security ML Analytics Settings.

func (GetAlertRuleAnomalyResultOutput) AnomalyVersion added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) AnomalyVersion() pulumi.StringOutput

The anomaly version of the Anomaly Alert Rule.

func (GetAlertRuleAnomalyResultOutput) Description added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) Description() pulumi.StringOutput

The description of the threshold observation.

func (GetAlertRuleAnomalyResultOutput) DisplayName added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) DisplayName() pulumi.StringOutput

func (GetAlertRuleAnomalyResultOutput) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyResultOutput) ElementType() reflect.Type

func (GetAlertRuleAnomalyResultOutput) Enabled added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) Enabled() pulumi.BoolOutput

Is the Anomaly Alert Rule enabled?

func (GetAlertRuleAnomalyResultOutput) Frequency added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) Frequency() pulumi.StringOutput

The frequency the Anomaly Alert Rule will be run.

func (GetAlertRuleAnomalyResultOutput) Id added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAlertRuleAnomalyResultOutput) LogAnalyticsWorkspaceId added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

func (GetAlertRuleAnomalyResultOutput) Mode added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) Mode() pulumi.StringOutput

func (GetAlertRuleAnomalyResultOutput) MultiSelectObservations added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) MultiSelectObservations() GetAlertRuleAnomalyMultiSelectObservationArrayOutput

A list of `multiSelectObservation` blocks as defined below.

func (GetAlertRuleAnomalyResultOutput) Name added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) Name() pulumi.StringOutput

The name of the threshold observation.

func (GetAlertRuleAnomalyResultOutput) PrioritizedExcludeObservations added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) PrioritizedExcludeObservations() GetAlertRuleAnomalyPrioritizedExcludeObservationArrayOutput

A list of `prioritizedExcludeObservation` blocks as defined below.

func (GetAlertRuleAnomalyResultOutput) RequiredDataConnectors added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) RequiredDataConnectors() GetAlertRuleAnomalyRequiredDataConnectorArrayOutput

A `requiredDataConnector` block as defined below.

func (GetAlertRuleAnomalyResultOutput) SettingsDefinitionId added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) SettingsDefinitionId() pulumi.StringOutput

The ID of the anomaly settings definition Id.

func (GetAlertRuleAnomalyResultOutput) SingleSelectObservations added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) SingleSelectObservations() GetAlertRuleAnomalySingleSelectObservationArrayOutput

A list of `singleSelectObservation` blocks as defined below.

func (GetAlertRuleAnomalyResultOutput) Tactics added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) Tactics() pulumi.StringArrayOutput

A list of categories of attacks by which to classify the rule.

func (GetAlertRuleAnomalyResultOutput) Techniques added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) Techniques() pulumi.StringArrayOutput

A list of techniques of attacks by which to classify the rule.

func (GetAlertRuleAnomalyResultOutput) ThresholdObservations added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) ThresholdObservations() GetAlertRuleAnomalyThresholdObservationArrayOutput

A list of `thresholdObservation` blocks as defined below.

func (GetAlertRuleAnomalyResultOutput) ToGetAlertRuleAnomalyResultOutput added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) ToGetAlertRuleAnomalyResultOutput() GetAlertRuleAnomalyResultOutput

func (GetAlertRuleAnomalyResultOutput) ToGetAlertRuleAnomalyResultOutputWithContext added in v5.37.0 

func (o GetAlertRuleAnomalyResultOutput) ToGetAlertRuleAnomalyResultOutputWithContext(ctx context.Context) GetAlertRuleAnomalyResultOutput

type GetAlertRuleAnomalySingleSelectObservation added in v5.37.0 

type GetAlertRuleAnomalySingleSelectObservation struct {
	// The description of the threshold observation.
	Description string `pulumi:"description"`
	// The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name string `pulumi:"name"`
	// A list of supported values of the single select observation.
	SupportedValues []string `pulumi:"supportedValues"`
	// The value of the threshold observation.
	Value string `pulumi:"value"`
}

type GetAlertRuleAnomalySingleSelectObservationArgs added in v5.37.0 

type GetAlertRuleAnomalySingleSelectObservationArgs struct {
	// The description of the threshold observation.
	Description pulumi.StringInput `pulumi:"description"`
	// The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name pulumi.StringInput `pulumi:"name"`
	// A list of supported values of the single select observation.
	SupportedValues pulumi.StringArrayInput `pulumi:"supportedValues"`
	// The value of the threshold observation.
	Value pulumi.StringInput `pulumi:"value"`
}

func (GetAlertRuleAnomalySingleSelectObservationArgs) ElementType added in v5.37.0 

func (GetAlertRuleAnomalySingleSelectObservationArgs) ElementType() reflect.Type

func (GetAlertRuleAnomalySingleSelectObservationArgs) ToGetAlertRuleAnomalySingleSelectObservationOutput added in v5.37.0 

func (i GetAlertRuleAnomalySingleSelectObservationArgs) ToGetAlertRuleAnomalySingleSelectObservationOutput() GetAlertRuleAnomalySingleSelectObservationOutput

func (GetAlertRuleAnomalySingleSelectObservationArgs) ToGetAlertRuleAnomalySingleSelectObservationOutputWithContext added in v5.37.0 

func (i GetAlertRuleAnomalySingleSelectObservationArgs) ToGetAlertRuleAnomalySingleSelectObservationOutputWithContext(ctx context.Context) GetAlertRuleAnomalySingleSelectObservationOutput

type GetAlertRuleAnomalySingleSelectObservationArray added in v5.37.0 

type GetAlertRuleAnomalySingleSelectObservationArray []GetAlertRuleAnomalySingleSelectObservationInput

func (GetAlertRuleAnomalySingleSelectObservationArray) ElementType added in v5.37.0 

func (GetAlertRuleAnomalySingleSelectObservationArray) ElementType() reflect.Type

func (GetAlertRuleAnomalySingleSelectObservationArray) ToGetAlertRuleAnomalySingleSelectObservationArrayOutput added in v5.37.0 

func (i GetAlertRuleAnomalySingleSelectObservationArray) ToGetAlertRuleAnomalySingleSelectObservationArrayOutput() GetAlertRuleAnomalySingleSelectObservationArrayOutput

func (GetAlertRuleAnomalySingleSelectObservationArray) ToGetAlertRuleAnomalySingleSelectObservationArrayOutputWithContext added in v5.37.0 

func (i GetAlertRuleAnomalySingleSelectObservationArray) ToGetAlertRuleAnomalySingleSelectObservationArrayOutputWithContext(ctx context.Context) GetAlertRuleAnomalySingleSelectObservationArrayOutput

type GetAlertRuleAnomalySingleSelectObservationArrayInput added in v5.37.0 

type GetAlertRuleAnomalySingleSelectObservationArrayInput interface {
	pulumi.Input

	ToGetAlertRuleAnomalySingleSelectObservationArrayOutput() GetAlertRuleAnomalySingleSelectObservationArrayOutput
	ToGetAlertRuleAnomalySingleSelectObservationArrayOutputWithContext(context.Context) GetAlertRuleAnomalySingleSelectObservationArrayOutput
}

GetAlertRuleAnomalySingleSelectObservationArrayInput is an input type that accepts GetAlertRuleAnomalySingleSelectObservationArray and GetAlertRuleAnomalySingleSelectObservationArrayOutput values. You can construct a concrete instance of `GetAlertRuleAnomalySingleSelectObservationArrayInput` via: 

GetAlertRuleAnomalySingleSelectObservationArray{ GetAlertRuleAnomalySingleSelectObservationArgs{...} }

type GetAlertRuleAnomalySingleSelectObservationArrayOutput added in v5.37.0 

type GetAlertRuleAnomalySingleSelectObservationArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleAnomalySingleSelectObservationArrayOutput) ElementType added in v5.37.0 

func (GetAlertRuleAnomalySingleSelectObservationArrayOutput) ElementType() reflect.Type

func (GetAlertRuleAnomalySingleSelectObservationArrayOutput) Index added in v5.37.0 

func (o GetAlertRuleAnomalySingleSelectObservationArrayOutput) Index(i pulumi.IntInput) GetAlertRuleAnomalySingleSelectObservationOutput

func (GetAlertRuleAnomalySingleSelectObservationArrayOutput) ToGetAlertRuleAnomalySingleSelectObservationArrayOutput added in v5.37.0 

func (o GetAlertRuleAnomalySingleSelectObservationArrayOutput) ToGetAlertRuleAnomalySingleSelectObservationArrayOutput() GetAlertRuleAnomalySingleSelectObservationArrayOutput

func (GetAlertRuleAnomalySingleSelectObservationArrayOutput) ToGetAlertRuleAnomalySingleSelectObservationArrayOutputWithContext added in v5.37.0 

func (o GetAlertRuleAnomalySingleSelectObservationArrayOutput) ToGetAlertRuleAnomalySingleSelectObservationArrayOutputWithContext(ctx context.Context) GetAlertRuleAnomalySingleSelectObservationArrayOutput

type GetAlertRuleAnomalySingleSelectObservationInput added in v5.37.0 

type GetAlertRuleAnomalySingleSelectObservationInput interface {
	pulumi.Input

	ToGetAlertRuleAnomalySingleSelectObservationOutput() GetAlertRuleAnomalySingleSelectObservationOutput
	ToGetAlertRuleAnomalySingleSelectObservationOutputWithContext(context.Context) GetAlertRuleAnomalySingleSelectObservationOutput
}

GetAlertRuleAnomalySingleSelectObservationInput is an input type that accepts GetAlertRuleAnomalySingleSelectObservationArgs and GetAlertRuleAnomalySingleSelectObservationOutput values. You can construct a concrete instance of `GetAlertRuleAnomalySingleSelectObservationInput` via: 

GetAlertRuleAnomalySingleSelectObservationArgs{...}

type GetAlertRuleAnomalySingleSelectObservationOutput added in v5.37.0 

type GetAlertRuleAnomalySingleSelectObservationOutput struct{ *pulumi.OutputState }

func (GetAlertRuleAnomalySingleSelectObservationOutput) Description added in v5.37.0 

func (o GetAlertRuleAnomalySingleSelectObservationOutput) Description() pulumi.StringOutput

The description of the threshold observation.

func (GetAlertRuleAnomalySingleSelectObservationOutput) ElementType added in v5.37.0 

func (GetAlertRuleAnomalySingleSelectObservationOutput) ElementType() reflect.Type

func (GetAlertRuleAnomalySingleSelectObservationOutput) Name added in v5.37.0 

func (o GetAlertRuleAnomalySingleSelectObservationOutput) Name() pulumi.StringOutput

The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.

func (GetAlertRuleAnomalySingleSelectObservationOutput) SupportedValues added in v5.37.0 

func (o GetAlertRuleAnomalySingleSelectObservationOutput) SupportedValues() pulumi.StringArrayOutput

A list of supported values of the single select observation.

func (GetAlertRuleAnomalySingleSelectObservationOutput) ToGetAlertRuleAnomalySingleSelectObservationOutput added in v5.37.0 

func (o GetAlertRuleAnomalySingleSelectObservationOutput) ToGetAlertRuleAnomalySingleSelectObservationOutput() GetAlertRuleAnomalySingleSelectObservationOutput

func (GetAlertRuleAnomalySingleSelectObservationOutput) ToGetAlertRuleAnomalySingleSelectObservationOutputWithContext added in v5.37.0 

func (o GetAlertRuleAnomalySingleSelectObservationOutput) ToGetAlertRuleAnomalySingleSelectObservationOutputWithContext(ctx context.Context) GetAlertRuleAnomalySingleSelectObservationOutput

func (GetAlertRuleAnomalySingleSelectObservationOutput) Value added in v5.37.0 

func (o GetAlertRuleAnomalySingleSelectObservationOutput) Value() pulumi.StringOutput

The value of the threshold observation.

type GetAlertRuleAnomalyThresholdObservation added in v5.37.0 

type GetAlertRuleAnomalyThresholdObservation struct {
	// The description of the threshold observation.
	Description string `pulumi:"description"`
	// The max value of the threshold observation.
	Max string `pulumi:"max"`
	// The min value of the threshold observation.
	Min string `pulumi:"min"`
	// The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name string `pulumi:"name"`
	// The value of the threshold observation.
	Value string `pulumi:"value"`
}

type GetAlertRuleAnomalyThresholdObservationArgs added in v5.37.0 

type GetAlertRuleAnomalyThresholdObservationArgs struct {
	// The description of the threshold observation.
	Description pulumi.StringInput `pulumi:"description"`
	// The max value of the threshold observation.
	Max pulumi.StringInput `pulumi:"max"`
	// The min value of the threshold observation.
	Min pulumi.StringInput `pulumi:"min"`
	// The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name pulumi.StringInput `pulumi:"name"`
	// The value of the threshold observation.
	Value pulumi.StringInput `pulumi:"value"`
}

func (GetAlertRuleAnomalyThresholdObservationArgs) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyThresholdObservationArgs) ElementType() reflect.Type

func (GetAlertRuleAnomalyThresholdObservationArgs) ToGetAlertRuleAnomalyThresholdObservationOutput added in v5.37.0 

func (i GetAlertRuleAnomalyThresholdObservationArgs) ToGetAlertRuleAnomalyThresholdObservationOutput() GetAlertRuleAnomalyThresholdObservationOutput

func (GetAlertRuleAnomalyThresholdObservationArgs) ToGetAlertRuleAnomalyThresholdObservationOutputWithContext added in v5.37.0 

func (i GetAlertRuleAnomalyThresholdObservationArgs) ToGetAlertRuleAnomalyThresholdObservationOutputWithContext(ctx context.Context) GetAlertRuleAnomalyThresholdObservationOutput

type GetAlertRuleAnomalyThresholdObservationArray added in v5.37.0 

type GetAlertRuleAnomalyThresholdObservationArray []GetAlertRuleAnomalyThresholdObservationInput

func (GetAlertRuleAnomalyThresholdObservationArray) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyThresholdObservationArray) ElementType() reflect.Type

func (GetAlertRuleAnomalyThresholdObservationArray) ToGetAlertRuleAnomalyThresholdObservationArrayOutput added in v5.37.0 

func (i GetAlertRuleAnomalyThresholdObservationArray) ToGetAlertRuleAnomalyThresholdObservationArrayOutput() GetAlertRuleAnomalyThresholdObservationArrayOutput

func (GetAlertRuleAnomalyThresholdObservationArray) ToGetAlertRuleAnomalyThresholdObservationArrayOutputWithContext added in v5.37.0 

func (i GetAlertRuleAnomalyThresholdObservationArray) ToGetAlertRuleAnomalyThresholdObservationArrayOutputWithContext(ctx context.Context) GetAlertRuleAnomalyThresholdObservationArrayOutput

type GetAlertRuleAnomalyThresholdObservationArrayInput added in v5.37.0 

type GetAlertRuleAnomalyThresholdObservationArrayInput interface {
	pulumi.Input

	ToGetAlertRuleAnomalyThresholdObservationArrayOutput() GetAlertRuleAnomalyThresholdObservationArrayOutput
	ToGetAlertRuleAnomalyThresholdObservationArrayOutputWithContext(context.Context) GetAlertRuleAnomalyThresholdObservationArrayOutput
}

GetAlertRuleAnomalyThresholdObservationArrayInput is an input type that accepts GetAlertRuleAnomalyThresholdObservationArray and GetAlertRuleAnomalyThresholdObservationArrayOutput values. You can construct a concrete instance of `GetAlertRuleAnomalyThresholdObservationArrayInput` via: 

GetAlertRuleAnomalyThresholdObservationArray{ GetAlertRuleAnomalyThresholdObservationArgs{...} }

type GetAlertRuleAnomalyThresholdObservationArrayOutput added in v5.37.0 

type GetAlertRuleAnomalyThresholdObservationArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleAnomalyThresholdObservationArrayOutput) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyThresholdObservationArrayOutput) ElementType() reflect.Type

func (GetAlertRuleAnomalyThresholdObservationArrayOutput) Index added in v5.37.0 

func (o GetAlertRuleAnomalyThresholdObservationArrayOutput) Index(i pulumi.IntInput) GetAlertRuleAnomalyThresholdObservationOutput

func (GetAlertRuleAnomalyThresholdObservationArrayOutput) ToGetAlertRuleAnomalyThresholdObservationArrayOutput added in v5.37.0 

func (o GetAlertRuleAnomalyThresholdObservationArrayOutput) ToGetAlertRuleAnomalyThresholdObservationArrayOutput() GetAlertRuleAnomalyThresholdObservationArrayOutput

func (GetAlertRuleAnomalyThresholdObservationArrayOutput) ToGetAlertRuleAnomalyThresholdObservationArrayOutputWithContext added in v5.37.0 

func (o GetAlertRuleAnomalyThresholdObservationArrayOutput) ToGetAlertRuleAnomalyThresholdObservationArrayOutputWithContext(ctx context.Context) GetAlertRuleAnomalyThresholdObservationArrayOutput

type GetAlertRuleAnomalyThresholdObservationInput added in v5.37.0 

type GetAlertRuleAnomalyThresholdObservationInput interface {
	pulumi.Input

	ToGetAlertRuleAnomalyThresholdObservationOutput() GetAlertRuleAnomalyThresholdObservationOutput
	ToGetAlertRuleAnomalyThresholdObservationOutputWithContext(context.Context) GetAlertRuleAnomalyThresholdObservationOutput
}

GetAlertRuleAnomalyThresholdObservationInput is an input type that accepts GetAlertRuleAnomalyThresholdObservationArgs and GetAlertRuleAnomalyThresholdObservationOutput values. You can construct a concrete instance of `GetAlertRuleAnomalyThresholdObservationInput` via: 

GetAlertRuleAnomalyThresholdObservationArgs{...}

type GetAlertRuleAnomalyThresholdObservationOutput added in v5.37.0 

type GetAlertRuleAnomalyThresholdObservationOutput struct{ *pulumi.OutputState }

func (GetAlertRuleAnomalyThresholdObservationOutput) Description added in v5.37.0 

func (o GetAlertRuleAnomalyThresholdObservationOutput) Description() pulumi.StringOutput

The description of the threshold observation.

func (GetAlertRuleAnomalyThresholdObservationOutput) ElementType added in v5.37.0 

func (GetAlertRuleAnomalyThresholdObservationOutput) ElementType() reflect.Type

func (GetAlertRuleAnomalyThresholdObservationOutput) Max added in v5.37.0 

func (o GetAlertRuleAnomalyThresholdObservationOutput) Max() pulumi.StringOutput

The max value of the threshold observation.

func (GetAlertRuleAnomalyThresholdObservationOutput) Min added in v5.37.0 

func (o GetAlertRuleAnomalyThresholdObservationOutput) Min() pulumi.StringOutput

The min value of the threshold observation.

func (GetAlertRuleAnomalyThresholdObservationOutput) Name added in v5.37.0 

func (o GetAlertRuleAnomalyThresholdObservationOutput) Name() pulumi.StringOutput

The guid of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.

func (GetAlertRuleAnomalyThresholdObservationOutput) ToGetAlertRuleAnomalyThresholdObservationOutput added in v5.37.0 

func (o GetAlertRuleAnomalyThresholdObservationOutput) ToGetAlertRuleAnomalyThresholdObservationOutput() GetAlertRuleAnomalyThresholdObservationOutput

func (GetAlertRuleAnomalyThresholdObservationOutput) ToGetAlertRuleAnomalyThresholdObservationOutputWithContext added in v5.37.0 

func (o GetAlertRuleAnomalyThresholdObservationOutput) ToGetAlertRuleAnomalyThresholdObservationOutputWithContext(ctx context.Context) GetAlertRuleAnomalyThresholdObservationOutput

func (GetAlertRuleAnomalyThresholdObservationOutput) Value added in v5.37.0 

func (o GetAlertRuleAnomalyThresholdObservationOutput) Value() pulumi.StringOutput

The value of the threshold observation.

type GetAlertRuleArgs 

type GetAlertRuleArgs struct {
	// The ID of the Log Analytics Workspace this Sentinel Alert Rule belongs to.
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Alert Rule.
	Name string `pulumi:"name"`
}

A collection of arguments for invoking getAlertRule.

type GetAlertRuleOutputArgs 

type GetAlertRuleOutputArgs struct {
	// The ID of the Log Analytics Workspace this Sentinel Alert Rule belongs to.
	LogAnalyticsWorkspaceId pulumi.StringInput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Alert Rule.
	Name pulumi.StringInput `pulumi:"name"`
}

A collection of arguments for invoking getAlertRule.

func (GetAlertRuleOutputArgs) ElementType 

func (GetAlertRuleOutputArgs) ElementType() reflect.Type

type GetAlertRuleResult 

type GetAlertRuleResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id                      string `pulumi:"id"`
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	Name                    string `pulumi:"name"`
}

A collection of values returned by getAlertRule.

func GetAlertRule 

func GetAlertRule(ctx *pulumi.Context, args *GetAlertRuleArgs, opts ...pulumi.InvokeOption) (*GetAlertRuleResult, error)

Use this data source to access information about an existing Sentinel Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := operationalinsights.LookupAnalyticsWorkspace(ctx, &operationalinsights.LookupAnalyticsWorkspaceArgs{
			Name:              "example",
			ResourceGroupName: "example-resources",
		}, nil)
		if err != nil {
			return err
		}
		exampleGetAlertRule, err := sentinel.GetAlertRule(ctx, &sentinel.GetAlertRuleArgs{
			Name:                    "existing",
			LogAnalyticsWorkspaceId: example.Id,
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("id", exampleGetAlertRule.Id)
		return nil
	})
}

```

type GetAlertRuleResultOutput 

type GetAlertRuleResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAlertRule.

func GetAlertRuleOutput 

func GetAlertRuleOutput(ctx *pulumi.Context, args GetAlertRuleOutputArgs, opts ...pulumi.InvokeOption) GetAlertRuleResultOutput

func (GetAlertRuleResultOutput) ElementType 

func (GetAlertRuleResultOutput) ElementType() reflect.Type

func (GetAlertRuleResultOutput) Id 

func (o GetAlertRuleResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAlertRuleResultOutput) LogAnalyticsWorkspaceId 

func (o GetAlertRuleResultOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

func (GetAlertRuleResultOutput) Name 

func (o GetAlertRuleResultOutput) Name() pulumi.StringOutput

func (GetAlertRuleResultOutput) ToGetAlertRuleResultOutput 

func (o GetAlertRuleResultOutput) ToGetAlertRuleResultOutput() GetAlertRuleResultOutput

func (GetAlertRuleResultOutput) ToGetAlertRuleResultOutputWithContext 

func (o GetAlertRuleResultOutput) ToGetAlertRuleResultOutputWithContext(ctx context.Context) GetAlertRuleResultOutput

type GetAlertRuleTemplateArgs 

type GetAlertRuleTemplateArgs struct {
	// The display name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	//
	// > **NOTE** As `displayName` is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same `displayName`.
	DisplayName *string `pulumi:"displayName"`
	// The ID of the Log Analytics Workspace.
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	// The name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name *string `pulumi:"name"`
}

A collection of arguments for invoking getAlertRuleTemplate.

type GetAlertRuleTemplateNrtTemplate added in v5.18.0 

type GetAlertRuleTemplateNrtTemplate struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description string `pulumi:"description"`
	// The query of this Sentinel Scheduled Alert Rule Template.
	Query string `pulumi:"query"`
	// The alert severity of this Sentinel Scheduled Alert Rule Template.
	Severity string `pulumi:"severity"`
	// A list of categories of attacks by which to classify the rule.
	Tactics []string `pulumi:"tactics"`
}

type GetAlertRuleTemplateNrtTemplateArgs added in v5.18.0 

type GetAlertRuleTemplateNrtTemplateArgs struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description pulumi.StringInput `pulumi:"description"`
	// The query of this Sentinel Scheduled Alert Rule Template.
	Query pulumi.StringInput `pulumi:"query"`
	// The alert severity of this Sentinel Scheduled Alert Rule Template.
	Severity pulumi.StringInput `pulumi:"severity"`
	// A list of categories of attacks by which to classify the rule.
	Tactics pulumi.StringArrayInput `pulumi:"tactics"`
}

func (GetAlertRuleTemplateNrtTemplateArgs) ElementType added in v5.18.0 

func (GetAlertRuleTemplateNrtTemplateArgs) ElementType() reflect.Type

func (GetAlertRuleTemplateNrtTemplateArgs) ToGetAlertRuleTemplateNrtTemplateOutput added in v5.18.0 

func (i GetAlertRuleTemplateNrtTemplateArgs) ToGetAlertRuleTemplateNrtTemplateOutput() GetAlertRuleTemplateNrtTemplateOutput

func (GetAlertRuleTemplateNrtTemplateArgs) ToGetAlertRuleTemplateNrtTemplateOutputWithContext added in v5.18.0 

func (i GetAlertRuleTemplateNrtTemplateArgs) ToGetAlertRuleTemplateNrtTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateNrtTemplateOutput

type GetAlertRuleTemplateNrtTemplateArray added in v5.18.0 

type GetAlertRuleTemplateNrtTemplateArray []GetAlertRuleTemplateNrtTemplateInput

func (GetAlertRuleTemplateNrtTemplateArray) ElementType added in v5.18.0 

func (GetAlertRuleTemplateNrtTemplateArray) ElementType() reflect.Type

func (GetAlertRuleTemplateNrtTemplateArray) ToGetAlertRuleTemplateNrtTemplateArrayOutput added in v5.18.0 

func (i GetAlertRuleTemplateNrtTemplateArray) ToGetAlertRuleTemplateNrtTemplateArrayOutput() GetAlertRuleTemplateNrtTemplateArrayOutput

func (GetAlertRuleTemplateNrtTemplateArray) ToGetAlertRuleTemplateNrtTemplateArrayOutputWithContext added in v5.18.0 

func (i GetAlertRuleTemplateNrtTemplateArray) ToGetAlertRuleTemplateNrtTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateNrtTemplateArrayOutput

type GetAlertRuleTemplateNrtTemplateArrayInput added in v5.18.0 

type GetAlertRuleTemplateNrtTemplateArrayInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateNrtTemplateArrayOutput() GetAlertRuleTemplateNrtTemplateArrayOutput
	ToGetAlertRuleTemplateNrtTemplateArrayOutputWithContext(context.Context) GetAlertRuleTemplateNrtTemplateArrayOutput
}

GetAlertRuleTemplateNrtTemplateArrayInput is an input type that accepts GetAlertRuleTemplateNrtTemplateArray and GetAlertRuleTemplateNrtTemplateArrayOutput values. You can construct a concrete instance of `GetAlertRuleTemplateNrtTemplateArrayInput` via: 

GetAlertRuleTemplateNrtTemplateArray{ GetAlertRuleTemplateNrtTemplateArgs{...} }

type GetAlertRuleTemplateNrtTemplateArrayOutput added in v5.18.0 

type GetAlertRuleTemplateNrtTemplateArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateNrtTemplateArrayOutput) ElementType added in v5.18.0 

func (GetAlertRuleTemplateNrtTemplateArrayOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateNrtTemplateArrayOutput) Index added in v5.18.0 

func (o GetAlertRuleTemplateNrtTemplateArrayOutput) Index(i pulumi.IntInput) GetAlertRuleTemplateNrtTemplateOutput

func (GetAlertRuleTemplateNrtTemplateArrayOutput) ToGetAlertRuleTemplateNrtTemplateArrayOutput added in v5.18.0 

func (o GetAlertRuleTemplateNrtTemplateArrayOutput) ToGetAlertRuleTemplateNrtTemplateArrayOutput() GetAlertRuleTemplateNrtTemplateArrayOutput

func (GetAlertRuleTemplateNrtTemplateArrayOutput) ToGetAlertRuleTemplateNrtTemplateArrayOutputWithContext added in v5.18.0 

func (o GetAlertRuleTemplateNrtTemplateArrayOutput) ToGetAlertRuleTemplateNrtTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateNrtTemplateArrayOutput

type GetAlertRuleTemplateNrtTemplateInput added in v5.18.0 

type GetAlertRuleTemplateNrtTemplateInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateNrtTemplateOutput() GetAlertRuleTemplateNrtTemplateOutput
	ToGetAlertRuleTemplateNrtTemplateOutputWithContext(context.Context) GetAlertRuleTemplateNrtTemplateOutput
}

GetAlertRuleTemplateNrtTemplateInput is an input type that accepts GetAlertRuleTemplateNrtTemplateArgs and GetAlertRuleTemplateNrtTemplateOutput values. You can construct a concrete instance of `GetAlertRuleTemplateNrtTemplateInput` via: 

GetAlertRuleTemplateNrtTemplateArgs{...}

type GetAlertRuleTemplateNrtTemplateOutput added in v5.18.0 

type GetAlertRuleTemplateNrtTemplateOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateNrtTemplateOutput) Description added in v5.18.0 

func (o GetAlertRuleTemplateNrtTemplateOutput) Description() pulumi.StringOutput

The description of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateNrtTemplateOutput) ElementType added in v5.18.0 

func (GetAlertRuleTemplateNrtTemplateOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateNrtTemplateOutput) Query added in v5.18.0 

func (o GetAlertRuleTemplateNrtTemplateOutput) Query() pulumi.StringOutput

The query of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateNrtTemplateOutput) Severity added in v5.18.0 

func (o GetAlertRuleTemplateNrtTemplateOutput) Severity() pulumi.StringOutput

The alert severity of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateNrtTemplateOutput) Tactics added in v5.18.0 

func (o GetAlertRuleTemplateNrtTemplateOutput) Tactics() pulumi.StringArrayOutput

A list of categories of attacks by which to classify the rule.

func (GetAlertRuleTemplateNrtTemplateOutput) ToGetAlertRuleTemplateNrtTemplateOutput added in v5.18.0 

func (o GetAlertRuleTemplateNrtTemplateOutput) ToGetAlertRuleTemplateNrtTemplateOutput() GetAlertRuleTemplateNrtTemplateOutput

func (GetAlertRuleTemplateNrtTemplateOutput) ToGetAlertRuleTemplateNrtTemplateOutputWithContext added in v5.18.0 

func (o GetAlertRuleTemplateNrtTemplateOutput) ToGetAlertRuleTemplateNrtTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateNrtTemplateOutput

type GetAlertRuleTemplateOutputArgs 

type GetAlertRuleTemplateOutputArgs struct {
	// The display name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	//
	// > **NOTE** As `displayName` is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same `displayName`.
	DisplayName pulumi.StringPtrInput `pulumi:"displayName"`
	// The ID of the Log Analytics Workspace.
	LogAnalyticsWorkspaceId pulumi.StringInput `pulumi:"logAnalyticsWorkspaceId"`
	// The name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

A collection of arguments for invoking getAlertRuleTemplate.

func (GetAlertRuleTemplateOutputArgs) ElementType 

func (GetAlertRuleTemplateOutputArgs) ElementType() reflect.Type

type GetAlertRuleTemplateResult 

type GetAlertRuleTemplateResult struct {
	DisplayName string `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id                      string `pulumi:"id"`
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	Name                    string `pulumi:"name"`
	// A `nrtTemplate` block as defined below. This only applies to Sentinel NRT Alert Rule Template.
	NrtTemplates []GetAlertRuleTemplateNrtTemplate `pulumi:"nrtTemplates"`
	// A `scheduledTemplate` block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
	ScheduledTemplates []GetAlertRuleTemplateScheduledTemplate `pulumi:"scheduledTemplates"`
	// A `securityIncidentTemplate` block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
	SecurityIncidentTemplates []GetAlertRuleTemplateSecurityIncidentTemplate `pulumi:"securityIncidentTemplates"`
}

A collection of values returned by getAlertRuleTemplate.

func GetAlertRuleTemplate 

func GetAlertRuleTemplate(ctx *pulumi.Context, args *GetAlertRuleTemplateArgs, opts ...pulumi.InvokeOption) (*GetAlertRuleTemplateResult, error)

Use this data source to access information about an existing Sentinel Alert Rule Template.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := sentinel.GetAlertRuleTemplate(ctx, &sentinel.GetAlertRuleTemplateArgs{
			LogAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
			DisplayName:             pulumi.StringRef("Create incidents based on Azure Security Center for IoT alerts"),
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("id", example.Id)
		return nil
	})
}

```

type GetAlertRuleTemplateResultOutput 

type GetAlertRuleTemplateResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAlertRuleTemplate.

func GetAlertRuleTemplateOutput 

func GetAlertRuleTemplateOutput(ctx *pulumi.Context, args GetAlertRuleTemplateOutputArgs, opts ...pulumi.InvokeOption) GetAlertRuleTemplateResultOutput

func (GetAlertRuleTemplateResultOutput) DisplayName 

func (o GetAlertRuleTemplateResultOutput) DisplayName() pulumi.StringOutput

func (GetAlertRuleTemplateResultOutput) ElementType 

func (GetAlertRuleTemplateResultOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateResultOutput) Id 

func (o GetAlertRuleTemplateResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAlertRuleTemplateResultOutput) LogAnalyticsWorkspaceId 

func (o GetAlertRuleTemplateResultOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

func (GetAlertRuleTemplateResultOutput) Name 

func (o GetAlertRuleTemplateResultOutput) Name() pulumi.StringOutput

func (GetAlertRuleTemplateResultOutput) NrtTemplates added in v5.18.0 

func (o GetAlertRuleTemplateResultOutput) NrtTemplates() GetAlertRuleTemplateNrtTemplateArrayOutput

A `nrtTemplate` block as defined below. This only applies to Sentinel NRT Alert Rule Template.

func (GetAlertRuleTemplateResultOutput) ScheduledTemplates 

func (o GetAlertRuleTemplateResultOutput) ScheduledTemplates() GetAlertRuleTemplateScheduledTemplateArrayOutput

A `scheduledTemplate` block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateResultOutput) SecurityIncidentTemplates 

func (o GetAlertRuleTemplateResultOutput) SecurityIncidentTemplates() GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

A `securityIncidentTemplate` block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

func (GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutput 

func (o GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutput() GetAlertRuleTemplateResultOutput

func (GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutputWithContext 

func (o GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutputWithContext(ctx context.Context) GetAlertRuleTemplateResultOutput

type GetAlertRuleTemplateScheduledTemplate 

type GetAlertRuleTemplateScheduledTemplate struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description string `pulumi:"description"`
	// The query of this Sentinel Scheduled Alert Rule Template.
	Query string `pulumi:"query"`
	// The ISO 8601 timespan duration between two consecutive queries.
	QueryFrequency string `pulumi:"queryFrequency"`
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
	QueryPeriod string `pulumi:"queryPeriod"`
	// The alert severity of this Sentinel Scheduled Alert Rule Template.
	Severity string `pulumi:"severity"`
	// A list of categories of attacks by which to classify the rule.
	Tactics []string `pulumi:"tactics"`
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerOperator string `pulumi:"triggerOperator"`
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerThreshold int `pulumi:"triggerThreshold"`
}

type GetAlertRuleTemplateScheduledTemplateArgs 

type GetAlertRuleTemplateScheduledTemplateArgs struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description pulumi.StringInput `pulumi:"description"`
	// The query of this Sentinel Scheduled Alert Rule Template.
	Query pulumi.StringInput `pulumi:"query"`
	// The ISO 8601 timespan duration between two consecutive queries.
	QueryFrequency pulumi.StringInput `pulumi:"queryFrequency"`
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
	QueryPeriod pulumi.StringInput `pulumi:"queryPeriod"`
	// The alert severity of this Sentinel Scheduled Alert Rule Template.
	Severity pulumi.StringInput `pulumi:"severity"`
	// A list of categories of attacks by which to classify the rule.
	Tactics pulumi.StringArrayInput `pulumi:"tactics"`
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerOperator pulumi.StringInput `pulumi:"triggerOperator"`
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerThreshold pulumi.IntInput `pulumi:"triggerThreshold"`
}

func (GetAlertRuleTemplateScheduledTemplateArgs) ElementType 

func (GetAlertRuleTemplateScheduledTemplateArgs) ElementType() reflect.Type

func (GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutput 

func (i GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutput() GetAlertRuleTemplateScheduledTemplateOutput

func (GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext 

func (i GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateOutput

type GetAlertRuleTemplateScheduledTemplateArray 

type GetAlertRuleTemplateScheduledTemplateArray []GetAlertRuleTemplateScheduledTemplateInput

func (GetAlertRuleTemplateScheduledTemplateArray) ElementType 

func (GetAlertRuleTemplateScheduledTemplateArray) ElementType() reflect.Type

func (GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutput 

func (i GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutput() GetAlertRuleTemplateScheduledTemplateArrayOutput

func (GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext 

func (i GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateArrayOutput

type GetAlertRuleTemplateScheduledTemplateArrayInput 

type GetAlertRuleTemplateScheduledTemplateArrayInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateScheduledTemplateArrayOutput() GetAlertRuleTemplateScheduledTemplateArrayOutput
	ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext(context.Context) GetAlertRuleTemplateScheduledTemplateArrayOutput
}

GetAlertRuleTemplateScheduledTemplateArrayInput is an input type that accepts GetAlertRuleTemplateScheduledTemplateArray and GetAlertRuleTemplateScheduledTemplateArrayOutput values. You can construct a concrete instance of `GetAlertRuleTemplateScheduledTemplateArrayInput` via: 

GetAlertRuleTemplateScheduledTemplateArray{ GetAlertRuleTemplateScheduledTemplateArgs{...} }

type GetAlertRuleTemplateScheduledTemplateArrayOutput 

type GetAlertRuleTemplateScheduledTemplateArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) ElementType 

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) Index 

func (o GetAlertRuleTemplateScheduledTemplateArrayOutput) Index(i pulumi.IntInput) GetAlertRuleTemplateScheduledTemplateOutput

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutput 

func (o GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutput() GetAlertRuleTemplateScheduledTemplateArrayOutput

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext 

func (o GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateArrayOutput

type GetAlertRuleTemplateScheduledTemplateInput 

type GetAlertRuleTemplateScheduledTemplateInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateScheduledTemplateOutput() GetAlertRuleTemplateScheduledTemplateOutput
	ToGetAlertRuleTemplateScheduledTemplateOutputWithContext(context.Context) GetAlertRuleTemplateScheduledTemplateOutput
}

GetAlertRuleTemplateScheduledTemplateInput is an input type that accepts GetAlertRuleTemplateScheduledTemplateArgs and GetAlertRuleTemplateScheduledTemplateOutput values. You can construct a concrete instance of `GetAlertRuleTemplateScheduledTemplateInput` via: 

GetAlertRuleTemplateScheduledTemplateArgs{...}

type GetAlertRuleTemplateScheduledTemplateOutput 

type GetAlertRuleTemplateScheduledTemplateOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateScheduledTemplateOutput) Description 

func (o GetAlertRuleTemplateScheduledTemplateOutput) Description() pulumi.StringOutput

The description of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) ElementType 

func (GetAlertRuleTemplateScheduledTemplateOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateScheduledTemplateOutput) Query 

func (o GetAlertRuleTemplateScheduledTemplateOutput) Query() pulumi.StringOutput

The query of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) QueryFrequency 

func (o GetAlertRuleTemplateScheduledTemplateOutput) QueryFrequency() pulumi.StringOutput

The ISO 8601 timespan duration between two consecutive queries.

func (GetAlertRuleTemplateScheduledTemplateOutput) QueryPeriod 

func (o GetAlertRuleTemplateScheduledTemplateOutput) QueryPeriod() pulumi.StringOutput

The ISO 8601 timespan duration, which determine the time period of the data covered by the query.

func (GetAlertRuleTemplateScheduledTemplateOutput) Severity 

func (o GetAlertRuleTemplateScheduledTemplateOutput) Severity() pulumi.StringOutput

The alert severity of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) Tactics 

func (o GetAlertRuleTemplateScheduledTemplateOutput) Tactics() pulumi.StringArrayOutput

A list of categories of attacks by which to classify the rule.

func (GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutput 

func (o GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutput() GetAlertRuleTemplateScheduledTemplateOutput

func (GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext 

func (o GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateOutput

func (GetAlertRuleTemplateScheduledTemplateOutput) TriggerOperator 

func (o GetAlertRuleTemplateScheduledTemplateOutput) TriggerOperator() pulumi.StringOutput

The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) TriggerThreshold 

func (o GetAlertRuleTemplateScheduledTemplateOutput) TriggerThreshold() pulumi.IntOutput

The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

type GetAlertRuleTemplateSecurityIncidentTemplate 

type GetAlertRuleTemplateSecurityIncidentTemplate struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description string `pulumi:"description"`
	// The Microsoft Security Service from where the alert will be generated.
	ProductFilter string `pulumi:"productFilter"`
}

type GetAlertRuleTemplateSecurityIncidentTemplateArgs 

type GetAlertRuleTemplateSecurityIncidentTemplateArgs struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description pulumi.StringInput `pulumi:"description"`
	// The Microsoft Security Service from where the alert will be generated.
	ProductFilter pulumi.StringInput `pulumi:"productFilter"`
}

func (GetAlertRuleTemplateSecurityIncidentTemplateArgs) ElementType 

func (GetAlertRuleTemplateSecurityIncidentTemplateArgs) ElementType() reflect.Type

func (GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput 

func (i GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput() GetAlertRuleTemplateSecurityIncidentTemplateOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext 

func (i GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateOutput

type GetAlertRuleTemplateSecurityIncidentTemplateArray 

type GetAlertRuleTemplateSecurityIncidentTemplateArray []GetAlertRuleTemplateSecurityIncidentTemplateInput

func (GetAlertRuleTemplateSecurityIncidentTemplateArray) ElementType 

func (GetAlertRuleTemplateSecurityIncidentTemplateArray) ElementType() reflect.Type

func (GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput 

func (i GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput() GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext 

func (i GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

type GetAlertRuleTemplateSecurityIncidentTemplateArrayInput 

type GetAlertRuleTemplateSecurityIncidentTemplateArrayInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput() GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput
	ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext(context.Context) GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput
}

GetAlertRuleTemplateSecurityIncidentTemplateArrayInput is an input type that accepts GetAlertRuleTemplateSecurityIncidentTemplateArray and GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput values. You can construct a concrete instance of `GetAlertRuleTemplateSecurityIncidentTemplateArrayInput` via: 

GetAlertRuleTemplateSecurityIncidentTemplateArray{ GetAlertRuleTemplateSecurityIncidentTemplateArgs{...} }

type GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput 

type GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ElementType 

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) Index 

func (o GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) Index(i pulumi.IntInput) GetAlertRuleTemplateSecurityIncidentTemplateOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput 

func (o GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput() GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext 

func (o GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

type GetAlertRuleTemplateSecurityIncidentTemplateInput 

type GetAlertRuleTemplateSecurityIncidentTemplateInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateSecurityIncidentTemplateOutput() GetAlertRuleTemplateSecurityIncidentTemplateOutput
	ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext(context.Context) GetAlertRuleTemplateSecurityIncidentTemplateOutput
}

GetAlertRuleTemplateSecurityIncidentTemplateInput is an input type that accepts GetAlertRuleTemplateSecurityIncidentTemplateArgs and GetAlertRuleTemplateSecurityIncidentTemplateOutput values. You can construct a concrete instance of `GetAlertRuleTemplateSecurityIncidentTemplateInput` via: 

GetAlertRuleTemplateSecurityIncidentTemplateArgs{...}

type GetAlertRuleTemplateSecurityIncidentTemplateOutput 

type GetAlertRuleTemplateSecurityIncidentTemplateOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) Description 

func (o GetAlertRuleTemplateSecurityIncidentTemplateOutput) Description() pulumi.StringOutput

The description of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ElementType 

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ProductFilter 

func (o GetAlertRuleTemplateSecurityIncidentTemplateOutput) ProductFilter() pulumi.StringOutput

The Microsoft Security Service from where the alert will be generated.

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput 

func (o GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput() GetAlertRuleTemplateSecurityIncidentTemplateOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext 

func (o GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateOutput

type LogAnalyticsWorkspaceOnboarding added in v5.32.0 

type LogAnalyticsWorkspaceOnboarding struct {
	pulumi.CustomResourceState

	// Specifies if the Workspace is using Customer managed key. Defaults to `false`. Changing this forces a new resource to be created.
	//
	// > **Note:** To set up Microsoft Sentinel customer-managed key it needs to enable CMK on the workspace and add access policy to your Azure Key Vault. Details could be found on [this document](https://learn.microsoft.com/en-us/azure/sentinel/customer-managed-keys)
	//
	// > **Note:** Once a workspace is onboarded to Microsoft Sentinel with `customerManagedKeyEnabled` set to true, it will not be able to be onboarded again with `customerManagedKeyEnabled` set to false.
	CustomerManagedKeyEnabled pulumi.BoolPtrOutput `pulumi:"customerManagedKeyEnabled"`
	// Deprecated: this property has been deprecated in favour of `workspaceId`
	ResourceGroupName pulumi.StringOutput `pulumi:"resourceGroupName"`
	// Specifies the Workspace Id. Changing this forces the Log Analytics Workspace off the board and onboard again. Changing this forces a new resource to be created.
	WorkspaceId pulumi.StringOutput `pulumi:"workspaceId"`
	// Deprecated: this property will be removed in favour of `workspaceId` in version 4.0 of the AzureRM Provider
	WorkspaceName pulumi.StringOutput `pulumi:"workspaceName"`
}

Manages a Security Insights Sentinel Onboarding.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-law"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId:               exampleAnalyticsWorkspace.ID(),
			CustomerManagedKeyEnabled: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Security Insights Sentinel Onboarding States can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/logAnalyticsWorkspaceOnboarding:LogAnalyticsWorkspaceOnboarding example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/onboardingStates/defaults ```

func GetLogAnalyticsWorkspaceOnboarding added in v5.32.0 

func GetLogAnalyticsWorkspaceOnboarding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *LogAnalyticsWorkspaceOnboardingState, opts ...pulumi.ResourceOption) (*LogAnalyticsWorkspaceOnboarding, error)

GetLogAnalyticsWorkspaceOnboarding gets an existing LogAnalyticsWorkspaceOnboarding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewLogAnalyticsWorkspaceOnboarding added in v5.32.0 

func NewLogAnalyticsWorkspaceOnboarding(ctx *pulumi.Context,
	name string, args *LogAnalyticsWorkspaceOnboardingArgs, opts ...pulumi.ResourceOption) (*LogAnalyticsWorkspaceOnboarding, error)

NewLogAnalyticsWorkspaceOnboarding registers a new resource with the given unique name, arguments, and options.

func (*LogAnalyticsWorkspaceOnboarding) ElementType added in v5.32.0 

func (*LogAnalyticsWorkspaceOnboarding) ElementType() reflect.Type

func (*LogAnalyticsWorkspaceOnboarding) ToLogAnalyticsWorkspaceOnboardingOutput added in v5.32.0 

func (i *LogAnalyticsWorkspaceOnboarding) ToLogAnalyticsWorkspaceOnboardingOutput() LogAnalyticsWorkspaceOnboardingOutput

func (*LogAnalyticsWorkspaceOnboarding) ToLogAnalyticsWorkspaceOnboardingOutputWithContext added in v5.32.0 

func (i *LogAnalyticsWorkspaceOnboarding) ToLogAnalyticsWorkspaceOnboardingOutputWithContext(ctx context.Context) LogAnalyticsWorkspaceOnboardingOutput

type LogAnalyticsWorkspaceOnboardingArgs added in v5.32.0 

type LogAnalyticsWorkspaceOnboardingArgs struct {
	// Specifies if the Workspace is using Customer managed key. Defaults to `false`. Changing this forces a new resource to be created.
	//
	// > **Note:** To set up Microsoft Sentinel customer-managed key it needs to enable CMK on the workspace and add access policy to your Azure Key Vault. Details could be found on [this document](https://learn.microsoft.com/en-us/azure/sentinel/customer-managed-keys)
	//
	// > **Note:** Once a workspace is onboarded to Microsoft Sentinel with `customerManagedKeyEnabled` set to true, it will not be able to be onboarded again with `customerManagedKeyEnabled` set to false.
	CustomerManagedKeyEnabled pulumi.BoolPtrInput
	// Deprecated: this property has been deprecated in favour of `workspaceId`
	ResourceGroupName pulumi.StringPtrInput
	// Specifies the Workspace Id. Changing this forces the Log Analytics Workspace off the board and onboard again. Changing this forces a new resource to be created.
	WorkspaceId pulumi.StringPtrInput
	// Deprecated: this property will be removed in favour of `workspaceId` in version 4.0 of the AzureRM Provider
	WorkspaceName pulumi.StringPtrInput
}

The set of arguments for constructing a LogAnalyticsWorkspaceOnboarding resource.

func (LogAnalyticsWorkspaceOnboardingArgs) ElementType added in v5.32.0 

func (LogAnalyticsWorkspaceOnboardingArgs) ElementType() reflect.Type

type LogAnalyticsWorkspaceOnboardingArray added in v5.32.0 

type LogAnalyticsWorkspaceOnboardingArray []LogAnalyticsWorkspaceOnboardingInput

func (LogAnalyticsWorkspaceOnboardingArray) ElementType added in v5.32.0 

func (LogAnalyticsWorkspaceOnboardingArray) ElementType() reflect.Type

func (LogAnalyticsWorkspaceOnboardingArray) ToLogAnalyticsWorkspaceOnboardingArrayOutput added in v5.32.0 

func (i LogAnalyticsWorkspaceOnboardingArray) ToLogAnalyticsWorkspaceOnboardingArrayOutput() LogAnalyticsWorkspaceOnboardingArrayOutput

func (LogAnalyticsWorkspaceOnboardingArray) ToLogAnalyticsWorkspaceOnboardingArrayOutputWithContext added in v5.32.0 

func (i LogAnalyticsWorkspaceOnboardingArray) ToLogAnalyticsWorkspaceOnboardingArrayOutputWithContext(ctx context.Context) LogAnalyticsWorkspaceOnboardingArrayOutput

type LogAnalyticsWorkspaceOnboardingArrayInput added in v5.32.0 

type LogAnalyticsWorkspaceOnboardingArrayInput interface {
	pulumi.Input

	ToLogAnalyticsWorkspaceOnboardingArrayOutput() LogAnalyticsWorkspaceOnboardingArrayOutput
	ToLogAnalyticsWorkspaceOnboardingArrayOutputWithContext(context.Context) LogAnalyticsWorkspaceOnboardingArrayOutput
}

LogAnalyticsWorkspaceOnboardingArrayInput is an input type that accepts LogAnalyticsWorkspaceOnboardingArray and LogAnalyticsWorkspaceOnboardingArrayOutput values. You can construct a concrete instance of `LogAnalyticsWorkspaceOnboardingArrayInput` via: 

LogAnalyticsWorkspaceOnboardingArray{ LogAnalyticsWorkspaceOnboardingArgs{...} }

type LogAnalyticsWorkspaceOnboardingArrayOutput added in v5.32.0 

type LogAnalyticsWorkspaceOnboardingArrayOutput struct{ *pulumi.OutputState }

func (LogAnalyticsWorkspaceOnboardingArrayOutput) ElementType added in v5.32.0 

func (LogAnalyticsWorkspaceOnboardingArrayOutput) ElementType() reflect.Type

func (LogAnalyticsWorkspaceOnboardingArrayOutput) Index added in v5.32.0 

func (o LogAnalyticsWorkspaceOnboardingArrayOutput) Index(i pulumi.IntInput) LogAnalyticsWorkspaceOnboardingOutput

func (LogAnalyticsWorkspaceOnboardingArrayOutput) ToLogAnalyticsWorkspaceOnboardingArrayOutput added in v5.32.0 

func (o LogAnalyticsWorkspaceOnboardingArrayOutput) ToLogAnalyticsWorkspaceOnboardingArrayOutput() LogAnalyticsWorkspaceOnboardingArrayOutput

func (LogAnalyticsWorkspaceOnboardingArrayOutput) ToLogAnalyticsWorkspaceOnboardingArrayOutputWithContext added in v5.32.0 

func (o LogAnalyticsWorkspaceOnboardingArrayOutput) ToLogAnalyticsWorkspaceOnboardingArrayOutputWithContext(ctx context.Context) LogAnalyticsWorkspaceOnboardingArrayOutput

type LogAnalyticsWorkspaceOnboardingInput added in v5.32.0 

type LogAnalyticsWorkspaceOnboardingInput interface {
	pulumi.Input

	ToLogAnalyticsWorkspaceOnboardingOutput() LogAnalyticsWorkspaceOnboardingOutput
	ToLogAnalyticsWorkspaceOnboardingOutputWithContext(ctx context.Context) LogAnalyticsWorkspaceOnboardingOutput
}

type LogAnalyticsWorkspaceOnboardingMap added in v5.32.0 

type LogAnalyticsWorkspaceOnboardingMap map[string]LogAnalyticsWorkspaceOnboardingInput

func (LogAnalyticsWorkspaceOnboardingMap) ElementType added in v5.32.0 

func (LogAnalyticsWorkspaceOnboardingMap) ElementType() reflect.Type

func (LogAnalyticsWorkspaceOnboardingMap) ToLogAnalyticsWorkspaceOnboardingMapOutput added in v5.32.0 

func (i LogAnalyticsWorkspaceOnboardingMap) ToLogAnalyticsWorkspaceOnboardingMapOutput() LogAnalyticsWorkspaceOnboardingMapOutput

func (LogAnalyticsWorkspaceOnboardingMap) ToLogAnalyticsWorkspaceOnboardingMapOutputWithContext added in v5.32.0 

func (i LogAnalyticsWorkspaceOnboardingMap) ToLogAnalyticsWorkspaceOnboardingMapOutputWithContext(ctx context.Context) LogAnalyticsWorkspaceOnboardingMapOutput

type LogAnalyticsWorkspaceOnboardingMapInput added in v5.32.0 

type LogAnalyticsWorkspaceOnboardingMapInput interface {
	pulumi.Input

	ToLogAnalyticsWorkspaceOnboardingMapOutput() LogAnalyticsWorkspaceOnboardingMapOutput
	ToLogAnalyticsWorkspaceOnboardingMapOutputWithContext(context.Context) LogAnalyticsWorkspaceOnboardingMapOutput
}

LogAnalyticsWorkspaceOnboardingMapInput is an input type that accepts LogAnalyticsWorkspaceOnboardingMap and LogAnalyticsWorkspaceOnboardingMapOutput values. You can construct a concrete instance of `LogAnalyticsWorkspaceOnboardingMapInput` via: 

LogAnalyticsWorkspaceOnboardingMap{ "key": LogAnalyticsWorkspaceOnboardingArgs{...} }

type LogAnalyticsWorkspaceOnboardingMapOutput added in v5.32.0 

type LogAnalyticsWorkspaceOnboardingMapOutput struct{ *pulumi.OutputState }

func (LogAnalyticsWorkspaceOnboardingMapOutput) ElementType added in v5.32.0 

func (LogAnalyticsWorkspaceOnboardingMapOutput) ElementType() reflect.Type

func (LogAnalyticsWorkspaceOnboardingMapOutput) MapIndex added in v5.32.0 

func (o LogAnalyticsWorkspaceOnboardingMapOutput) MapIndex(k pulumi.StringInput) LogAnalyticsWorkspaceOnboardingOutput

func (LogAnalyticsWorkspaceOnboardingMapOutput) ToLogAnalyticsWorkspaceOnboardingMapOutput added in v5.32.0 

func (o LogAnalyticsWorkspaceOnboardingMapOutput) ToLogAnalyticsWorkspaceOnboardingMapOutput() LogAnalyticsWorkspaceOnboardingMapOutput

func (LogAnalyticsWorkspaceOnboardingMapOutput) ToLogAnalyticsWorkspaceOnboardingMapOutputWithContext added in v5.32.0 

func (o LogAnalyticsWorkspaceOnboardingMapOutput) ToLogAnalyticsWorkspaceOnboardingMapOutputWithContext(ctx context.Context) LogAnalyticsWorkspaceOnboardingMapOutput

type LogAnalyticsWorkspaceOnboardingOutput added in v5.32.0 

type LogAnalyticsWorkspaceOnboardingOutput struct{ *pulumi.OutputState }

func (LogAnalyticsWorkspaceOnboardingOutput) CustomerManagedKeyEnabled added in v5.32.0 

func (o LogAnalyticsWorkspaceOnboardingOutput) CustomerManagedKeyEnabled() pulumi.BoolPtrOutput

Specifies if the Workspace is using Customer managed key. Defaults to `false`. Changing this forces a new resource to be created.

> **Note:** To set up Microsoft Sentinel customer-managed key it needs to enable CMK on the workspace and add access policy to your Azure Key Vault. Details could be found on [this document](https://learn.microsoft.com/en-us/azure/sentinel/customer-managed-keys)

> **Note:** Once a workspace is onboarded to Microsoft Sentinel with `customerManagedKeyEnabled` set to true, it will not be able to be onboarded again with `customerManagedKeyEnabled` set to false.

func (LogAnalyticsWorkspaceOnboardingOutput) ElementType added in v5.32.0 

func (LogAnalyticsWorkspaceOnboardingOutput) ElementType() reflect.Type

func (LogAnalyticsWorkspaceOnboardingOutput) ResourceGroupName deprecated added in v5.32.0 

func (o LogAnalyticsWorkspaceOnboardingOutput) ResourceGroupName() pulumi.StringOutput

Deprecated: this property has been deprecated in favour of `workspaceId`

func (LogAnalyticsWorkspaceOnboardingOutput) ToLogAnalyticsWorkspaceOnboardingOutput added in v5.32.0 

func (o LogAnalyticsWorkspaceOnboardingOutput) ToLogAnalyticsWorkspaceOnboardingOutput() LogAnalyticsWorkspaceOnboardingOutput

func (LogAnalyticsWorkspaceOnboardingOutput) ToLogAnalyticsWorkspaceOnboardingOutputWithContext added in v5.32.0 

func (o LogAnalyticsWorkspaceOnboardingOutput) ToLogAnalyticsWorkspaceOnboardingOutputWithContext(ctx context.Context) LogAnalyticsWorkspaceOnboardingOutput

func (LogAnalyticsWorkspaceOnboardingOutput) WorkspaceId added in v5.39.0 

func (o LogAnalyticsWorkspaceOnboardingOutput) WorkspaceId() pulumi.StringOutput

Specifies the Workspace Id. Changing this forces the Log Analytics Workspace off the board and onboard again. Changing this forces a new resource to be created.

func (LogAnalyticsWorkspaceOnboardingOutput) WorkspaceName deprecated added in v5.32.0 

func (o LogAnalyticsWorkspaceOnboardingOutput) WorkspaceName() pulumi.StringOutput

Deprecated: this property will be removed in favour of `workspaceId` in version 4.0 of the AzureRM Provider

type LogAnalyticsWorkspaceOnboardingState added in v5.32.0 

type LogAnalyticsWorkspaceOnboardingState struct {
	// Specifies if the Workspace is using Customer managed key. Defaults to `false`. Changing this forces a new resource to be created.
	//
	// > **Note:** To set up Microsoft Sentinel customer-managed key it needs to enable CMK on the workspace and add access policy to your Azure Key Vault. Details could be found on [this document](https://learn.microsoft.com/en-us/azure/sentinel/customer-managed-keys)
	//
	// > **Note:** Once a workspace is onboarded to Microsoft Sentinel with `customerManagedKeyEnabled` set to true, it will not be able to be onboarded again with `customerManagedKeyEnabled` set to false.
	CustomerManagedKeyEnabled pulumi.BoolPtrInput
	// Deprecated: this property has been deprecated in favour of `workspaceId`
	ResourceGroupName pulumi.StringPtrInput
	// Specifies the Workspace Id. Changing this forces the Log Analytics Workspace off the board and onboard again. Changing this forces a new resource to be created.
	WorkspaceId pulumi.StringPtrInput
	// Deprecated: this property will be removed in favour of `workspaceId` in version 4.0 of the AzureRM Provider
	WorkspaceName pulumi.StringPtrInput
}

func (LogAnalyticsWorkspaceOnboardingState) ElementType added in v5.32.0 

func (LogAnalyticsWorkspaceOnboardingState) ElementType() reflect.Type

type Metadata added in v5.37.0 

type Metadata struct {
	pulumi.CustomResourceState

	// An `author` blocks as defined below.
	Author MetadataAuthorPtrOutput `pulumi:"author"`
	// A `category` block as defined below.
	Category MetadataCategoryPtrOutput `pulumi:"category"`
	// The ID of the content. Used to identify dependencies and content from solutions or community.
	ContentId pulumi.StringOutput `pulumi:"contentId"`
	// Schema version of the content. Can be used to distinguish between flow based on the schema version.
	ContentSchemaVersion pulumi.StringPtrOutput `pulumi:"contentSchemaVersion"`
	// The Custom version of the content.
	CustomVersion pulumi.StringPtrOutput `pulumi:"customVersion"`
	// A JSON formatted `dependency` block as defined below. Dependency for the content item, what other content items it requires to work.
	Dependency pulumi.StringPtrOutput `pulumi:"dependency"`
	// The first publish date of solution content item.
	FirstPublishDate pulumi.StringPtrOutput `pulumi:"firstPublishDate"`
	// The ID of the icon, this id can be fetched from the solution template.
	IconId pulumi.StringPtrOutput `pulumi:"iconId"`
	// The kind of content the metadata is for. Possible values are `AnalyticsRule`, `AnalyticsRuleTemplate`, `AutomationRule`, `AzureFunction`, `DataConnector`, `DataType`, `HuntingQuery`, `InvestigationQuery`, `LogicAppsCustomConnector`, `Parser`, `Playbook`, `PlaybookTemplate`, `Solution`, `Watchlist`, `WatchlistTemplate`, `Workbook` and `WorkbookTemplate`.
	Kind pulumi.StringOutput `pulumi:"kind"`
	// The last publish date of solution content item.
	LastPublishDate pulumi.StringPtrOutput `pulumi:"lastPublishDate"`
	// The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the parent resource ID of the content item, which the metadata belongs to.
	ParentId pulumi.StringOutput `pulumi:"parentId"`
	// Specifies a list of preview image file names. These will be taken from solution artifacts.
	PreviewImages pulumi.StringArrayOutput `pulumi:"previewImages"`
	// Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
	PreviewImagesDarks pulumi.StringArrayOutput `pulumi:"previewImagesDarks"`
	// Specifies a list of providers for the solution content item.
	Providers pulumi.StringArrayOutput `pulumi:"providers"`
	// A `source` block as defined below.
	Source MetadataSourceOutput `pulumi:"source"`
	// A `support` block as defined below.
	Support MetadataSupportPtrOutput `pulumi:"support"`
	// Specifies a list of tactics the resource covers. Possible values are `Reconnaissance`, `ResourceDevelopment`, `InitialAccess`, `Execution`, `Persistence`, `PrivilegeEscalation`, `DefenseEvasion`, `CredentialAccess`, `Discovery`, `LateralMovement`, `Collection`, `CommandAndControl`, `Exfiltration`, `Impact`, `ImpairProcessControl` and `InhibitResponseFunction`.
	ThreatAnalysisTactics pulumi.StringArrayOutput `pulumi:"threatAnalysisTactics"`
	// Specifies a list of techniques the resource covers.
	ThreatAnalysisTechniques pulumi.StringArrayOutput `pulumi:"threatAnalysisTechniques"`
	// Version of the content.
	Version pulumi.StringPtrOutput `pulumi:"version"`
	// The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
	WorkspaceId pulumi.StringOutput `pulumi:"workspaceId"`
}

Manages a Sentinel Metadata.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("pergb2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "example", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            example.Location,
			ResourceGroupName:   example.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		exampleAlertRuleNrt, err := sentinel.NewAlertRuleNrt(ctx, "example", &sentinel.AlertRuleNrtArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			DisplayName:             pulumi.String("example"),
			Severity:                pulumi.String("High"),
			Query:                   pulumi.String("AzureActivity |\n  where OperationName == \"Create or Update Virtual Machine\" or OperationName ==\"Create Deployment\" |\n  where ActivityStatus == \"Succeeded\" |\n  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller\n"),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewMetadata(ctx, "example", &sentinel.MetadataArgs{
			Name:        pulumi.String("exampl"),
			WorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			ContentId:   exampleAlertRuleNrt.Name,
			Kind:        pulumi.String("AnalyticsRule"),
			ParentId:    exampleAlertRuleNrt.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Metadata can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/metadata:Metadata example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/metadata/metadata1 ```

func GetMetadata added in v5.37.0 

func GetMetadata(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MetadataState, opts ...pulumi.ResourceOption) (*Metadata, error)

GetMetadata gets an existing Metadata resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMetadata added in v5.37.0 

func NewMetadata(ctx *pulumi.Context,
	name string, args *MetadataArgs, opts ...pulumi.ResourceOption) (*Metadata, error)

NewMetadata registers a new resource with the given unique name, arguments, and options.

func (*Metadata) ElementType added in v5.37.0 

func (*Metadata) ElementType() reflect.Type

func (*Metadata) ToMetadataOutput added in v5.37.0 

func (i *Metadata) ToMetadataOutput() MetadataOutput

func (*Metadata) ToMetadataOutputWithContext added in v5.37.0 

func (i *Metadata) ToMetadataOutputWithContext(ctx context.Context) MetadataOutput

type MetadataArgs added in v5.37.0 

type MetadataArgs struct {
	// An `author` blocks as defined below.
	Author MetadataAuthorPtrInput
	// A `category` block as defined below.
	Category MetadataCategoryPtrInput
	// The ID of the content. Used to identify dependencies and content from solutions or community.
	ContentId pulumi.StringInput
	// Schema version of the content. Can be used to distinguish between flow based on the schema version.
	ContentSchemaVersion pulumi.StringPtrInput
	// The Custom version of the content.
	CustomVersion pulumi.StringPtrInput
	// A JSON formatted `dependency` block as defined below. Dependency for the content item, what other content items it requires to work.
	Dependency pulumi.StringPtrInput
	// The first publish date of solution content item.
	FirstPublishDate pulumi.StringPtrInput
	// The ID of the icon, this id can be fetched from the solution template.
	IconId pulumi.StringPtrInput
	// The kind of content the metadata is for. Possible values are `AnalyticsRule`, `AnalyticsRuleTemplate`, `AutomationRule`, `AzureFunction`, `DataConnector`, `DataType`, `HuntingQuery`, `InvestigationQuery`, `LogicAppsCustomConnector`, `Parser`, `Playbook`, `PlaybookTemplate`, `Solution`, `Watchlist`, `WatchlistTemplate`, `Workbook` and `WorkbookTemplate`.
	Kind pulumi.StringInput
	// The last publish date of solution content item.
	LastPublishDate pulumi.StringPtrInput
	// The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
	Name pulumi.StringPtrInput
	// The ID of the parent resource ID of the content item, which the metadata belongs to.
	ParentId pulumi.StringInput
	// Specifies a list of preview image file names. These will be taken from solution artifacts.
	PreviewImages pulumi.StringArrayInput
	// Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
	PreviewImagesDarks pulumi.StringArrayInput
	// Specifies a list of providers for the solution content item.
	Providers pulumi.StringArrayInput
	// A `source` block as defined below.
	Source MetadataSourcePtrInput
	// A `support` block as defined below.
	Support MetadataSupportPtrInput
	// Specifies a list of tactics the resource covers. Possible values are `Reconnaissance`, `ResourceDevelopment`, `InitialAccess`, `Execution`, `Persistence`, `PrivilegeEscalation`, `DefenseEvasion`, `CredentialAccess`, `Discovery`, `LateralMovement`, `Collection`, `CommandAndControl`, `Exfiltration`, `Impact`, `ImpairProcessControl` and `InhibitResponseFunction`.
	ThreatAnalysisTactics pulumi.StringArrayInput
	// Specifies a list of techniques the resource covers.
	ThreatAnalysisTechniques pulumi.StringArrayInput
	// Version of the content.
	Version pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
	WorkspaceId pulumi.StringInput
}

The set of arguments for constructing a Metadata resource.

func (MetadataArgs) ElementType added in v5.37.0 

func (MetadataArgs) ElementType() reflect.Type

type MetadataArray added in v5.37.0 

type MetadataArray []MetadataInput

func (MetadataArray) ElementType added in v5.37.0 

func (MetadataArray) ElementType() reflect.Type

func (MetadataArray) ToMetadataArrayOutput added in v5.37.0 

func (i MetadataArray) ToMetadataArrayOutput() MetadataArrayOutput

func (MetadataArray) ToMetadataArrayOutputWithContext added in v5.37.0 

func (i MetadataArray) ToMetadataArrayOutputWithContext(ctx context.Context) MetadataArrayOutput

type MetadataArrayInput added in v5.37.0 

type MetadataArrayInput interface {
	pulumi.Input

	ToMetadataArrayOutput() MetadataArrayOutput
	ToMetadataArrayOutputWithContext(context.Context) MetadataArrayOutput
}

MetadataArrayInput is an input type that accepts MetadataArray and MetadataArrayOutput values. You can construct a concrete instance of `MetadataArrayInput` via: 

MetadataArray{ MetadataArgs{...} }

type MetadataArrayOutput added in v5.37.0 

type MetadataArrayOutput struct{ *pulumi.OutputState }

func (MetadataArrayOutput) ElementType added in v5.37.0 

func (MetadataArrayOutput) ElementType() reflect.Type

func (MetadataArrayOutput) Index added in v5.37.0 

func (o MetadataArrayOutput) Index(i pulumi.IntInput) MetadataOutput

func (MetadataArrayOutput) ToMetadataArrayOutput added in v5.37.0 

func (o MetadataArrayOutput) ToMetadataArrayOutput() MetadataArrayOutput

func (MetadataArrayOutput) ToMetadataArrayOutputWithContext added in v5.37.0 

func (o MetadataArrayOutput) ToMetadataArrayOutputWithContext(ctx context.Context) MetadataArrayOutput

type MetadataAuthor added in v5.37.0 

type MetadataAuthor struct {
	// The email address of the author contact.
	Email *string `pulumi:"email"`
	// The link for author/vendor page.
	Link *string `pulumi:"link"`
	// The name of the author, company or person.
	Name *string `pulumi:"name"`
}

type MetadataAuthorArgs added in v5.37.0 

type MetadataAuthorArgs struct {
	// The email address of the author contact.
	Email pulumi.StringPtrInput `pulumi:"email"`
	// The link for author/vendor page.
	Link pulumi.StringPtrInput `pulumi:"link"`
	// The name of the author, company or person.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

func (MetadataAuthorArgs) ElementType added in v5.37.0 

func (MetadataAuthorArgs) ElementType() reflect.Type

func (MetadataAuthorArgs) ToMetadataAuthorOutput added in v5.37.0 

func (i MetadataAuthorArgs) ToMetadataAuthorOutput() MetadataAuthorOutput

func (MetadataAuthorArgs) ToMetadataAuthorOutputWithContext added in v5.37.0 

func (i MetadataAuthorArgs) ToMetadataAuthorOutputWithContext(ctx context.Context) MetadataAuthorOutput

func (MetadataAuthorArgs) ToMetadataAuthorPtrOutput added in v5.37.0 

func (i MetadataAuthorArgs) ToMetadataAuthorPtrOutput() MetadataAuthorPtrOutput

func (MetadataAuthorArgs) ToMetadataAuthorPtrOutputWithContext added in v5.37.0 

func (i MetadataAuthorArgs) ToMetadataAuthorPtrOutputWithContext(ctx context.Context) MetadataAuthorPtrOutput

type MetadataAuthorInput added in v5.37.0 

type MetadataAuthorInput interface {
	pulumi.Input

	ToMetadataAuthorOutput() MetadataAuthorOutput
	ToMetadataAuthorOutputWithContext(context.Context) MetadataAuthorOutput
}

MetadataAuthorInput is an input type that accepts MetadataAuthorArgs and MetadataAuthorOutput values. You can construct a concrete instance of `MetadataAuthorInput` via: 

MetadataAuthorArgs{...}

type MetadataAuthorOutput added in v5.37.0 

type MetadataAuthorOutput struct{ *pulumi.OutputState }

func (MetadataAuthorOutput) ElementType added in v5.37.0 

func (MetadataAuthorOutput) ElementType() reflect.Type

func (MetadataAuthorOutput) Email added in v5.37.0 

func (o MetadataAuthorOutput) Email() pulumi.StringPtrOutput

The email address of the author contact. 

func (o MetadataAuthorOutput) Link() pulumi.StringPtrOutput

The link for author/vendor page.

func (MetadataAuthorOutput) Name added in v5.37.0 

func (o MetadataAuthorOutput) Name() pulumi.StringPtrOutput

The name of the author, company or person.

func (MetadataAuthorOutput) ToMetadataAuthorOutput added in v5.37.0 

func (o MetadataAuthorOutput) ToMetadataAuthorOutput() MetadataAuthorOutput

func (MetadataAuthorOutput) ToMetadataAuthorOutputWithContext added in v5.37.0 

func (o MetadataAuthorOutput) ToMetadataAuthorOutputWithContext(ctx context.Context) MetadataAuthorOutput

func (MetadataAuthorOutput) ToMetadataAuthorPtrOutput added in v5.37.0 

func (o MetadataAuthorOutput) ToMetadataAuthorPtrOutput() MetadataAuthorPtrOutput

func (MetadataAuthorOutput) ToMetadataAuthorPtrOutputWithContext added in v5.37.0 

func (o MetadataAuthorOutput) ToMetadataAuthorPtrOutputWithContext(ctx context.Context) MetadataAuthorPtrOutput

type MetadataAuthorPtrInput added in v5.37.0 

type MetadataAuthorPtrInput interface {
	pulumi.Input

	ToMetadataAuthorPtrOutput() MetadataAuthorPtrOutput
	ToMetadataAuthorPtrOutputWithContext(context.Context) MetadataAuthorPtrOutput
}

MetadataAuthorPtrInput is an input type that accepts MetadataAuthorArgs, MetadataAuthorPtr and MetadataAuthorPtrOutput values. You can construct a concrete instance of `MetadataAuthorPtrInput` via: 

        MetadataAuthorArgs{...}

or:

        nil

func MetadataAuthorPtr added in v5.37.0 

func MetadataAuthorPtr(v *MetadataAuthorArgs) MetadataAuthorPtrInput

type MetadataAuthorPtrOutput added in v5.37.0 

type MetadataAuthorPtrOutput struct{ *pulumi.OutputState }

func (MetadataAuthorPtrOutput) Elem added in v5.37.0 

func (o MetadataAuthorPtrOutput) Elem() MetadataAuthorOutput

func (MetadataAuthorPtrOutput) ElementType added in v5.37.0 

func (MetadataAuthorPtrOutput) ElementType() reflect.Type

func (MetadataAuthorPtrOutput) Email added in v5.37.0 

func (o MetadataAuthorPtrOutput) Email() pulumi.StringPtrOutput

The email address of the author contact. 

func (o MetadataAuthorPtrOutput) Link() pulumi.StringPtrOutput

The link for author/vendor page.

func (MetadataAuthorPtrOutput) Name added in v5.37.0 

func (o MetadataAuthorPtrOutput) Name() pulumi.StringPtrOutput

The name of the author, company or person.

func (MetadataAuthorPtrOutput) ToMetadataAuthorPtrOutput added in v5.37.0 

func (o MetadataAuthorPtrOutput) ToMetadataAuthorPtrOutput() MetadataAuthorPtrOutput

func (MetadataAuthorPtrOutput) ToMetadataAuthorPtrOutputWithContext added in v5.37.0 

func (o MetadataAuthorPtrOutput) ToMetadataAuthorPtrOutputWithContext(ctx context.Context) MetadataAuthorPtrOutput

type MetadataCategory added in v5.37.0 

type MetadataCategory struct {
	// Specifies a list of domains for the solution content item.
	Domains []string `pulumi:"domains"`
	// Specifies a list of industry verticals for the solution content item.
	Verticals []string `pulumi:"verticals"`
}

type MetadataCategoryArgs added in v5.37.0 

type MetadataCategoryArgs struct {
	// Specifies a list of domains for the solution content item.
	Domains pulumi.StringArrayInput `pulumi:"domains"`
	// Specifies a list of industry verticals for the solution content item.
	Verticals pulumi.StringArrayInput `pulumi:"verticals"`
}

func (MetadataCategoryArgs) ElementType added in v5.37.0 

func (MetadataCategoryArgs) ElementType() reflect.Type

func (MetadataCategoryArgs) ToMetadataCategoryOutput added in v5.37.0 

func (i MetadataCategoryArgs) ToMetadataCategoryOutput() MetadataCategoryOutput

func (MetadataCategoryArgs) ToMetadataCategoryOutputWithContext added in v5.37.0 

func (i MetadataCategoryArgs) ToMetadataCategoryOutputWithContext(ctx context.Context) MetadataCategoryOutput

func (MetadataCategoryArgs) ToMetadataCategoryPtrOutput added in v5.37.0 

func (i MetadataCategoryArgs) ToMetadataCategoryPtrOutput() MetadataCategoryPtrOutput

func (MetadataCategoryArgs) ToMetadataCategoryPtrOutputWithContext added in v5.37.0 

func (i MetadataCategoryArgs) ToMetadataCategoryPtrOutputWithContext(ctx context.Context) MetadataCategoryPtrOutput

type MetadataCategoryInput added in v5.37.0 

type MetadataCategoryInput interface {
	pulumi.Input

	ToMetadataCategoryOutput() MetadataCategoryOutput
	ToMetadataCategoryOutputWithContext(context.Context) MetadataCategoryOutput
}

MetadataCategoryInput is an input type that accepts MetadataCategoryArgs and MetadataCategoryOutput values. You can construct a concrete instance of `MetadataCategoryInput` via: 

MetadataCategoryArgs{...}

type MetadataCategoryOutput added in v5.37.0 

type MetadataCategoryOutput struct{ *pulumi.OutputState }

func (MetadataCategoryOutput) Domains added in v5.37.0 

func (o MetadataCategoryOutput) Domains() pulumi.StringArrayOutput

Specifies a list of domains for the solution content item.

func (MetadataCategoryOutput) ElementType added in v5.37.0 

func (MetadataCategoryOutput) ElementType() reflect.Type

func (MetadataCategoryOutput) ToMetadataCategoryOutput added in v5.37.0 

func (o MetadataCategoryOutput) ToMetadataCategoryOutput() MetadataCategoryOutput

func (MetadataCategoryOutput) ToMetadataCategoryOutputWithContext added in v5.37.0 

func (o MetadataCategoryOutput) ToMetadataCategoryOutputWithContext(ctx context.Context) MetadataCategoryOutput

func (MetadataCategoryOutput) ToMetadataCategoryPtrOutput added in v5.37.0 

func (o MetadataCategoryOutput) ToMetadataCategoryPtrOutput() MetadataCategoryPtrOutput

func (MetadataCategoryOutput) ToMetadataCategoryPtrOutputWithContext added in v5.37.0 

func (o MetadataCategoryOutput) ToMetadataCategoryPtrOutputWithContext(ctx context.Context) MetadataCategoryPtrOutput

func (MetadataCategoryOutput) Verticals added in v5.37.0 

func (o MetadataCategoryOutput) Verticals() pulumi.StringArrayOutput

Specifies a list of industry verticals for the solution content item.

type MetadataCategoryPtrInput added in v5.37.0 

type MetadataCategoryPtrInput interface {
	pulumi.Input

	ToMetadataCategoryPtrOutput() MetadataCategoryPtrOutput
	ToMetadataCategoryPtrOutputWithContext(context.Context) MetadataCategoryPtrOutput
}

MetadataCategoryPtrInput is an input type that accepts MetadataCategoryArgs, MetadataCategoryPtr and MetadataCategoryPtrOutput values. You can construct a concrete instance of `MetadataCategoryPtrInput` via: 

        MetadataCategoryArgs{...}

or:

        nil

func MetadataCategoryPtr added in v5.37.0 

func MetadataCategoryPtr(v *MetadataCategoryArgs) MetadataCategoryPtrInput

type MetadataCategoryPtrOutput added in v5.37.0 

type MetadataCategoryPtrOutput struct{ *pulumi.OutputState }

func (MetadataCategoryPtrOutput) Domains added in v5.37.0 

func (o MetadataCategoryPtrOutput) Domains() pulumi.StringArrayOutput

Specifies a list of domains for the solution content item.

func (MetadataCategoryPtrOutput) Elem added in v5.37.0 

func (o MetadataCategoryPtrOutput) Elem() MetadataCategoryOutput

func (MetadataCategoryPtrOutput) ElementType added in v5.37.0 

func (MetadataCategoryPtrOutput) ElementType() reflect.Type

func (MetadataCategoryPtrOutput) ToMetadataCategoryPtrOutput added in v5.37.0 

func (o MetadataCategoryPtrOutput) ToMetadataCategoryPtrOutput() MetadataCategoryPtrOutput

func (MetadataCategoryPtrOutput) ToMetadataCategoryPtrOutputWithContext added in v5.37.0 

func (o MetadataCategoryPtrOutput) ToMetadataCategoryPtrOutputWithContext(ctx context.Context) MetadataCategoryPtrOutput

func (MetadataCategoryPtrOutput) Verticals added in v5.37.0 

func (o MetadataCategoryPtrOutput) Verticals() pulumi.StringArrayOutput

Specifies a list of industry verticals for the solution content item.

type MetadataInput added in v5.37.0 

type MetadataInput interface {
	pulumi.Input

	ToMetadataOutput() MetadataOutput
	ToMetadataOutputWithContext(ctx context.Context) MetadataOutput
}

type MetadataMap added in v5.37.0 

type MetadataMap map[string]MetadataInput

func (MetadataMap) ElementType added in v5.37.0 

func (MetadataMap) ElementType() reflect.Type

func (MetadataMap) ToMetadataMapOutput added in v5.37.0 

func (i MetadataMap) ToMetadataMapOutput() MetadataMapOutput

func (MetadataMap) ToMetadataMapOutputWithContext added in v5.37.0 

func (i MetadataMap) ToMetadataMapOutputWithContext(ctx context.Context) MetadataMapOutput

type MetadataMapInput added in v5.37.0 

type MetadataMapInput interface {
	pulumi.Input

	ToMetadataMapOutput() MetadataMapOutput
	ToMetadataMapOutputWithContext(context.Context) MetadataMapOutput
}

MetadataMapInput is an input type that accepts MetadataMap and MetadataMapOutput values. You can construct a concrete instance of `MetadataMapInput` via: 

MetadataMap{ "key": MetadataArgs{...} }

type MetadataMapOutput added in v5.37.0 

type MetadataMapOutput struct{ *pulumi.OutputState }

func (MetadataMapOutput) ElementType added in v5.37.0 

func (MetadataMapOutput) ElementType() reflect.Type

func (MetadataMapOutput) MapIndex added in v5.37.0 

func (o MetadataMapOutput) MapIndex(k pulumi.StringInput) MetadataOutput

func (MetadataMapOutput) ToMetadataMapOutput added in v5.37.0 

func (o MetadataMapOutput) ToMetadataMapOutput() MetadataMapOutput

func (MetadataMapOutput) ToMetadataMapOutputWithContext added in v5.37.0 

func (o MetadataMapOutput) ToMetadataMapOutputWithContext(ctx context.Context) MetadataMapOutput

type MetadataOutput added in v5.37.0 

type MetadataOutput struct{ *pulumi.OutputState }

func (MetadataOutput) Author added in v5.37.0 

func (o MetadataOutput) Author() MetadataAuthorPtrOutput

An `author` blocks as defined below.

func (MetadataOutput) Category added in v5.37.0 

func (o MetadataOutput) Category() MetadataCategoryPtrOutput

A `category` block as defined below.

func (MetadataOutput) ContentId added in v5.37.0 

func (o MetadataOutput) ContentId() pulumi.StringOutput

The ID of the content. Used to identify dependencies and content from solutions or community.

func (MetadataOutput) ContentSchemaVersion added in v5.37.0 

func (o MetadataOutput) ContentSchemaVersion() pulumi.StringPtrOutput

Schema version of the content. Can be used to distinguish between flow based on the schema version.

func (MetadataOutput) CustomVersion added in v5.37.0 

func (o MetadataOutput) CustomVersion() pulumi.StringPtrOutput

The Custom version of the content.

func (MetadataOutput) Dependency added in v5.37.0 

func (o MetadataOutput) Dependency() pulumi.StringPtrOutput

A JSON formatted `dependency` block as defined below. Dependency for the content item, what other content items it requires to work.

func (MetadataOutput) ElementType added in v5.37.0 

func (MetadataOutput) ElementType() reflect.Type

func (MetadataOutput) FirstPublishDate added in v5.37.0 

func (o MetadataOutput) FirstPublishDate() pulumi.StringPtrOutput

The first publish date of solution content item.

func (MetadataOutput) IconId added in v5.37.0 

func (o MetadataOutput) IconId() pulumi.StringPtrOutput

The ID of the icon, this id can be fetched from the solution template.

func (MetadataOutput) Kind added in v5.37.0 

func (o MetadataOutput) Kind() pulumi.StringOutput

The kind of content the metadata is for. Possible values are `AnalyticsRule`, `AnalyticsRuleTemplate`, `AutomationRule`, `AzureFunction`, `DataConnector`, `DataType`, `HuntingQuery`, `InvestigationQuery`, `LogicAppsCustomConnector`, `Parser`, `Playbook`, `PlaybookTemplate`, `Solution`, `Watchlist`, `WatchlistTemplate`, `Workbook` and `WorkbookTemplate`.

func (MetadataOutput) LastPublishDate added in v5.37.0 

func (o MetadataOutput) LastPublishDate() pulumi.StringPtrOutput

The last publish date of solution content item.

func (MetadataOutput) Name added in v5.37.0 

func (o MetadataOutput) Name() pulumi.StringOutput

The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.

func (MetadataOutput) ParentId added in v5.37.0 

func (o MetadataOutput) ParentId() pulumi.StringOutput

The ID of the parent resource ID of the content item, which the metadata belongs to.

func (MetadataOutput) PreviewImages added in v5.37.0 

func (o MetadataOutput) PreviewImages() pulumi.StringArrayOutput

Specifies a list of preview image file names. These will be taken from solution artifacts.

func (MetadataOutput) PreviewImagesDarks added in v5.37.0 

func (o MetadataOutput) PreviewImagesDarks() pulumi.StringArrayOutput

Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.

func (MetadataOutput) Providers added in v5.37.0 

func (o MetadataOutput) Providers() pulumi.StringArrayOutput

Specifies a list of providers for the solution content item.

func (MetadataOutput) Source added in v5.37.0 

func (o MetadataOutput) Source() MetadataSourceOutput

A `source` block as defined below.

func (MetadataOutput) Support added in v5.37.0 

func (o MetadataOutput) Support() MetadataSupportPtrOutput

A `support` block as defined below.

func (MetadataOutput) ThreatAnalysisTactics added in v5.37.0 

func (o MetadataOutput) ThreatAnalysisTactics() pulumi.StringArrayOutput

Specifies a list of tactics the resource covers. Possible values are `Reconnaissance`, `ResourceDevelopment`, `InitialAccess`, `Execution`, `Persistence`, `PrivilegeEscalation`, `DefenseEvasion`, `CredentialAccess`, `Discovery`, `LateralMovement`, `Collection`, `CommandAndControl`, `Exfiltration`, `Impact`, `ImpairProcessControl` and `InhibitResponseFunction`.

func (MetadataOutput) ThreatAnalysisTechniques added in v5.37.0 

func (o MetadataOutput) ThreatAnalysisTechniques() pulumi.StringArrayOutput

Specifies a list of techniques the resource covers.

func (MetadataOutput) ToMetadataOutput added in v5.37.0 

func (o MetadataOutput) ToMetadataOutput() MetadataOutput

func (MetadataOutput) ToMetadataOutputWithContext added in v5.37.0 

func (o MetadataOutput) ToMetadataOutputWithContext(ctx context.Context) MetadataOutput

func (MetadataOutput) Version added in v5.37.0 

func (o MetadataOutput) Version() pulumi.StringPtrOutput

Version of the content.

func (MetadataOutput) WorkspaceId added in v5.37.0 

func (o MetadataOutput) WorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.

type MetadataSource added in v5.37.0 

type MetadataSource struct {
	// The id of the content source, the solution ID, Log Analytics Workspace name etc.
	Id *string `pulumi:"id"`
	// The kind of the content source. Possible values are `Community`, `LocalWorkspace`, `Solution` and `SourceRepository`.
	Kind string `pulumi:"kind"`
	// The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
	Name *string `pulumi:"name"`
}

type MetadataSourceArgs added in v5.37.0 

type MetadataSourceArgs struct {
	// The id of the content source, the solution ID, Log Analytics Workspace name etc.
	Id pulumi.StringPtrInput `pulumi:"id"`
	// The kind of the content source. Possible values are `Community`, `LocalWorkspace`, `Solution` and `SourceRepository`.
	Kind pulumi.StringInput `pulumi:"kind"`
	// The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

func (MetadataSourceArgs) ElementType added in v5.37.0 

func (MetadataSourceArgs) ElementType() reflect.Type

func (MetadataSourceArgs) ToMetadataSourceOutput added in v5.37.0 

func (i MetadataSourceArgs) ToMetadataSourceOutput() MetadataSourceOutput

func (MetadataSourceArgs) ToMetadataSourceOutputWithContext added in v5.37.0 

func (i MetadataSourceArgs) ToMetadataSourceOutputWithContext(ctx context.Context) MetadataSourceOutput

func (MetadataSourceArgs) ToMetadataSourcePtrOutput added in v5.37.0 

func (i MetadataSourceArgs) ToMetadataSourcePtrOutput() MetadataSourcePtrOutput

func (MetadataSourceArgs) ToMetadataSourcePtrOutputWithContext added in v5.37.0 

func (i MetadataSourceArgs) ToMetadataSourcePtrOutputWithContext(ctx context.Context) MetadataSourcePtrOutput

type MetadataSourceInput added in v5.37.0 

type MetadataSourceInput interface {
	pulumi.Input

	ToMetadataSourceOutput() MetadataSourceOutput
	ToMetadataSourceOutputWithContext(context.Context) MetadataSourceOutput
}

MetadataSourceInput is an input type that accepts MetadataSourceArgs and MetadataSourceOutput values. You can construct a concrete instance of `MetadataSourceInput` via: 

MetadataSourceArgs{...}

type MetadataSourceOutput added in v5.37.0 

type MetadataSourceOutput struct{ *pulumi.OutputState }

func (MetadataSourceOutput) ElementType added in v5.37.0 

func (MetadataSourceOutput) ElementType() reflect.Type

func (MetadataSourceOutput) Id added in v5.37.0 

func (o MetadataSourceOutput) Id() pulumi.StringPtrOutput

The id of the content source, the solution ID, Log Analytics Workspace name etc.

func (MetadataSourceOutput) Kind added in v5.37.0 

func (o MetadataSourceOutput) Kind() pulumi.StringOutput

The kind of the content source. Possible values are `Community`, `LocalWorkspace`, `Solution` and `SourceRepository`.

func (MetadataSourceOutput) Name added in v5.37.0 

func (o MetadataSourceOutput) Name() pulumi.StringPtrOutput

The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.

func (MetadataSourceOutput) ToMetadataSourceOutput added in v5.37.0 

func (o MetadataSourceOutput) ToMetadataSourceOutput() MetadataSourceOutput

func (MetadataSourceOutput) ToMetadataSourceOutputWithContext added in v5.37.0 

func (o MetadataSourceOutput) ToMetadataSourceOutputWithContext(ctx context.Context) MetadataSourceOutput

func (MetadataSourceOutput) ToMetadataSourcePtrOutput added in v5.37.0 

func (o MetadataSourceOutput) ToMetadataSourcePtrOutput() MetadataSourcePtrOutput

func (MetadataSourceOutput) ToMetadataSourcePtrOutputWithContext added in v5.37.0 

func (o MetadataSourceOutput) ToMetadataSourcePtrOutputWithContext(ctx context.Context) MetadataSourcePtrOutput

type MetadataSourcePtrInput added in v5.37.0 

type MetadataSourcePtrInput interface {
	pulumi.Input

	ToMetadataSourcePtrOutput() MetadataSourcePtrOutput
	ToMetadataSourcePtrOutputWithContext(context.Context) MetadataSourcePtrOutput
}

MetadataSourcePtrInput is an input type that accepts MetadataSourceArgs, MetadataSourcePtr and MetadataSourcePtrOutput values. You can construct a concrete instance of `MetadataSourcePtrInput` via: 

        MetadataSourceArgs{...}

or:

        nil

func MetadataSourcePtr added in v5.37.0 

func MetadataSourcePtr(v *MetadataSourceArgs) MetadataSourcePtrInput

type MetadataSourcePtrOutput added in v5.37.0 

type MetadataSourcePtrOutput struct{ *pulumi.OutputState }

func (MetadataSourcePtrOutput) Elem added in v5.37.0 

func (o MetadataSourcePtrOutput) Elem() MetadataSourceOutput

func (MetadataSourcePtrOutput) ElementType added in v5.37.0 

func (MetadataSourcePtrOutput) ElementType() reflect.Type

func (MetadataSourcePtrOutput) Id added in v5.37.0 

func (o MetadataSourcePtrOutput) Id() pulumi.StringPtrOutput

The id of the content source, the solution ID, Log Analytics Workspace name etc.

func (MetadataSourcePtrOutput) Kind added in v5.37.0 

func (o MetadataSourcePtrOutput) Kind() pulumi.StringPtrOutput

The kind of the content source. Possible values are `Community`, `LocalWorkspace`, `Solution` and `SourceRepository`.

func (MetadataSourcePtrOutput) Name added in v5.37.0 

func (o MetadataSourcePtrOutput) Name() pulumi.StringPtrOutput

The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.

func (MetadataSourcePtrOutput) ToMetadataSourcePtrOutput added in v5.37.0 

func (o MetadataSourcePtrOutput) ToMetadataSourcePtrOutput() MetadataSourcePtrOutput

func (MetadataSourcePtrOutput) ToMetadataSourcePtrOutputWithContext added in v5.37.0 

func (o MetadataSourcePtrOutput) ToMetadataSourcePtrOutputWithContext(ctx context.Context) MetadataSourcePtrOutput

type MetadataState added in v5.37.0 

type MetadataState struct {
	// An `author` blocks as defined below.
	Author MetadataAuthorPtrInput
	// A `category` block as defined below.
	Category MetadataCategoryPtrInput
	// The ID of the content. Used to identify dependencies and content from solutions or community.
	ContentId pulumi.StringPtrInput
	// Schema version of the content. Can be used to distinguish between flow based on the schema version.
	ContentSchemaVersion pulumi.StringPtrInput
	// The Custom version of the content.
	CustomVersion pulumi.StringPtrInput
	// A JSON formatted `dependency` block as defined below. Dependency for the content item, what other content items it requires to work.
	Dependency pulumi.StringPtrInput
	// The first publish date of solution content item.
	FirstPublishDate pulumi.StringPtrInput
	// The ID of the icon, this id can be fetched from the solution template.
	IconId pulumi.StringPtrInput
	// The kind of content the metadata is for. Possible values are `AnalyticsRule`, `AnalyticsRuleTemplate`, `AutomationRule`, `AzureFunction`, `DataConnector`, `DataType`, `HuntingQuery`, `InvestigationQuery`, `LogicAppsCustomConnector`, `Parser`, `Playbook`, `PlaybookTemplate`, `Solution`, `Watchlist`, `WatchlistTemplate`, `Workbook` and `WorkbookTemplate`.
	Kind pulumi.StringPtrInput
	// The last publish date of solution content item.
	LastPublishDate pulumi.StringPtrInput
	// The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
	Name pulumi.StringPtrInput
	// The ID of the parent resource ID of the content item, which the metadata belongs to.
	ParentId pulumi.StringPtrInput
	// Specifies a list of preview image file names. These will be taken from solution artifacts.
	PreviewImages pulumi.StringArrayInput
	// Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
	PreviewImagesDarks pulumi.StringArrayInput
	// Specifies a list of providers for the solution content item.
	Providers pulumi.StringArrayInput
	// A `source` block as defined below.
	Source MetadataSourcePtrInput
	// A `support` block as defined below.
	Support MetadataSupportPtrInput
	// Specifies a list of tactics the resource covers. Possible values are `Reconnaissance`, `ResourceDevelopment`, `InitialAccess`, `Execution`, `Persistence`, `PrivilegeEscalation`, `DefenseEvasion`, `CredentialAccess`, `Discovery`, `LateralMovement`, `Collection`, `CommandAndControl`, `Exfiltration`, `Impact`, `ImpairProcessControl` and `InhibitResponseFunction`.
	ThreatAnalysisTactics pulumi.StringArrayInput
	// Specifies a list of techniques the resource covers.
	ThreatAnalysisTechniques pulumi.StringArrayInput
	// Version of the content.
	Version pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
	WorkspaceId pulumi.StringPtrInput
}

func (MetadataState) ElementType added in v5.37.0 

func (MetadataState) ElementType() reflect.Type

type MetadataSupport added in v5.37.0 

type MetadataSupport struct {
	// The email address of the support contact.
	Email *string `pulumi:"email"`
	// The link for support help.
	Link *string `pulumi:"link"`
	// The name of the support contact.
	Name *string `pulumi:"name"`
	// The type of support for content item. Possible values are `Microsoft`, `Partner` and `Community`.
	Tier string `pulumi:"tier"`
}

type MetadataSupportArgs added in v5.37.0 

type MetadataSupportArgs struct {
	// The email address of the support contact.
	Email pulumi.StringPtrInput `pulumi:"email"`
	// The link for support help.
	Link pulumi.StringPtrInput `pulumi:"link"`
	// The name of the support contact.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// The type of support for content item. Possible values are `Microsoft`, `Partner` and `Community`.
	Tier pulumi.StringInput `pulumi:"tier"`
}

func (MetadataSupportArgs) ElementType added in v5.37.0 

func (MetadataSupportArgs) ElementType() reflect.Type

func (MetadataSupportArgs) ToMetadataSupportOutput added in v5.37.0 

func (i MetadataSupportArgs) ToMetadataSupportOutput() MetadataSupportOutput

func (MetadataSupportArgs) ToMetadataSupportOutputWithContext added in v5.37.0 

func (i MetadataSupportArgs) ToMetadataSupportOutputWithContext(ctx context.Context) MetadataSupportOutput

func (MetadataSupportArgs) ToMetadataSupportPtrOutput added in v5.37.0 

func (i MetadataSupportArgs) ToMetadataSupportPtrOutput() MetadataSupportPtrOutput

func (MetadataSupportArgs) ToMetadataSupportPtrOutputWithContext added in v5.37.0 

func (i MetadataSupportArgs) ToMetadataSupportPtrOutputWithContext(ctx context.Context) MetadataSupportPtrOutput

type MetadataSupportInput added in v5.37.0 

type MetadataSupportInput interface {
	pulumi.Input

	ToMetadataSupportOutput() MetadataSupportOutput
	ToMetadataSupportOutputWithContext(context.Context) MetadataSupportOutput
}

MetadataSupportInput is an input type that accepts MetadataSupportArgs and MetadataSupportOutput values. You can construct a concrete instance of `MetadataSupportInput` via: 

MetadataSupportArgs{...}

type MetadataSupportOutput added in v5.37.0 

type MetadataSupportOutput struct{ *pulumi.OutputState }

func (MetadataSupportOutput) ElementType added in v5.37.0 

func (MetadataSupportOutput) ElementType() reflect.Type

func (MetadataSupportOutput) Email added in v5.37.0 

func (o MetadataSupportOutput) Email() pulumi.StringPtrOutput

The email address of the support contact. 

func (o MetadataSupportOutput) Link() pulumi.StringPtrOutput

The link for support help.

func (MetadataSupportOutput) Name added in v5.37.0 

func (o MetadataSupportOutput) Name() pulumi.StringPtrOutput

The name of the support contact.

func (MetadataSupportOutput) Tier added in v5.37.0 

func (o MetadataSupportOutput) Tier() pulumi.StringOutput

The type of support for content item. Possible values are `Microsoft`, `Partner` and `Community`.

func (MetadataSupportOutput) ToMetadataSupportOutput added in v5.37.0 

func (o MetadataSupportOutput) ToMetadataSupportOutput() MetadataSupportOutput

func (MetadataSupportOutput) ToMetadataSupportOutputWithContext added in v5.37.0 

func (o MetadataSupportOutput) ToMetadataSupportOutputWithContext(ctx context.Context) MetadataSupportOutput

func (MetadataSupportOutput) ToMetadataSupportPtrOutput added in v5.37.0 

func (o MetadataSupportOutput) ToMetadataSupportPtrOutput() MetadataSupportPtrOutput

func (MetadataSupportOutput) ToMetadataSupportPtrOutputWithContext added in v5.37.0 

func (o MetadataSupportOutput) ToMetadataSupportPtrOutputWithContext(ctx context.Context) MetadataSupportPtrOutput

type MetadataSupportPtrInput added in v5.37.0 

type MetadataSupportPtrInput interface {
	pulumi.Input

	ToMetadataSupportPtrOutput() MetadataSupportPtrOutput
	ToMetadataSupportPtrOutputWithContext(context.Context) MetadataSupportPtrOutput
}

MetadataSupportPtrInput is an input type that accepts MetadataSupportArgs, MetadataSupportPtr and MetadataSupportPtrOutput values. You can construct a concrete instance of `MetadataSupportPtrInput` via: 

        MetadataSupportArgs{...}

or:

        nil

func MetadataSupportPtr added in v5.37.0 

func MetadataSupportPtr(v *MetadataSupportArgs) MetadataSupportPtrInput

type MetadataSupportPtrOutput added in v5.37.0 

type MetadataSupportPtrOutput struct{ *pulumi.OutputState }

func (MetadataSupportPtrOutput) Elem added in v5.37.0 

func (o MetadataSupportPtrOutput) Elem() MetadataSupportOutput

func (MetadataSupportPtrOutput) ElementType added in v5.37.0 

func (MetadataSupportPtrOutput) ElementType() reflect.Type

func (MetadataSupportPtrOutput) Email added in v5.37.0 

func (o MetadataSupportPtrOutput) Email() pulumi.StringPtrOutput

The email address of the support contact. 

func (o MetadataSupportPtrOutput) Link() pulumi.StringPtrOutput

The link for support help.

func (MetadataSupportPtrOutput) Name added in v5.37.0 

func (o MetadataSupportPtrOutput) Name() pulumi.StringPtrOutput

The name of the support contact.

func (MetadataSupportPtrOutput) Tier added in v5.37.0 

func (o MetadataSupportPtrOutput) Tier() pulumi.StringPtrOutput

The type of support for content item. Possible values are `Microsoft`, `Partner` and `Community`.

func (MetadataSupportPtrOutput) ToMetadataSupportPtrOutput added in v5.37.0 

func (o MetadataSupportPtrOutput) ToMetadataSupportPtrOutput() MetadataSupportPtrOutput

func (MetadataSupportPtrOutput) ToMetadataSupportPtrOutputWithContext added in v5.37.0 

func (o MetadataSupportPtrOutput) ToMetadataSupportPtrOutputWithContext(ctx context.Context) MetadataSupportPtrOutput

type ThreatIntelligenceIndicator added in v5.39.0 

type ThreatIntelligenceIndicator struct {
	pulumi.CustomResourceState

	// Confidence levels of the Threat Intelligence Indicator.
	Confidence pulumi.IntPtrOutput `pulumi:"confidence"`
	// The creator of the Threat Intelligence Indicator.
	CreatedBy pulumi.StringPtrOutput `pulumi:"createdBy"`
	// The date of this Threat Intelligence Indicator created.
	CreatedOn pulumi.StringOutput `pulumi:"createdOn"`
	// Whether the Threat Intelligence entity is defanged?
	Defanged pulumi.BoolOutput `pulumi:"defanged"`
	// The description of the Threat Intelligence Indicator.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The display name of the Threat Intelligence Indicator.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// The extension config of the Threat Intelligence Indicator in JSON format.
	Extension pulumi.StringOutput `pulumi:"extension"`
	// The external ID of the Threat Intelligence Indicator.
	ExternalId pulumi.StringOutput `pulumi:"externalId"`
	// the External last updated time in UTC.
	ExternalLastUpdatedTimeUtc pulumi.StringOutput `pulumi:"externalLastUpdatedTimeUtc"`
	// One or more `externalReference` blocks as defined below.
	ExternalReferences ThreatIntelligenceIndicatorExternalReferenceArrayOutput `pulumi:"externalReferences"`
	// One or more `granularMarking` blocks as defined below.
	GranularMarkings ThreatIntelligenceIndicatorGranularMarkingArrayOutput `pulumi:"granularMarkings"`
	// The guid of this Sentinel Threat Intelligence Indicator.
	Guid pulumi.StringOutput `pulumi:"guid"`
	// A list of indicator types of this Threat Intelligence Indicator.
	IndicatorTypes pulumi.StringArrayOutput `pulumi:"indicatorTypes"`
	// One or more `killChainPhase` blocks as defined below.
	KillChainPhases ThreatIntelligenceIndicatorKillChainPhaseArrayOutput `pulumi:"killChainPhases"`
	// The language of the Threat Intelligence Indicator.
	Language pulumi.StringPtrOutput `pulumi:"language"`
	// The last updated time of the Threat Intelligence Indicator in UTC.
	LastUpdatedTimeUtc pulumi.StringOutput `pulumi:"lastUpdatedTimeUtc"`
	// Specifies a list of Threat Intelligence marking references.
	ObjectMarkingRefs pulumi.StringArrayOutput `pulumi:"objectMarkingRefs"`
	// A `parsedPattern` block as defined below.
	ParsedPatterns ThreatIntelligenceIndicatorParsedPatternArrayOutput `pulumi:"parsedPatterns"`
	// The pattern used by the Threat Intelligence Indicator. When `patternType` set to `file`, `pattern` must be specified with `<HashName>:<Value>` format, such as `MD5:78ecc5c05cd8b79af480df2f8fba0b9d`.
	Pattern pulumi.StringOutput `pulumi:"pattern"`
	// The type of pattern used by the Threat Intelligence Indicator. Possible values are `domain-name`, `file`, `ipv4-addr`, `ipv6-addr` and `url`.
	PatternType pulumi.StringOutput `pulumi:"patternType"`
	// The version of a Threat Intelligence entity.
	PatternVersion pulumi.StringPtrOutput `pulumi:"patternVersion"`
	// Whether the Threat Intelligence entity revoked.
	Revoked pulumi.BoolPtrOutput `pulumi:"revoked"`
	// Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
	Source pulumi.StringOutput `pulumi:"source"`
	// Specifies a list of tags of the Threat Intelligence Indicator.
	Tags pulumi.StringArrayOutput `pulumi:"tags"`
	// Specifies a list of threat types of this Threat Intelligence Indicator.
	ThreatTypes pulumi.StringArrayOutput `pulumi:"threatTypes"`
	// The start of validate date in RFC3339.
	ValidateFromUtc pulumi.StringOutput `pulumi:"validateFromUtc"`
	// The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
	ValidateUntilUtc pulumi.StringPtrOutput `pulumi:"validateUntilUtc"`
	// The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
	WorkspaceId pulumi.StringOutput `pulumi:"workspaceId"`
}

Manages a Sentinel Threat Intelligence Indicator.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("east us"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-law"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
			RetentionInDays:   pulumi.Int(30),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			ResourceGroupName: example.Name,
			WorkspaceName:     exampleAnalyticsWorkspace.Name,
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewThreatIntelligenceIndicator(ctx, "example", &sentinel.ThreatIntelligenceIndicatorArgs{
			WorkspaceId:     exampleAnalyticsWorkspace.ID(),
			PatternType:     pulumi.String("domain-name"),
			Pattern:         pulumi.String("http://example.com"),
			Source:          pulumi.String("Microsoft Sentinel"),
			ValidateFromUtc: pulumi.String("2022-12-14T16:00:00Z"),
			DisplayName:     pulumi.String("example-indicator"),
		}, pulumi.DependsOn([]pulumi.Resource{
			test,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Threat Intelligence Indicators can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/threatIntelligenceIndicator:ThreatIntelligenceIndicator example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1 ```

func GetThreatIntelligenceIndicator added in v5.39.0 

func GetThreatIntelligenceIndicator(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ThreatIntelligenceIndicatorState, opts ...pulumi.ResourceOption) (*ThreatIntelligenceIndicator, error)

GetThreatIntelligenceIndicator gets an existing ThreatIntelligenceIndicator resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewThreatIntelligenceIndicator added in v5.39.0 

func NewThreatIntelligenceIndicator(ctx *pulumi.Context,
	name string, args *ThreatIntelligenceIndicatorArgs, opts ...pulumi.ResourceOption) (*ThreatIntelligenceIndicator, error)

NewThreatIntelligenceIndicator registers a new resource with the given unique name, arguments, and options.

func (*ThreatIntelligenceIndicator) ElementType added in v5.39.0 

func (*ThreatIntelligenceIndicator) ElementType() reflect.Type

func (*ThreatIntelligenceIndicator) ToThreatIntelligenceIndicatorOutput added in v5.39.0 

func (i *ThreatIntelligenceIndicator) ToThreatIntelligenceIndicatorOutput() ThreatIntelligenceIndicatorOutput

func (*ThreatIntelligenceIndicator) ToThreatIntelligenceIndicatorOutputWithContext added in v5.39.0 

func (i *ThreatIntelligenceIndicator) ToThreatIntelligenceIndicatorOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorOutput

type ThreatIntelligenceIndicatorArgs added in v5.39.0 

type ThreatIntelligenceIndicatorArgs struct {
	// Confidence levels of the Threat Intelligence Indicator.
	Confidence pulumi.IntPtrInput
	// The creator of the Threat Intelligence Indicator.
	CreatedBy pulumi.StringPtrInput
	// The description of the Threat Intelligence Indicator.
	Description pulumi.StringPtrInput
	// The display name of the Threat Intelligence Indicator.
	DisplayName pulumi.StringInput
	// The extension config of the Threat Intelligence Indicator in JSON format.
	Extension pulumi.StringPtrInput
	// One or more `externalReference` blocks as defined below.
	ExternalReferences ThreatIntelligenceIndicatorExternalReferenceArrayInput
	// One or more `granularMarking` blocks as defined below.
	GranularMarkings ThreatIntelligenceIndicatorGranularMarkingArrayInput
	// One or more `killChainPhase` blocks as defined below.
	KillChainPhases ThreatIntelligenceIndicatorKillChainPhaseArrayInput
	// The language of the Threat Intelligence Indicator.
	Language pulumi.StringPtrInput
	// Specifies a list of Threat Intelligence marking references.
	ObjectMarkingRefs pulumi.StringArrayInput
	// The pattern used by the Threat Intelligence Indicator. When `patternType` set to `file`, `pattern` must be specified with `<HashName>:<Value>` format, such as `MD5:78ecc5c05cd8b79af480df2f8fba0b9d`.
	Pattern pulumi.StringInput
	// The type of pattern used by the Threat Intelligence Indicator. Possible values are `domain-name`, `file`, `ipv4-addr`, `ipv6-addr` and `url`.
	PatternType pulumi.StringInput
	// The version of a Threat Intelligence entity.
	PatternVersion pulumi.StringPtrInput
	// Whether the Threat Intelligence entity revoked.
	Revoked pulumi.BoolPtrInput
	// Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
	Source pulumi.StringInput
	// Specifies a list of tags of the Threat Intelligence Indicator.
	Tags pulumi.StringArrayInput
	// Specifies a list of threat types of this Threat Intelligence Indicator.
	ThreatTypes pulumi.StringArrayInput
	// The start of validate date in RFC3339.
	ValidateFromUtc pulumi.StringInput
	// The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
	ValidateUntilUtc pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
	WorkspaceId pulumi.StringInput
}

The set of arguments for constructing a ThreatIntelligenceIndicator resource.

func (ThreatIntelligenceIndicatorArgs) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorArgs) ElementType() reflect.Type

type ThreatIntelligenceIndicatorArray added in v5.39.0 

type ThreatIntelligenceIndicatorArray []ThreatIntelligenceIndicatorInput

func (ThreatIntelligenceIndicatorArray) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorArray) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorArray) ToThreatIntelligenceIndicatorArrayOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorArray) ToThreatIntelligenceIndicatorArrayOutput() ThreatIntelligenceIndicatorArrayOutput

func (ThreatIntelligenceIndicatorArray) ToThreatIntelligenceIndicatorArrayOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorArray) ToThreatIntelligenceIndicatorArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorArrayOutput

type ThreatIntelligenceIndicatorArrayInput added in v5.39.0 

type ThreatIntelligenceIndicatorArrayInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorArrayOutput() ThreatIntelligenceIndicatorArrayOutput
	ToThreatIntelligenceIndicatorArrayOutputWithContext(context.Context) ThreatIntelligenceIndicatorArrayOutput
}

ThreatIntelligenceIndicatorArrayInput is an input type that accepts ThreatIntelligenceIndicatorArray and ThreatIntelligenceIndicatorArrayOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorArrayInput` via: 

ThreatIntelligenceIndicatorArray{ ThreatIntelligenceIndicatorArgs{...} }

type ThreatIntelligenceIndicatorArrayOutput added in v5.39.0 

type ThreatIntelligenceIndicatorArrayOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorArrayOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorArrayOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorArrayOutput) Index added in v5.39.0 

func (o ThreatIntelligenceIndicatorArrayOutput) Index(i pulumi.IntInput) ThreatIntelligenceIndicatorOutput

func (ThreatIntelligenceIndicatorArrayOutput) ToThreatIntelligenceIndicatorArrayOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorArrayOutput) ToThreatIntelligenceIndicatorArrayOutput() ThreatIntelligenceIndicatorArrayOutput

func (ThreatIntelligenceIndicatorArrayOutput) ToThreatIntelligenceIndicatorArrayOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorArrayOutput) ToThreatIntelligenceIndicatorArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorArrayOutput

type ThreatIntelligenceIndicatorExternalReference added in v5.39.0 

type ThreatIntelligenceIndicatorExternalReference struct {
	// The description of the external reference of the Threat Intelligence Indicator.
	Description *string `pulumi:"description"`
	// The list of hashes of the external reference of the Threat Intelligence Indicator.
	Hashes map[string]string `pulumi:"hashes"`
	// The ID of the Sentinel Threat Intelligence Indicator.
	Id *string `pulumi:"id"`
	// The source name of the external reference of the Threat Intelligence Indicator.
	SourceName *string `pulumi:"sourceName"`
	// The url of the external reference of the Threat Intelligence Indicator.
	Url *string `pulumi:"url"`
}

type ThreatIntelligenceIndicatorExternalReferenceArgs added in v5.39.0 

type ThreatIntelligenceIndicatorExternalReferenceArgs struct {
	// The description of the external reference of the Threat Intelligence Indicator.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// The list of hashes of the external reference of the Threat Intelligence Indicator.
	Hashes pulumi.StringMapInput `pulumi:"hashes"`
	// The ID of the Sentinel Threat Intelligence Indicator.
	Id pulumi.StringPtrInput `pulumi:"id"`
	// The source name of the external reference of the Threat Intelligence Indicator.
	SourceName pulumi.StringPtrInput `pulumi:"sourceName"`
	// The url of the external reference of the Threat Intelligence Indicator.
	Url pulumi.StringPtrInput `pulumi:"url"`
}

func (ThreatIntelligenceIndicatorExternalReferenceArgs) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorExternalReferenceArgs) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorExternalReferenceArgs) ToThreatIntelligenceIndicatorExternalReferenceOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorExternalReferenceArgs) ToThreatIntelligenceIndicatorExternalReferenceOutput() ThreatIntelligenceIndicatorExternalReferenceOutput

func (ThreatIntelligenceIndicatorExternalReferenceArgs) ToThreatIntelligenceIndicatorExternalReferenceOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorExternalReferenceArgs) ToThreatIntelligenceIndicatorExternalReferenceOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorExternalReferenceOutput

type ThreatIntelligenceIndicatorExternalReferenceArray added in v5.39.0 

type ThreatIntelligenceIndicatorExternalReferenceArray []ThreatIntelligenceIndicatorExternalReferenceInput

func (ThreatIntelligenceIndicatorExternalReferenceArray) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorExternalReferenceArray) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorExternalReferenceArray) ToThreatIntelligenceIndicatorExternalReferenceArrayOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorExternalReferenceArray) ToThreatIntelligenceIndicatorExternalReferenceArrayOutput() ThreatIntelligenceIndicatorExternalReferenceArrayOutput

func (ThreatIntelligenceIndicatorExternalReferenceArray) ToThreatIntelligenceIndicatorExternalReferenceArrayOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorExternalReferenceArray) ToThreatIntelligenceIndicatorExternalReferenceArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorExternalReferenceArrayOutput

type ThreatIntelligenceIndicatorExternalReferenceArrayInput added in v5.39.0 

type ThreatIntelligenceIndicatorExternalReferenceArrayInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorExternalReferenceArrayOutput() ThreatIntelligenceIndicatorExternalReferenceArrayOutput
	ToThreatIntelligenceIndicatorExternalReferenceArrayOutputWithContext(context.Context) ThreatIntelligenceIndicatorExternalReferenceArrayOutput
}

ThreatIntelligenceIndicatorExternalReferenceArrayInput is an input type that accepts ThreatIntelligenceIndicatorExternalReferenceArray and ThreatIntelligenceIndicatorExternalReferenceArrayOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorExternalReferenceArrayInput` via: 

ThreatIntelligenceIndicatorExternalReferenceArray{ ThreatIntelligenceIndicatorExternalReferenceArgs{...} }

type ThreatIntelligenceIndicatorExternalReferenceArrayOutput added in v5.39.0 

type ThreatIntelligenceIndicatorExternalReferenceArrayOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorExternalReferenceArrayOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorExternalReferenceArrayOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorExternalReferenceArrayOutput) Index added in v5.39.0 

func (o ThreatIntelligenceIndicatorExternalReferenceArrayOutput) Index(i pulumi.IntInput) ThreatIntelligenceIndicatorExternalReferenceOutput

func (ThreatIntelligenceIndicatorExternalReferenceArrayOutput) ToThreatIntelligenceIndicatorExternalReferenceArrayOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorExternalReferenceArrayOutput) ToThreatIntelligenceIndicatorExternalReferenceArrayOutput() ThreatIntelligenceIndicatorExternalReferenceArrayOutput

func (ThreatIntelligenceIndicatorExternalReferenceArrayOutput) ToThreatIntelligenceIndicatorExternalReferenceArrayOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorExternalReferenceArrayOutput) ToThreatIntelligenceIndicatorExternalReferenceArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorExternalReferenceArrayOutput

type ThreatIntelligenceIndicatorExternalReferenceInput added in v5.39.0 

type ThreatIntelligenceIndicatorExternalReferenceInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorExternalReferenceOutput() ThreatIntelligenceIndicatorExternalReferenceOutput
	ToThreatIntelligenceIndicatorExternalReferenceOutputWithContext(context.Context) ThreatIntelligenceIndicatorExternalReferenceOutput
}

ThreatIntelligenceIndicatorExternalReferenceInput is an input type that accepts ThreatIntelligenceIndicatorExternalReferenceArgs and ThreatIntelligenceIndicatorExternalReferenceOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorExternalReferenceInput` via: 

ThreatIntelligenceIndicatorExternalReferenceArgs{...}

type ThreatIntelligenceIndicatorExternalReferenceOutput added in v5.39.0 

type ThreatIntelligenceIndicatorExternalReferenceOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorExternalReferenceOutput) Description added in v5.39.0 

func (o ThreatIntelligenceIndicatorExternalReferenceOutput) Description() pulumi.StringPtrOutput

The description of the external reference of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorExternalReferenceOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorExternalReferenceOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorExternalReferenceOutput) Hashes added in v5.39.0 

func (o ThreatIntelligenceIndicatorExternalReferenceOutput) Hashes() pulumi.StringMapOutput

The list of hashes of the external reference of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorExternalReferenceOutput) Id added in v5.39.0 

func (o ThreatIntelligenceIndicatorExternalReferenceOutput) Id() pulumi.StringPtrOutput

The ID of the Sentinel Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorExternalReferenceOutput) SourceName added in v5.39.0 

func (o ThreatIntelligenceIndicatorExternalReferenceOutput) SourceName() pulumi.StringPtrOutput

The source name of the external reference of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorExternalReferenceOutput) ToThreatIntelligenceIndicatorExternalReferenceOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorExternalReferenceOutput) ToThreatIntelligenceIndicatorExternalReferenceOutput() ThreatIntelligenceIndicatorExternalReferenceOutput

func (ThreatIntelligenceIndicatorExternalReferenceOutput) ToThreatIntelligenceIndicatorExternalReferenceOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorExternalReferenceOutput) ToThreatIntelligenceIndicatorExternalReferenceOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorExternalReferenceOutput

func (ThreatIntelligenceIndicatorExternalReferenceOutput) Url added in v5.39.0 

func (o ThreatIntelligenceIndicatorExternalReferenceOutput) Url() pulumi.StringPtrOutput

The url of the external reference of the Threat Intelligence Indicator.

type ThreatIntelligenceIndicatorGranularMarking added in v5.39.0 

type ThreatIntelligenceIndicatorGranularMarking struct {
	// The language of granular marking of the Threat Intelligence Indicator.
	Language *string `pulumi:"language"`
	// The reference of the granular marking of the Threat Intelligence Indicator.
	MarkingRef *string `pulumi:"markingRef"`
	// A list of selectors of the granular marking of the Threat Intelligence Indicator.
	Selectors []string `pulumi:"selectors"`
}

type ThreatIntelligenceIndicatorGranularMarkingArgs added in v5.39.0 

type ThreatIntelligenceIndicatorGranularMarkingArgs struct {
	// The language of granular marking of the Threat Intelligence Indicator.
	Language pulumi.StringPtrInput `pulumi:"language"`
	// The reference of the granular marking of the Threat Intelligence Indicator.
	MarkingRef pulumi.StringPtrInput `pulumi:"markingRef"`
	// A list of selectors of the granular marking of the Threat Intelligence Indicator.
	Selectors pulumi.StringArrayInput `pulumi:"selectors"`
}

func (ThreatIntelligenceIndicatorGranularMarkingArgs) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorGranularMarkingArgs) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorGranularMarkingArgs) ToThreatIntelligenceIndicatorGranularMarkingOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorGranularMarkingArgs) ToThreatIntelligenceIndicatorGranularMarkingOutput() ThreatIntelligenceIndicatorGranularMarkingOutput

func (ThreatIntelligenceIndicatorGranularMarkingArgs) ToThreatIntelligenceIndicatorGranularMarkingOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorGranularMarkingArgs) ToThreatIntelligenceIndicatorGranularMarkingOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorGranularMarkingOutput

type ThreatIntelligenceIndicatorGranularMarkingArray added in v5.39.0 

type ThreatIntelligenceIndicatorGranularMarkingArray []ThreatIntelligenceIndicatorGranularMarkingInput

func (ThreatIntelligenceIndicatorGranularMarkingArray) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorGranularMarkingArray) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorGranularMarkingArray) ToThreatIntelligenceIndicatorGranularMarkingArrayOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorGranularMarkingArray) ToThreatIntelligenceIndicatorGranularMarkingArrayOutput() ThreatIntelligenceIndicatorGranularMarkingArrayOutput

func (ThreatIntelligenceIndicatorGranularMarkingArray) ToThreatIntelligenceIndicatorGranularMarkingArrayOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorGranularMarkingArray) ToThreatIntelligenceIndicatorGranularMarkingArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorGranularMarkingArrayOutput

type ThreatIntelligenceIndicatorGranularMarkingArrayInput added in v5.39.0 

type ThreatIntelligenceIndicatorGranularMarkingArrayInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorGranularMarkingArrayOutput() ThreatIntelligenceIndicatorGranularMarkingArrayOutput
	ToThreatIntelligenceIndicatorGranularMarkingArrayOutputWithContext(context.Context) ThreatIntelligenceIndicatorGranularMarkingArrayOutput
}

ThreatIntelligenceIndicatorGranularMarkingArrayInput is an input type that accepts ThreatIntelligenceIndicatorGranularMarkingArray and ThreatIntelligenceIndicatorGranularMarkingArrayOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorGranularMarkingArrayInput` via: 

ThreatIntelligenceIndicatorGranularMarkingArray{ ThreatIntelligenceIndicatorGranularMarkingArgs{...} }

type ThreatIntelligenceIndicatorGranularMarkingArrayOutput added in v5.39.0 

type ThreatIntelligenceIndicatorGranularMarkingArrayOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorGranularMarkingArrayOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorGranularMarkingArrayOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorGranularMarkingArrayOutput) Index added in v5.39.0 

func (o ThreatIntelligenceIndicatorGranularMarkingArrayOutput) Index(i pulumi.IntInput) ThreatIntelligenceIndicatorGranularMarkingOutput

func (ThreatIntelligenceIndicatorGranularMarkingArrayOutput) ToThreatIntelligenceIndicatorGranularMarkingArrayOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorGranularMarkingArrayOutput) ToThreatIntelligenceIndicatorGranularMarkingArrayOutput() ThreatIntelligenceIndicatorGranularMarkingArrayOutput

func (ThreatIntelligenceIndicatorGranularMarkingArrayOutput) ToThreatIntelligenceIndicatorGranularMarkingArrayOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorGranularMarkingArrayOutput) ToThreatIntelligenceIndicatorGranularMarkingArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorGranularMarkingArrayOutput

type ThreatIntelligenceIndicatorGranularMarkingInput added in v5.39.0 

type ThreatIntelligenceIndicatorGranularMarkingInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorGranularMarkingOutput() ThreatIntelligenceIndicatorGranularMarkingOutput
	ToThreatIntelligenceIndicatorGranularMarkingOutputWithContext(context.Context) ThreatIntelligenceIndicatorGranularMarkingOutput
}

ThreatIntelligenceIndicatorGranularMarkingInput is an input type that accepts ThreatIntelligenceIndicatorGranularMarkingArgs and ThreatIntelligenceIndicatorGranularMarkingOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorGranularMarkingInput` via: 

ThreatIntelligenceIndicatorGranularMarkingArgs{...}

type ThreatIntelligenceIndicatorGranularMarkingOutput added in v5.39.0 

type ThreatIntelligenceIndicatorGranularMarkingOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorGranularMarkingOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorGranularMarkingOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorGranularMarkingOutput) Language added in v5.39.0 

func (o ThreatIntelligenceIndicatorGranularMarkingOutput) Language() pulumi.StringPtrOutput

The language of granular marking of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorGranularMarkingOutput) MarkingRef added in v5.39.0 

func (o ThreatIntelligenceIndicatorGranularMarkingOutput) MarkingRef() pulumi.StringPtrOutput

The reference of the granular marking of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorGranularMarkingOutput) Selectors added in v5.39.0 

func (o ThreatIntelligenceIndicatorGranularMarkingOutput) Selectors() pulumi.StringArrayOutput

A list of selectors of the granular marking of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorGranularMarkingOutput) ToThreatIntelligenceIndicatorGranularMarkingOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorGranularMarkingOutput) ToThreatIntelligenceIndicatorGranularMarkingOutput() ThreatIntelligenceIndicatorGranularMarkingOutput

func (ThreatIntelligenceIndicatorGranularMarkingOutput) ToThreatIntelligenceIndicatorGranularMarkingOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorGranularMarkingOutput) ToThreatIntelligenceIndicatorGranularMarkingOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorGranularMarkingOutput

type ThreatIntelligenceIndicatorInput added in v5.39.0 

type ThreatIntelligenceIndicatorInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorOutput() ThreatIntelligenceIndicatorOutput
	ToThreatIntelligenceIndicatorOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorOutput
}

type ThreatIntelligenceIndicatorKillChainPhase added in v5.39.0 

type ThreatIntelligenceIndicatorKillChainPhase struct {
	// The name which should be used for the Lockheed Martin cyber kill chain phase.
	Name *string `pulumi:"name"`
}

type ThreatIntelligenceIndicatorKillChainPhaseArgs added in v5.39.0 

type ThreatIntelligenceIndicatorKillChainPhaseArgs struct {
	// The name which should be used for the Lockheed Martin cyber kill chain phase.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

func (ThreatIntelligenceIndicatorKillChainPhaseArgs) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorKillChainPhaseArgs) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorKillChainPhaseArgs) ToThreatIntelligenceIndicatorKillChainPhaseOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorKillChainPhaseArgs) ToThreatIntelligenceIndicatorKillChainPhaseOutput() ThreatIntelligenceIndicatorKillChainPhaseOutput

func (ThreatIntelligenceIndicatorKillChainPhaseArgs) ToThreatIntelligenceIndicatorKillChainPhaseOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorKillChainPhaseArgs) ToThreatIntelligenceIndicatorKillChainPhaseOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorKillChainPhaseOutput

type ThreatIntelligenceIndicatorKillChainPhaseArray added in v5.39.0 

type ThreatIntelligenceIndicatorKillChainPhaseArray []ThreatIntelligenceIndicatorKillChainPhaseInput

func (ThreatIntelligenceIndicatorKillChainPhaseArray) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorKillChainPhaseArray) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorKillChainPhaseArray) ToThreatIntelligenceIndicatorKillChainPhaseArrayOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorKillChainPhaseArray) ToThreatIntelligenceIndicatorKillChainPhaseArrayOutput() ThreatIntelligenceIndicatorKillChainPhaseArrayOutput

func (ThreatIntelligenceIndicatorKillChainPhaseArray) ToThreatIntelligenceIndicatorKillChainPhaseArrayOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorKillChainPhaseArray) ToThreatIntelligenceIndicatorKillChainPhaseArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorKillChainPhaseArrayOutput

type ThreatIntelligenceIndicatorKillChainPhaseArrayInput added in v5.39.0 

type ThreatIntelligenceIndicatorKillChainPhaseArrayInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorKillChainPhaseArrayOutput() ThreatIntelligenceIndicatorKillChainPhaseArrayOutput
	ToThreatIntelligenceIndicatorKillChainPhaseArrayOutputWithContext(context.Context) ThreatIntelligenceIndicatorKillChainPhaseArrayOutput
}

ThreatIntelligenceIndicatorKillChainPhaseArrayInput is an input type that accepts ThreatIntelligenceIndicatorKillChainPhaseArray and ThreatIntelligenceIndicatorKillChainPhaseArrayOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorKillChainPhaseArrayInput` via: 

ThreatIntelligenceIndicatorKillChainPhaseArray{ ThreatIntelligenceIndicatorKillChainPhaseArgs{...} }

type ThreatIntelligenceIndicatorKillChainPhaseArrayOutput added in v5.39.0 

type ThreatIntelligenceIndicatorKillChainPhaseArrayOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorKillChainPhaseArrayOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorKillChainPhaseArrayOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorKillChainPhaseArrayOutput) Index added in v5.39.0 

func (o ThreatIntelligenceIndicatorKillChainPhaseArrayOutput) Index(i pulumi.IntInput) ThreatIntelligenceIndicatorKillChainPhaseOutput

func (ThreatIntelligenceIndicatorKillChainPhaseArrayOutput) ToThreatIntelligenceIndicatorKillChainPhaseArrayOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorKillChainPhaseArrayOutput) ToThreatIntelligenceIndicatorKillChainPhaseArrayOutput() ThreatIntelligenceIndicatorKillChainPhaseArrayOutput

func (ThreatIntelligenceIndicatorKillChainPhaseArrayOutput) ToThreatIntelligenceIndicatorKillChainPhaseArrayOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorKillChainPhaseArrayOutput) ToThreatIntelligenceIndicatorKillChainPhaseArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorKillChainPhaseArrayOutput

type ThreatIntelligenceIndicatorKillChainPhaseInput added in v5.39.0 

type ThreatIntelligenceIndicatorKillChainPhaseInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorKillChainPhaseOutput() ThreatIntelligenceIndicatorKillChainPhaseOutput
	ToThreatIntelligenceIndicatorKillChainPhaseOutputWithContext(context.Context) ThreatIntelligenceIndicatorKillChainPhaseOutput
}

ThreatIntelligenceIndicatorKillChainPhaseInput is an input type that accepts ThreatIntelligenceIndicatorKillChainPhaseArgs and ThreatIntelligenceIndicatorKillChainPhaseOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorKillChainPhaseInput` via: 

ThreatIntelligenceIndicatorKillChainPhaseArgs{...}

type ThreatIntelligenceIndicatorKillChainPhaseOutput added in v5.39.0 

type ThreatIntelligenceIndicatorKillChainPhaseOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorKillChainPhaseOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorKillChainPhaseOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorKillChainPhaseOutput) Name added in v5.39.0 

func (o ThreatIntelligenceIndicatorKillChainPhaseOutput) Name() pulumi.StringPtrOutput

The name which should be used for the Lockheed Martin cyber kill chain phase.

func (ThreatIntelligenceIndicatorKillChainPhaseOutput) ToThreatIntelligenceIndicatorKillChainPhaseOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorKillChainPhaseOutput) ToThreatIntelligenceIndicatorKillChainPhaseOutput() ThreatIntelligenceIndicatorKillChainPhaseOutput

func (ThreatIntelligenceIndicatorKillChainPhaseOutput) ToThreatIntelligenceIndicatorKillChainPhaseOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorKillChainPhaseOutput) ToThreatIntelligenceIndicatorKillChainPhaseOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorKillChainPhaseOutput

type ThreatIntelligenceIndicatorMap added in v5.39.0 

type ThreatIntelligenceIndicatorMap map[string]ThreatIntelligenceIndicatorInput

func (ThreatIntelligenceIndicatorMap) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorMap) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorMap) ToThreatIntelligenceIndicatorMapOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorMap) ToThreatIntelligenceIndicatorMapOutput() ThreatIntelligenceIndicatorMapOutput

func (ThreatIntelligenceIndicatorMap) ToThreatIntelligenceIndicatorMapOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorMap) ToThreatIntelligenceIndicatorMapOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorMapOutput

type ThreatIntelligenceIndicatorMapInput added in v5.39.0 

type ThreatIntelligenceIndicatorMapInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorMapOutput() ThreatIntelligenceIndicatorMapOutput
	ToThreatIntelligenceIndicatorMapOutputWithContext(context.Context) ThreatIntelligenceIndicatorMapOutput
}

ThreatIntelligenceIndicatorMapInput is an input type that accepts ThreatIntelligenceIndicatorMap and ThreatIntelligenceIndicatorMapOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorMapInput` via: 

ThreatIntelligenceIndicatorMap{ "key": ThreatIntelligenceIndicatorArgs{...} }

type ThreatIntelligenceIndicatorMapOutput added in v5.39.0 

type ThreatIntelligenceIndicatorMapOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorMapOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorMapOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorMapOutput) MapIndex added in v5.39.0 

func (o ThreatIntelligenceIndicatorMapOutput) MapIndex(k pulumi.StringInput) ThreatIntelligenceIndicatorOutput

func (ThreatIntelligenceIndicatorMapOutput) ToThreatIntelligenceIndicatorMapOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorMapOutput) ToThreatIntelligenceIndicatorMapOutput() ThreatIntelligenceIndicatorMapOutput

func (ThreatIntelligenceIndicatorMapOutput) ToThreatIntelligenceIndicatorMapOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorMapOutput) ToThreatIntelligenceIndicatorMapOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorMapOutput

type ThreatIntelligenceIndicatorOutput added in v5.39.0 

type ThreatIntelligenceIndicatorOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorOutput) Confidence added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) Confidence() pulumi.IntPtrOutput

Confidence levels of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorOutput) CreatedBy added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) CreatedBy() pulumi.StringPtrOutput

The creator of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorOutput) CreatedOn added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) CreatedOn() pulumi.StringOutput

The date of this Threat Intelligence Indicator created.

func (ThreatIntelligenceIndicatorOutput) Defanged added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) Defanged() pulumi.BoolOutput

Whether the Threat Intelligence entity is defanged?

func (ThreatIntelligenceIndicatorOutput) Description added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) Description() pulumi.StringPtrOutput

The description of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorOutput) DisplayName added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) DisplayName() pulumi.StringOutput

The display name of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorOutput) Extension added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) Extension() pulumi.StringOutput

The extension config of the Threat Intelligence Indicator in JSON format.

func (ThreatIntelligenceIndicatorOutput) ExternalId added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) ExternalId() pulumi.StringOutput

The external ID of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorOutput) ExternalLastUpdatedTimeUtc added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) ExternalLastUpdatedTimeUtc() pulumi.StringOutput

the External last updated time in UTC.

func (ThreatIntelligenceIndicatorOutput) ExternalReferences added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) ExternalReferences() ThreatIntelligenceIndicatorExternalReferenceArrayOutput

One or more `externalReference` blocks as defined below.

func (ThreatIntelligenceIndicatorOutput) GranularMarkings added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) GranularMarkings() ThreatIntelligenceIndicatorGranularMarkingArrayOutput

One or more `granularMarking` blocks as defined below.

func (ThreatIntelligenceIndicatorOutput) Guid added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) Guid() pulumi.StringOutput

The guid of this Sentinel Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorOutput) IndicatorTypes added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) IndicatorTypes() pulumi.StringArrayOutput

A list of indicator types of this Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorOutput) KillChainPhases added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) KillChainPhases() ThreatIntelligenceIndicatorKillChainPhaseArrayOutput

One or more `killChainPhase` blocks as defined below.

func (ThreatIntelligenceIndicatorOutput) Language added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) Language() pulumi.StringPtrOutput

The language of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorOutput) LastUpdatedTimeUtc added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) LastUpdatedTimeUtc() pulumi.StringOutput

The last updated time of the Threat Intelligence Indicator in UTC.

func (ThreatIntelligenceIndicatorOutput) ObjectMarkingRefs added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) ObjectMarkingRefs() pulumi.StringArrayOutput

Specifies a list of Threat Intelligence marking references.

func (ThreatIntelligenceIndicatorOutput) ParsedPatterns added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) ParsedPatterns() ThreatIntelligenceIndicatorParsedPatternArrayOutput

A `parsedPattern` block as defined below.

func (ThreatIntelligenceIndicatorOutput) Pattern added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) Pattern() pulumi.StringOutput

The pattern used by the Threat Intelligence Indicator. When `patternType` set to `file`, `pattern` must be specified with `<HashName>:<Value>` format, such as `MD5:78ecc5c05cd8b79af480df2f8fba0b9d`.

func (ThreatIntelligenceIndicatorOutput) PatternType added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) PatternType() pulumi.StringOutput

The type of pattern used by the Threat Intelligence Indicator. Possible values are `domain-name`, `file`, `ipv4-addr`, `ipv6-addr` and `url`.

func (ThreatIntelligenceIndicatorOutput) PatternVersion added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) PatternVersion() pulumi.StringPtrOutput

The version of a Threat Intelligence entity.

func (ThreatIntelligenceIndicatorOutput) Revoked added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) Revoked() pulumi.BoolPtrOutput

Whether the Threat Intelligence entity revoked.

func (ThreatIntelligenceIndicatorOutput) Source added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) Source() pulumi.StringOutput

Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.

func (ThreatIntelligenceIndicatorOutput) Tags added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) Tags() pulumi.StringArrayOutput

Specifies a list of tags of the Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorOutput) ThreatTypes added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) ThreatTypes() pulumi.StringArrayOutput

Specifies a list of threat types of this Threat Intelligence Indicator.

func (ThreatIntelligenceIndicatorOutput) ToThreatIntelligenceIndicatorOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) ToThreatIntelligenceIndicatorOutput() ThreatIntelligenceIndicatorOutput

func (ThreatIntelligenceIndicatorOutput) ToThreatIntelligenceIndicatorOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) ToThreatIntelligenceIndicatorOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorOutput

func (ThreatIntelligenceIndicatorOutput) ValidateFromUtc added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) ValidateFromUtc() pulumi.StringOutput

The start of validate date in RFC3339.

func (ThreatIntelligenceIndicatorOutput) ValidateUntilUtc added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) ValidateUntilUtc() pulumi.StringPtrOutput

The end of validate date of the Threat Intelligence Indicator in RFC3339 format.

func (ThreatIntelligenceIndicatorOutput) WorkspaceId added in v5.39.0 

func (o ThreatIntelligenceIndicatorOutput) WorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.

type ThreatIntelligenceIndicatorParsedPattern added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPattern struct {
	// The type key of parsed pattern.
	PatternTypeKey *string `pulumi:"patternTypeKey"`
	// A `patternTypeValues` block as defined below.
	PatternTypeValues []ThreatIntelligenceIndicatorParsedPatternPatternTypeValue `pulumi:"patternTypeValues"`
}

type ThreatIntelligenceIndicatorParsedPatternArgs added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternArgs struct {
	// The type key of parsed pattern.
	PatternTypeKey pulumi.StringPtrInput `pulumi:"patternTypeKey"`
	// A `patternTypeValues` block as defined below.
	PatternTypeValues ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayInput `pulumi:"patternTypeValues"`
}

func (ThreatIntelligenceIndicatorParsedPatternArgs) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorParsedPatternArgs) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorParsedPatternArgs) ToThreatIntelligenceIndicatorParsedPatternOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorParsedPatternArgs) ToThreatIntelligenceIndicatorParsedPatternOutput() ThreatIntelligenceIndicatorParsedPatternOutput

func (ThreatIntelligenceIndicatorParsedPatternArgs) ToThreatIntelligenceIndicatorParsedPatternOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorParsedPatternArgs) ToThreatIntelligenceIndicatorParsedPatternOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorParsedPatternOutput

type ThreatIntelligenceIndicatorParsedPatternArray added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternArray []ThreatIntelligenceIndicatorParsedPatternInput

func (ThreatIntelligenceIndicatorParsedPatternArray) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorParsedPatternArray) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorParsedPatternArray) ToThreatIntelligenceIndicatorParsedPatternArrayOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorParsedPatternArray) ToThreatIntelligenceIndicatorParsedPatternArrayOutput() ThreatIntelligenceIndicatorParsedPatternArrayOutput

func (ThreatIntelligenceIndicatorParsedPatternArray) ToThreatIntelligenceIndicatorParsedPatternArrayOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorParsedPatternArray) ToThreatIntelligenceIndicatorParsedPatternArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorParsedPatternArrayOutput

type ThreatIntelligenceIndicatorParsedPatternArrayInput added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternArrayInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorParsedPatternArrayOutput() ThreatIntelligenceIndicatorParsedPatternArrayOutput
	ToThreatIntelligenceIndicatorParsedPatternArrayOutputWithContext(context.Context) ThreatIntelligenceIndicatorParsedPatternArrayOutput
}

ThreatIntelligenceIndicatorParsedPatternArrayInput is an input type that accepts ThreatIntelligenceIndicatorParsedPatternArray and ThreatIntelligenceIndicatorParsedPatternArrayOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorParsedPatternArrayInput` via: 

ThreatIntelligenceIndicatorParsedPatternArray{ ThreatIntelligenceIndicatorParsedPatternArgs{...} }

type ThreatIntelligenceIndicatorParsedPatternArrayOutput added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternArrayOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorParsedPatternArrayOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorParsedPatternArrayOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorParsedPatternArrayOutput) Index added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternArrayOutput) Index(i pulumi.IntInput) ThreatIntelligenceIndicatorParsedPatternOutput

func (ThreatIntelligenceIndicatorParsedPatternArrayOutput) ToThreatIntelligenceIndicatorParsedPatternArrayOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternArrayOutput) ToThreatIntelligenceIndicatorParsedPatternArrayOutput() ThreatIntelligenceIndicatorParsedPatternArrayOutput

func (ThreatIntelligenceIndicatorParsedPatternArrayOutput) ToThreatIntelligenceIndicatorParsedPatternArrayOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternArrayOutput) ToThreatIntelligenceIndicatorParsedPatternArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorParsedPatternArrayOutput

type ThreatIntelligenceIndicatorParsedPatternInput added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorParsedPatternOutput() ThreatIntelligenceIndicatorParsedPatternOutput
	ToThreatIntelligenceIndicatorParsedPatternOutputWithContext(context.Context) ThreatIntelligenceIndicatorParsedPatternOutput
}

ThreatIntelligenceIndicatorParsedPatternInput is an input type that accepts ThreatIntelligenceIndicatorParsedPatternArgs and ThreatIntelligenceIndicatorParsedPatternOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorParsedPatternInput` via: 

ThreatIntelligenceIndicatorParsedPatternArgs{...}

type ThreatIntelligenceIndicatorParsedPatternOutput added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorParsedPatternOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorParsedPatternOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorParsedPatternOutput) PatternTypeKey added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternOutput) PatternTypeKey() pulumi.StringPtrOutput

The type key of parsed pattern.

func (ThreatIntelligenceIndicatorParsedPatternOutput) PatternTypeValues added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternOutput) PatternTypeValues() ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput

A `patternTypeValues` block as defined below.

func (ThreatIntelligenceIndicatorParsedPatternOutput) ToThreatIntelligenceIndicatorParsedPatternOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternOutput) ToThreatIntelligenceIndicatorParsedPatternOutput() ThreatIntelligenceIndicatorParsedPatternOutput

func (ThreatIntelligenceIndicatorParsedPatternOutput) ToThreatIntelligenceIndicatorParsedPatternOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternOutput) ToThreatIntelligenceIndicatorParsedPatternOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorParsedPatternOutput

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValue added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValue struct {
	// The value of the parsed pattern type.
	Value *string `pulumi:"value"`
	// The type of the value of the parsed pattern type value.
	ValueType *string `pulumi:"valueType"`
}

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs struct {
	// The value of the parsed pattern type.
	Value pulumi.StringPtrInput `pulumi:"value"`
	// The type of the value of the parsed pattern type value.
	ValueType pulumi.StringPtrInput `pulumi:"valueType"`
}

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput() ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArray added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArray []ThreatIntelligenceIndicatorParsedPatternPatternTypeValueInput

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArray) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArray) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArray) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput added in v5.39.0 

func (i ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArray) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput() ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArray) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutputWithContext added in v5.39.0 

func (i ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArray) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayInput added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput() ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput
	ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutputWithContext(context.Context) ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput
}

ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayInput is an input type that accepts ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArray and ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayInput` via: 

ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArray{ ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs{...} }

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput) Index added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput) Index(i pulumi.IntInput) ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput() ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArrayOutput

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueInput added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueInput interface {
	pulumi.Input

	ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput() ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput
	ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutputWithContext(context.Context) ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput
}

ThreatIntelligenceIndicatorParsedPatternPatternTypeValueInput is an input type that accepts ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs and ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput values. You can construct a concrete instance of `ThreatIntelligenceIndicatorParsedPatternPatternTypeValueInput` via: 

ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs{...}

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput added in v5.39.0 

type ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput struct{ *pulumi.OutputState }

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput) ElementType() reflect.Type

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput() ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutputWithContext added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput) ToThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutputWithContext(ctx context.Context) ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput) Value added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput) Value() pulumi.StringPtrOutput

The value of the parsed pattern type.

func (ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput) ValueType added in v5.39.0 

func (o ThreatIntelligenceIndicatorParsedPatternPatternTypeValueOutput) ValueType() pulumi.StringPtrOutput

The type of the value of the parsed pattern type value.

type ThreatIntelligenceIndicatorState added in v5.39.0 

type ThreatIntelligenceIndicatorState struct {
	// Confidence levels of the Threat Intelligence Indicator.
	Confidence pulumi.IntPtrInput
	// The creator of the Threat Intelligence Indicator.
	CreatedBy pulumi.StringPtrInput
	// The date of this Threat Intelligence Indicator created.
	CreatedOn pulumi.StringPtrInput
	// Whether the Threat Intelligence entity is defanged?
	Defanged pulumi.BoolPtrInput
	// The description of the Threat Intelligence Indicator.
	Description pulumi.StringPtrInput
	// The display name of the Threat Intelligence Indicator.
	DisplayName pulumi.StringPtrInput
	// The extension config of the Threat Intelligence Indicator in JSON format.
	Extension pulumi.StringPtrInput
	// The external ID of the Threat Intelligence Indicator.
	ExternalId pulumi.StringPtrInput
	// the External last updated time in UTC.
	ExternalLastUpdatedTimeUtc pulumi.StringPtrInput
	// One or more `externalReference` blocks as defined below.
	ExternalReferences ThreatIntelligenceIndicatorExternalReferenceArrayInput
	// One or more `granularMarking` blocks as defined below.
	GranularMarkings ThreatIntelligenceIndicatorGranularMarkingArrayInput
	// The guid of this Sentinel Threat Intelligence Indicator.
	Guid pulumi.StringPtrInput
	// A list of indicator types of this Threat Intelligence Indicator.
	IndicatorTypes pulumi.StringArrayInput
	// One or more `killChainPhase` blocks as defined below.
	KillChainPhases ThreatIntelligenceIndicatorKillChainPhaseArrayInput
	// The language of the Threat Intelligence Indicator.
	Language pulumi.StringPtrInput
	// The last updated time of the Threat Intelligence Indicator in UTC.
	LastUpdatedTimeUtc pulumi.StringPtrInput
	// Specifies a list of Threat Intelligence marking references.
	ObjectMarkingRefs pulumi.StringArrayInput
	// A `parsedPattern` block as defined below.
	ParsedPatterns ThreatIntelligenceIndicatorParsedPatternArrayInput
	// The pattern used by the Threat Intelligence Indicator. When `patternType` set to `file`, `pattern` must be specified with `<HashName>:<Value>` format, such as `MD5:78ecc5c05cd8b79af480df2f8fba0b9d`.
	Pattern pulumi.StringPtrInput
	// The type of pattern used by the Threat Intelligence Indicator. Possible values are `domain-name`, `file`, `ipv4-addr`, `ipv6-addr` and `url`.
	PatternType pulumi.StringPtrInput
	// The version of a Threat Intelligence entity.
	PatternVersion pulumi.StringPtrInput
	// Whether the Threat Intelligence entity revoked.
	Revoked pulumi.BoolPtrInput
	// Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
	Source pulumi.StringPtrInput
	// Specifies a list of tags of the Threat Intelligence Indicator.
	Tags pulumi.StringArrayInput
	// Specifies a list of threat types of this Threat Intelligence Indicator.
	ThreatTypes pulumi.StringArrayInput
	// The start of validate date in RFC3339.
	ValidateFromUtc pulumi.StringPtrInput
	// The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
	ValidateUntilUtc pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
	WorkspaceId pulumi.StringPtrInput
}

func (ThreatIntelligenceIndicatorState) ElementType added in v5.39.0 

func (ThreatIntelligenceIndicatorState) ElementType() reflect.Type

type Watchlist 

type Watchlist struct {
	pulumi.CustomResourceState

	// The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DefaultDuration pulumi.StringPtrOutput `pulumi:"defaultDuration"`
	// The description of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// The key used to optimize query performance when using Watchlist for joins with other data. Changing this forces a new Sentinel Watchlist to be created.
	ItemSearchKey pulumi.StringOutput `pulumi:"itemSearchKey"`
	// Specifies a list of labels related to this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Labels pulumi.StringArrayOutput `pulumi:"labels"`
	// The ID of the Log Analytics Workspace where this Sentinel Watchlist resides in. Changing this forces a new Sentinel Watchlist to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a Sentinel Watchlist.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewWatchlist(ctx, "example", &sentinel.WatchlistArgs{
			Name:                    pulumi.String("example-watchlist"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("example-wl"),
			ItemSearchKey:           pulumi.String("Key"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Watchlists can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/watchlist:Watchlist example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/watchlists/list1 ```

func GetWatchlist 

func GetWatchlist(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WatchlistState, opts ...pulumi.ResourceOption) (*Watchlist, error)

GetWatchlist gets an existing Watchlist resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWatchlist 

func NewWatchlist(ctx *pulumi.Context,
	name string, args *WatchlistArgs, opts ...pulumi.ResourceOption) (*Watchlist, error)

NewWatchlist registers a new resource with the given unique name, arguments, and options.

func (*Watchlist) ElementType 

func (*Watchlist) ElementType() reflect.Type

func (*Watchlist) ToWatchlistOutput 

func (i *Watchlist) ToWatchlistOutput() WatchlistOutput

func (*Watchlist) ToWatchlistOutputWithContext 

func (i *Watchlist) ToWatchlistOutputWithContext(ctx context.Context) WatchlistOutput

type WatchlistArgs 

type WatchlistArgs struct {
	// The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DefaultDuration pulumi.StringPtrInput
	// The description of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Description pulumi.StringPtrInput
	// The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DisplayName pulumi.StringInput
	// The key used to optimize query performance when using Watchlist for joins with other data. Changing this forces a new Sentinel Watchlist to be created.
	ItemSearchKey pulumi.StringInput
	// Specifies a list of labels related to this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Labels pulumi.StringArrayInput
	// The ID of the Log Analytics Workspace where this Sentinel Watchlist resides in. Changing this forces a new Sentinel Watchlist to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a Watchlist resource.

func (WatchlistArgs) ElementType 

func (WatchlistArgs) ElementType() reflect.Type

type WatchlistArray 

type WatchlistArray []WatchlistInput

func (WatchlistArray) ElementType 

func (WatchlistArray) ElementType() reflect.Type

func (WatchlistArray) ToWatchlistArrayOutput 

func (i WatchlistArray) ToWatchlistArrayOutput() WatchlistArrayOutput

func (WatchlistArray) ToWatchlistArrayOutputWithContext 

func (i WatchlistArray) ToWatchlistArrayOutputWithContext(ctx context.Context) WatchlistArrayOutput

type WatchlistArrayInput 

type WatchlistArrayInput interface {
	pulumi.Input

	ToWatchlistArrayOutput() WatchlistArrayOutput
	ToWatchlistArrayOutputWithContext(context.Context) WatchlistArrayOutput
}

WatchlistArrayInput is an input type that accepts WatchlistArray and WatchlistArrayOutput values. You can construct a concrete instance of `WatchlistArrayInput` via: 

WatchlistArray{ WatchlistArgs{...} }

type WatchlistArrayOutput 

type WatchlistArrayOutput struct{ *pulumi.OutputState }

func (WatchlistArrayOutput) ElementType 

func (WatchlistArrayOutput) ElementType() reflect.Type

func (WatchlistArrayOutput) Index 

func (o WatchlistArrayOutput) Index(i pulumi.IntInput) WatchlistOutput

func (WatchlistArrayOutput) ToWatchlistArrayOutput 

func (o WatchlistArrayOutput) ToWatchlistArrayOutput() WatchlistArrayOutput

func (WatchlistArrayOutput) ToWatchlistArrayOutputWithContext 

func (o WatchlistArrayOutput) ToWatchlistArrayOutputWithContext(ctx context.Context) WatchlistArrayOutput

type WatchlistInput 

type WatchlistInput interface {
	pulumi.Input

	ToWatchlistOutput() WatchlistOutput
	ToWatchlistOutputWithContext(ctx context.Context) WatchlistOutput
}

type WatchlistItem 

type WatchlistItem struct {
	pulumi.CustomResourceState

	// The name in UUID format which should be used for this Sentinel Watchlist Item. Changing this forces a new Sentinel Watchlist Item to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The key value pairs of the Sentinel Watchlist Item.
	Properties pulumi.StringMapOutput `pulumi:"properties"`
	// The ID of the Sentinel Watchlist that this Item resides in. Changing this forces a new Sentinel Watchlist Item to be created.
	WatchlistId pulumi.StringOutput `pulumi:"watchlistId"`
}

Manages a Sentinel Watchlist Item.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		exampleWatchlist, err := sentinel.NewWatchlist(ctx, "example", &sentinel.WatchlistArgs{
			Name:                    pulumi.String("example-watchlist"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("example-wl"),
			ItemSearchKey:           pulumi.String("Key"),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewWatchlistItem(ctx, "example", &sentinel.WatchlistItemArgs{
			Name:        pulumi.String("0aac6fa5-223e-49cf-9bfd-3554dc9d2b76"),
			WatchlistId: exampleWatchlist.ID(),
			Properties: pulumi.StringMap{
				"k1": pulumi.String("v1"),
				"k2": pulumi.String("v2"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Watchlist Items can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:sentinel/watchlistItem:WatchlistItem example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/watchlists/list1/watchlistItems/item1 ```

func GetWatchlistItem 

func GetWatchlistItem(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WatchlistItemState, opts ...pulumi.ResourceOption) (*WatchlistItem, error)

GetWatchlistItem gets an existing WatchlistItem resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWatchlistItem 

func NewWatchlistItem(ctx *pulumi.Context,
	name string, args *WatchlistItemArgs, opts ...pulumi.ResourceOption) (*WatchlistItem, error)

NewWatchlistItem registers a new resource with the given unique name, arguments, and options.

func (*WatchlistItem) ElementType 

func (*WatchlistItem) ElementType() reflect.Type

func (*WatchlistItem) ToWatchlistItemOutput 

func (i *WatchlistItem) ToWatchlistItemOutput() WatchlistItemOutput

func (*WatchlistItem) ToWatchlistItemOutputWithContext 

func (i *WatchlistItem) ToWatchlistItemOutputWithContext(ctx context.Context) WatchlistItemOutput

type WatchlistItemArgs 

type WatchlistItemArgs struct {
	// The name in UUID format which should be used for this Sentinel Watchlist Item. Changing this forces a new Sentinel Watchlist Item to be created.
	Name pulumi.StringPtrInput
	// The key value pairs of the Sentinel Watchlist Item.
	Properties pulumi.StringMapInput
	// The ID of the Sentinel Watchlist that this Item resides in. Changing this forces a new Sentinel Watchlist Item to be created.
	WatchlistId pulumi.StringInput
}

The set of arguments for constructing a WatchlistItem resource.

func (WatchlistItemArgs) ElementType 

func (WatchlistItemArgs) ElementType() reflect.Type

type WatchlistItemArray 

type WatchlistItemArray []WatchlistItemInput

func (WatchlistItemArray) ElementType 

func (WatchlistItemArray) ElementType() reflect.Type

func (WatchlistItemArray) ToWatchlistItemArrayOutput 

func (i WatchlistItemArray) ToWatchlistItemArrayOutput() WatchlistItemArrayOutput

func (WatchlistItemArray) ToWatchlistItemArrayOutputWithContext 

func (i WatchlistItemArray) ToWatchlistItemArrayOutputWithContext(ctx context.Context) WatchlistItemArrayOutput

type WatchlistItemArrayInput 

type WatchlistItemArrayInput interface {
	pulumi.Input

	ToWatchlistItemArrayOutput() WatchlistItemArrayOutput
	ToWatchlistItemArrayOutputWithContext(context.Context) WatchlistItemArrayOutput
}

WatchlistItemArrayInput is an input type that accepts WatchlistItemArray and WatchlistItemArrayOutput values. You can construct a concrete instance of `WatchlistItemArrayInput` via: 

WatchlistItemArray{ WatchlistItemArgs{...} }

type WatchlistItemArrayOutput 

type WatchlistItemArrayOutput struct{ *pulumi.OutputState }

func (WatchlistItemArrayOutput) ElementType 

func (WatchlistItemArrayOutput) ElementType() reflect.Type

func (WatchlistItemArrayOutput) Index 

func (o WatchlistItemArrayOutput) Index(i pulumi.IntInput) WatchlistItemOutput

func (WatchlistItemArrayOutput) ToWatchlistItemArrayOutput 

func (o WatchlistItemArrayOutput) ToWatchlistItemArrayOutput() WatchlistItemArrayOutput

func (WatchlistItemArrayOutput) ToWatchlistItemArrayOutputWithContext 

func (o WatchlistItemArrayOutput) ToWatchlistItemArrayOutputWithContext(ctx context.Context) WatchlistItemArrayOutput

type WatchlistItemInput 

type WatchlistItemInput interface {
	pulumi.Input

	ToWatchlistItemOutput() WatchlistItemOutput
	ToWatchlistItemOutputWithContext(ctx context.Context) WatchlistItemOutput
}

type WatchlistItemMap 

type WatchlistItemMap map[string]WatchlistItemInput

func (WatchlistItemMap) ElementType 

func (WatchlistItemMap) ElementType() reflect.Type

func (WatchlistItemMap) ToWatchlistItemMapOutput 

func (i WatchlistItemMap) ToWatchlistItemMapOutput() WatchlistItemMapOutput

func (WatchlistItemMap) ToWatchlistItemMapOutputWithContext 

func (i WatchlistItemMap) ToWatchlistItemMapOutputWithContext(ctx context.Context) WatchlistItemMapOutput

type WatchlistItemMapInput 

type WatchlistItemMapInput interface {
	pulumi.Input

	ToWatchlistItemMapOutput() WatchlistItemMapOutput
	ToWatchlistItemMapOutputWithContext(context.Context) WatchlistItemMapOutput
}

WatchlistItemMapInput is an input type that accepts WatchlistItemMap and WatchlistItemMapOutput values. You can construct a concrete instance of `WatchlistItemMapInput` via: 

WatchlistItemMap{ "key": WatchlistItemArgs{...} }

type WatchlistItemMapOutput 

type WatchlistItemMapOutput struct{ *pulumi.OutputState }

func (WatchlistItemMapOutput) ElementType 

func (WatchlistItemMapOutput) ElementType() reflect.Type

func (WatchlistItemMapOutput) MapIndex 

func (o WatchlistItemMapOutput) MapIndex(k pulumi.StringInput) WatchlistItemOutput

func (WatchlistItemMapOutput) ToWatchlistItemMapOutput 

func (o WatchlistItemMapOutput) ToWatchlistItemMapOutput() WatchlistItemMapOutput

func (WatchlistItemMapOutput) ToWatchlistItemMapOutputWithContext 

func (o WatchlistItemMapOutput) ToWatchlistItemMapOutputWithContext(ctx context.Context) WatchlistItemMapOutput

type WatchlistItemOutput 

type WatchlistItemOutput struct{ *pulumi.OutputState }

func (WatchlistItemOutput) ElementType 

func (WatchlistItemOutput) ElementType() reflect.Type

func (WatchlistItemOutput) Name added in v5.5.0 

func (o WatchlistItemOutput) Name() pulumi.StringOutput

The name in UUID format which should be used for this Sentinel Watchlist Item. Changing this forces a new Sentinel Watchlist Item to be created.

func (WatchlistItemOutput) Properties added in v5.5.0 

func (o WatchlistItemOutput) Properties() pulumi.StringMapOutput

The key value pairs of the Sentinel Watchlist Item.

func (WatchlistItemOutput) ToWatchlistItemOutput 

func (o WatchlistItemOutput) ToWatchlistItemOutput() WatchlistItemOutput

func (WatchlistItemOutput) ToWatchlistItemOutputWithContext 

func (o WatchlistItemOutput) ToWatchlistItemOutputWithContext(ctx context.Context) WatchlistItemOutput

func (WatchlistItemOutput) WatchlistId added in v5.5.0 

func (o WatchlistItemOutput) WatchlistId() pulumi.StringOutput

The ID of the Sentinel Watchlist that this Item resides in. Changing this forces a new Sentinel Watchlist Item to be created.

type WatchlistItemState 

type WatchlistItemState struct {
	// The name in UUID format which should be used for this Sentinel Watchlist Item. Changing this forces a new Sentinel Watchlist Item to be created.
	Name pulumi.StringPtrInput
	// The key value pairs of the Sentinel Watchlist Item.
	Properties pulumi.StringMapInput
	// The ID of the Sentinel Watchlist that this Item resides in. Changing this forces a new Sentinel Watchlist Item to be created.
	WatchlistId pulumi.StringPtrInput
}

func (WatchlistItemState) ElementType 

func (WatchlistItemState) ElementType() reflect.Type

type WatchlistMap 

type WatchlistMap map[string]WatchlistInput

func (WatchlistMap) ElementType 

func (WatchlistMap) ElementType() reflect.Type

func (WatchlistMap) ToWatchlistMapOutput 

func (i WatchlistMap) ToWatchlistMapOutput() WatchlistMapOutput

func (WatchlistMap) ToWatchlistMapOutputWithContext 

func (i WatchlistMap) ToWatchlistMapOutputWithContext(ctx context.Context) WatchlistMapOutput

type WatchlistMapInput 

type WatchlistMapInput interface {
	pulumi.Input

	ToWatchlistMapOutput() WatchlistMapOutput
	ToWatchlistMapOutputWithContext(context.Context) WatchlistMapOutput
}

WatchlistMapInput is an input type that accepts WatchlistMap and WatchlistMapOutput values. You can construct a concrete instance of `WatchlistMapInput` via: 

WatchlistMap{ "key": WatchlistArgs{...} }

type WatchlistMapOutput 

type WatchlistMapOutput struct{ *pulumi.OutputState }

func (WatchlistMapOutput) ElementType 

func (WatchlistMapOutput) ElementType() reflect.Type

func (WatchlistMapOutput) MapIndex 

func (o WatchlistMapOutput) MapIndex(k pulumi.StringInput) WatchlistOutput

func (WatchlistMapOutput) ToWatchlistMapOutput 

func (o WatchlistMapOutput) ToWatchlistMapOutput() WatchlistMapOutput

func (WatchlistMapOutput) ToWatchlistMapOutputWithContext 

func (o WatchlistMapOutput) ToWatchlistMapOutputWithContext(ctx context.Context) WatchlistMapOutput

type WatchlistOutput 

type WatchlistOutput struct{ *pulumi.OutputState }

func (WatchlistOutput) DefaultDuration added in v5.5.0 

func (o WatchlistOutput) DefaultDuration() pulumi.StringPtrOutput

The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) Description added in v5.5.0 

func (o WatchlistOutput) Description() pulumi.StringPtrOutput

The description of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) DisplayName added in v5.5.0 

func (o WatchlistOutput) DisplayName() pulumi.StringOutput

The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) ElementType 

func (WatchlistOutput) ElementType() reflect.Type

func (WatchlistOutput) ItemSearchKey added in v5.5.0 

func (o WatchlistOutput) ItemSearchKey() pulumi.StringOutput

The key used to optimize query performance when using Watchlist for joins with other data. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) Labels added in v5.5.0 

func (o WatchlistOutput) Labels() pulumi.StringArrayOutput

Specifies a list of labels related to this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) LogAnalyticsWorkspaceId added in v5.5.0 

func (o WatchlistOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace where this Sentinel Watchlist resides in. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) Name added in v5.5.0 

func (o WatchlistOutput) Name() pulumi.StringOutput

The name which should be used for this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) ToWatchlistOutput 

func (o WatchlistOutput) ToWatchlistOutput() WatchlistOutput

func (WatchlistOutput) ToWatchlistOutputWithContext 

func (o WatchlistOutput) ToWatchlistOutputWithContext(ctx context.Context) WatchlistOutput

type WatchlistState 

type WatchlistState struct {
	// The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DefaultDuration pulumi.StringPtrInput
	// The description of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Description pulumi.StringPtrInput
	// The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DisplayName pulumi.StringPtrInput
	// The key used to optimize query performance when using Watchlist for joins with other data. Changing this forces a new Sentinel Watchlist to be created.
	ItemSearchKey pulumi.StringPtrInput
	// Specifies a list of labels related to this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Labels pulumi.StringArrayInput
	// The ID of the Log Analytics Workspace where this Sentinel Watchlist resides in. Changing this forces a new Sentinel Watchlist to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Name pulumi.StringPtrInput
}

func (WatchlistState) ElementType 

func (WatchlistState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.