sentinel

package
v4.42.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 15, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AlertRuleFusion 

type AlertRuleFusion struct {
	pulumi.CustomResourceState

	// The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringOutput `pulumi:"alertRuleTemplateGuid"`
	// Should this Sentinel Fusion Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a Sentinel Fusion Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("pergb2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleFusion(ctx, "exampleAlertRuleFusion", &sentinel.AlertRuleFusionArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			AlertRuleTemplateGuid:   pulumi.String("f71aba3d-28fb-450b-b192-4e76a83015c8"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Fusion Alert Rules can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/alertRuleFusion:AlertRuleFusion example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1

```

func GetAlertRuleFusion 

func GetAlertRuleFusion(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleFusionState, opts ...pulumi.ResourceOption) (*AlertRuleFusion, error)

GetAlertRuleFusion gets an existing AlertRuleFusion resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleFusion 

func NewAlertRuleFusion(ctx *pulumi.Context,
	name string, args *AlertRuleFusionArgs, opts ...pulumi.ResourceOption) (*AlertRuleFusion, error)

NewAlertRuleFusion registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleFusion) ElementType 

func (*AlertRuleFusion) ElementType() reflect.Type

func (*AlertRuleFusion) ToAlertRuleFusionOutput 

func (i *AlertRuleFusion) ToAlertRuleFusionOutput() AlertRuleFusionOutput

func (*AlertRuleFusion) ToAlertRuleFusionOutputWithContext 

func (i *AlertRuleFusion) ToAlertRuleFusionOutputWithContext(ctx context.Context) AlertRuleFusionOutput

type AlertRuleFusionArgs 

type AlertRuleFusionArgs struct {
	// The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringInput
	// Should this Sentinel Fusion Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a AlertRuleFusion resource.

func (AlertRuleFusionArgs) ElementType 

func (AlertRuleFusionArgs) ElementType() reflect.Type

type AlertRuleFusionArray 

type AlertRuleFusionArray []AlertRuleFusionInput

func (AlertRuleFusionArray) ElementType 

func (AlertRuleFusionArray) ElementType() reflect.Type

func (AlertRuleFusionArray) ToAlertRuleFusionArrayOutput 

func (i AlertRuleFusionArray) ToAlertRuleFusionArrayOutput() AlertRuleFusionArrayOutput

func (AlertRuleFusionArray) ToAlertRuleFusionArrayOutputWithContext 

func (i AlertRuleFusionArray) ToAlertRuleFusionArrayOutputWithContext(ctx context.Context) AlertRuleFusionArrayOutput

type AlertRuleFusionArrayInput 

type AlertRuleFusionArrayInput interface {
	pulumi.Input

	ToAlertRuleFusionArrayOutput() AlertRuleFusionArrayOutput
	ToAlertRuleFusionArrayOutputWithContext(context.Context) AlertRuleFusionArrayOutput
}

AlertRuleFusionArrayInput is an input type that accepts AlertRuleFusionArray and AlertRuleFusionArrayOutput values. You can construct a concrete instance of `AlertRuleFusionArrayInput` via: 

AlertRuleFusionArray{ AlertRuleFusionArgs{...} }

type AlertRuleFusionArrayOutput 

type AlertRuleFusionArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionArrayOutput) ElementType 

func (AlertRuleFusionArrayOutput) ElementType() reflect.Type

func (AlertRuleFusionArrayOutput) Index 

func (o AlertRuleFusionArrayOutput) Index(i pulumi.IntInput) AlertRuleFusionOutput

func (AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutput 

func (o AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutput() AlertRuleFusionArrayOutput

func (AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutputWithContext 

func (o AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutputWithContext(ctx context.Context) AlertRuleFusionArrayOutput

type AlertRuleFusionInput 

type AlertRuleFusionInput interface {
	pulumi.Input

	ToAlertRuleFusionOutput() AlertRuleFusionOutput
	ToAlertRuleFusionOutputWithContext(ctx context.Context) AlertRuleFusionOutput
}

type AlertRuleFusionMap 

type AlertRuleFusionMap map[string]AlertRuleFusionInput

func (AlertRuleFusionMap) ElementType 

func (AlertRuleFusionMap) ElementType() reflect.Type

func (AlertRuleFusionMap) ToAlertRuleFusionMapOutput 

func (i AlertRuleFusionMap) ToAlertRuleFusionMapOutput() AlertRuleFusionMapOutput

func (AlertRuleFusionMap) ToAlertRuleFusionMapOutputWithContext 

func (i AlertRuleFusionMap) ToAlertRuleFusionMapOutputWithContext(ctx context.Context) AlertRuleFusionMapOutput

type AlertRuleFusionMapInput 

type AlertRuleFusionMapInput interface {
	pulumi.Input

	ToAlertRuleFusionMapOutput() AlertRuleFusionMapOutput
	ToAlertRuleFusionMapOutputWithContext(context.Context) AlertRuleFusionMapOutput
}

AlertRuleFusionMapInput is an input type that accepts AlertRuleFusionMap and AlertRuleFusionMapOutput values. You can construct a concrete instance of `AlertRuleFusionMapInput` via: 

AlertRuleFusionMap{ "key": AlertRuleFusionArgs{...} }

type AlertRuleFusionMapOutput 

type AlertRuleFusionMapOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionMapOutput) ElementType 

func (AlertRuleFusionMapOutput) ElementType() reflect.Type

func (AlertRuleFusionMapOutput) MapIndex 

func (o AlertRuleFusionMapOutput) MapIndex(k pulumi.StringInput) AlertRuleFusionOutput

func (AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutput 

func (o AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutput() AlertRuleFusionMapOutput

func (AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutputWithContext 

func (o AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutputWithContext(ctx context.Context) AlertRuleFusionMapOutput

type AlertRuleFusionOutput 

type AlertRuleFusionOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionOutput) ElementType 

func (AlertRuleFusionOutput) ElementType() reflect.Type

func (AlertRuleFusionOutput) ToAlertRuleFusionOutput 

func (o AlertRuleFusionOutput) ToAlertRuleFusionOutput() AlertRuleFusionOutput

func (AlertRuleFusionOutput) ToAlertRuleFusionOutputWithContext 

func (o AlertRuleFusionOutput) ToAlertRuleFusionOutputWithContext(ctx context.Context) AlertRuleFusionOutput

type AlertRuleFusionState 

type AlertRuleFusionState struct {
	// The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// Should this Sentinel Fusion Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	Name pulumi.StringPtrInput
}

func (AlertRuleFusionState) ElementType 

func (AlertRuleFusionState) ElementType() reflect.Type

type AlertRuleMachineLearningBehaviorAnalytics added in v4.3.0 

type AlertRuleMachineLearningBehaviorAnalytics struct {
	pulumi.CustomResourceState

	// The GUID of the alert rule template which is used for this Sentinel Machine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringOutput `pulumi:"alertRuleTemplateGuid"`
	// Should this Sentinel Machine Learning Behavior Analytics Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The ID of the Log Analytics Workspace this SentinelMachine Learning Behavior Analytics Alert Rule belongs to. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this SentinelMachine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a Sentinel Machine Learning Behavior Analytics Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("pergb2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleMachineLearningBehaviorAnalytics(ctx, "exampleAlertRuleMachineLearningBehaviorAnalytics", &sentinel.AlertRuleMachineLearningBehaviorAnalyticsArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			AlertRuleTemplateGuid:   pulumi.String("737a2ce1-70a3-4968-9e90-3e6aca836abf"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Machine Learning Behavior Analytics Rules can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/alertRuleMachineLearningBehaviorAnalytics:AlertRuleMachineLearningBehaviorAnalytics example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1

```

func GetAlertRuleMachineLearningBehaviorAnalytics added in v4.3.0 

func GetAlertRuleMachineLearningBehaviorAnalytics(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleMachineLearningBehaviorAnalyticsState, opts ...pulumi.ResourceOption) (*AlertRuleMachineLearningBehaviorAnalytics, error)

GetAlertRuleMachineLearningBehaviorAnalytics gets an existing AlertRuleMachineLearningBehaviorAnalytics resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleMachineLearningBehaviorAnalytics added in v4.3.0 

func NewAlertRuleMachineLearningBehaviorAnalytics(ctx *pulumi.Context,
	name string, args *AlertRuleMachineLearningBehaviorAnalyticsArgs, opts ...pulumi.ResourceOption) (*AlertRuleMachineLearningBehaviorAnalytics, error)

NewAlertRuleMachineLearningBehaviorAnalytics registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleMachineLearningBehaviorAnalytics) ElementType added in v4.3.0 

func (*AlertRuleMachineLearningBehaviorAnalytics) ElementType() reflect.Type

func (*AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutput added in v4.3.0 

func (i *AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutput() AlertRuleMachineLearningBehaviorAnalyticsOutput

func (*AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext added in v4.3.0 

func (i *AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsOutput

type AlertRuleMachineLearningBehaviorAnalyticsArgs added in v4.3.0 

type AlertRuleMachineLearningBehaviorAnalyticsArgs struct {
	// The GUID of the alert rule template which is used for this Sentinel Machine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringInput
	// Should this Sentinel Machine Learning Behavior Analytics Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this SentinelMachine Learning Behavior Analytics Alert Rule belongs to. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this SentinelMachine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a AlertRuleMachineLearningBehaviorAnalytics resource.

func (AlertRuleMachineLearningBehaviorAnalyticsArgs) ElementType added in v4.3.0 

func (AlertRuleMachineLearningBehaviorAnalyticsArgs) ElementType() reflect.Type

type AlertRuleMachineLearningBehaviorAnalyticsArray added in v4.3.0 

type AlertRuleMachineLearningBehaviorAnalyticsArray []AlertRuleMachineLearningBehaviorAnalyticsInput

func (AlertRuleMachineLearningBehaviorAnalyticsArray) ElementType added in v4.3.0 

func (AlertRuleMachineLearningBehaviorAnalyticsArray) ElementType() reflect.Type

func (AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput added in v4.3.0 

func (i AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput() AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

func (AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext added in v4.3.0 

func (i AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

type AlertRuleMachineLearningBehaviorAnalyticsArrayInput added in v4.3.0 

type AlertRuleMachineLearningBehaviorAnalyticsArrayInput interface {
	pulumi.Input

	ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput() AlertRuleMachineLearningBehaviorAnalyticsArrayOutput
	ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext(context.Context) AlertRuleMachineLearningBehaviorAnalyticsArrayOutput
}

AlertRuleMachineLearningBehaviorAnalyticsArrayInput is an input type that accepts AlertRuleMachineLearningBehaviorAnalyticsArray and AlertRuleMachineLearningBehaviorAnalyticsArrayOutput values. You can construct a concrete instance of `AlertRuleMachineLearningBehaviorAnalyticsArrayInput` via: 

AlertRuleMachineLearningBehaviorAnalyticsArray{ AlertRuleMachineLearningBehaviorAnalyticsArgs{...} }

type AlertRuleMachineLearningBehaviorAnalyticsArrayOutput added in v4.3.0 

type AlertRuleMachineLearningBehaviorAnalyticsArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ElementType added in v4.3.0 

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ElementType() reflect.Type

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) Index added in v4.3.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) Index(i pulumi.IntInput) AlertRuleMachineLearningBehaviorAnalyticsOutput

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput added in v4.3.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput() AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext added in v4.3.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

type AlertRuleMachineLearningBehaviorAnalyticsInput added in v4.3.0 

type AlertRuleMachineLearningBehaviorAnalyticsInput interface {
	pulumi.Input

	ToAlertRuleMachineLearningBehaviorAnalyticsOutput() AlertRuleMachineLearningBehaviorAnalyticsOutput
	ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsOutput
}

type AlertRuleMachineLearningBehaviorAnalyticsMap added in v4.3.0 

type AlertRuleMachineLearningBehaviorAnalyticsMap map[string]AlertRuleMachineLearningBehaviorAnalyticsInput

func (AlertRuleMachineLearningBehaviorAnalyticsMap) ElementType added in v4.3.0 

func (AlertRuleMachineLearningBehaviorAnalyticsMap) ElementType() reflect.Type

func (AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput added in v4.3.0 

func (i AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput() AlertRuleMachineLearningBehaviorAnalyticsMapOutput

func (AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext added in v4.3.0 

func (i AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsMapOutput

type AlertRuleMachineLearningBehaviorAnalyticsMapInput added in v4.3.0 

type AlertRuleMachineLearningBehaviorAnalyticsMapInput interface {
	pulumi.Input

	ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput() AlertRuleMachineLearningBehaviorAnalyticsMapOutput
	ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext(context.Context) AlertRuleMachineLearningBehaviorAnalyticsMapOutput
}

AlertRuleMachineLearningBehaviorAnalyticsMapInput is an input type that accepts AlertRuleMachineLearningBehaviorAnalyticsMap and AlertRuleMachineLearningBehaviorAnalyticsMapOutput values. You can construct a concrete instance of `AlertRuleMachineLearningBehaviorAnalyticsMapInput` via: 

AlertRuleMachineLearningBehaviorAnalyticsMap{ "key": AlertRuleMachineLearningBehaviorAnalyticsArgs{...} }

type AlertRuleMachineLearningBehaviorAnalyticsMapOutput added in v4.3.0 

type AlertRuleMachineLearningBehaviorAnalyticsMapOutput struct{ *pulumi.OutputState }

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ElementType added in v4.3.0 

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ElementType() reflect.Type

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) MapIndex added in v4.3.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsMapOutput) MapIndex(k pulumi.StringInput) AlertRuleMachineLearningBehaviorAnalyticsOutput

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput added in v4.3.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput() AlertRuleMachineLearningBehaviorAnalyticsMapOutput

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext added in v4.3.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsMapOutput

type AlertRuleMachineLearningBehaviorAnalyticsOutput added in v4.3.0 

type AlertRuleMachineLearningBehaviorAnalyticsOutput struct{ *pulumi.OutputState }

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) ElementType added in v4.3.0 

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) ElementType() reflect.Type

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutput added in v4.3.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutput() AlertRuleMachineLearningBehaviorAnalyticsOutput

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext added in v4.3.0 

func (o AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsOutput

type AlertRuleMachineLearningBehaviorAnalyticsState added in v4.3.0 

type AlertRuleMachineLearningBehaviorAnalyticsState struct {
	// The GUID of the alert rule template which is used for this Sentinel Machine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// Should this Sentinel Machine Learning Behavior Analytics Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this SentinelMachine Learning Behavior Analytics Alert Rule belongs to. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this SentinelMachine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	Name pulumi.StringPtrInput
}

func (AlertRuleMachineLearningBehaviorAnalyticsState) ElementType added in v4.3.0 

func (AlertRuleMachineLearningBehaviorAnalyticsState) ElementType() reflect.Type

type AlertRuleMsSecurityIncident 

type AlertRuleMsSecurityIncident struct {
	pulumi.CustomResourceState

	// The GUID of the alert rule template which is used to create this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrOutput `pulumi:"alertRuleTemplateGuid"`
	// The description of this Sentinel MS Security Incident Alert Rule.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The friendly name of this Sentinel MS Security Incident Alert Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Only create incidents when the alert display name doesn't contain text from this list.
	DisplayNameExcludeFilters pulumi.StringArrayOutput `pulumi:"displayNameExcludeFilters"`
	// Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.
	DisplayNameFilters pulumi.StringArrayOutput `pulumi:"displayNameFilters"`
	// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT`, `Microsoft Cloud App Security`, `Microsoft Defender Advanced Threat Protection` and `Office 365 Advanced Threat Protection`.
	ProductFilter pulumi.StringOutput `pulumi:"productFilter"`
	// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
	SeverityFilters pulumi.StringArrayOutput `pulumi:"severityFilters"`
	// Deprecated: this property has been renamed to display_name_filter to better match the SDK & API
	TextWhitelists pulumi.StringArrayOutput `pulumi:"textWhitelists"`
}

Manages a Sentinel MS Security Incident Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("pergb2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleMsSecurityIncident(ctx, "exampleAlertRuleMsSecurityIncident", &sentinel.AlertRuleMsSecurityIncidentArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			ProductFilter:           pulumi.String("Microsoft Cloud App Security"),
			DisplayName:             pulumi.String("example rule"),
			SeverityFilters: pulumi.StringArray{
				pulumi.String("High"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel MS Security Incident Alert Rules can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/alertRuleMsSecurityIncident:AlertRuleMsSecurityIncident example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1

```

func GetAlertRuleMsSecurityIncident 

func GetAlertRuleMsSecurityIncident(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleMsSecurityIncidentState, opts ...pulumi.ResourceOption) (*AlertRuleMsSecurityIncident, error)

GetAlertRuleMsSecurityIncident gets an existing AlertRuleMsSecurityIncident resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleMsSecurityIncident 

func NewAlertRuleMsSecurityIncident(ctx *pulumi.Context,
	name string, args *AlertRuleMsSecurityIncidentArgs, opts ...pulumi.ResourceOption) (*AlertRuleMsSecurityIncident, error)

NewAlertRuleMsSecurityIncident registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleMsSecurityIncident) ElementType 

func (*AlertRuleMsSecurityIncident) ElementType() reflect.Type

func (*AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutput 

func (i *AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutput() AlertRuleMsSecurityIncidentOutput

func (*AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutputWithContext 

func (i *AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentOutput

type AlertRuleMsSecurityIncidentArgs 

type AlertRuleMsSecurityIncidentArgs struct {
	// The GUID of the alert rule template which is used to create this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The description of this Sentinel MS Security Incident Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel MS Security Incident Alert Rule.
	DisplayName pulumi.StringInput
	// Only create incidents when the alert display name doesn't contain text from this list.
	DisplayNameExcludeFilters pulumi.StringArrayInput
	// Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.
	DisplayNameFilters pulumi.StringArrayInput
	// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT`, `Microsoft Cloud App Security`, `Microsoft Defender Advanced Threat Protection` and `Office 365 Advanced Threat Protection`.
	ProductFilter pulumi.StringInput
	// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
	SeverityFilters pulumi.StringArrayInput
	// Deprecated: this property has been renamed to display_name_filter to better match the SDK & API
	TextWhitelists pulumi.StringArrayInput
}

The set of arguments for constructing a AlertRuleMsSecurityIncident resource.

func (AlertRuleMsSecurityIncidentArgs) ElementType 

func (AlertRuleMsSecurityIncidentArgs) ElementType() reflect.Type

type AlertRuleMsSecurityIncidentArray 

type AlertRuleMsSecurityIncidentArray []AlertRuleMsSecurityIncidentInput

func (AlertRuleMsSecurityIncidentArray) ElementType 

func (AlertRuleMsSecurityIncidentArray) ElementType() reflect.Type

func (AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutput 

func (i AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutput() AlertRuleMsSecurityIncidentArrayOutput

func (AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutputWithContext 

func (i AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentArrayOutput

type AlertRuleMsSecurityIncidentArrayInput 

type AlertRuleMsSecurityIncidentArrayInput interface {
	pulumi.Input

	ToAlertRuleMsSecurityIncidentArrayOutput() AlertRuleMsSecurityIncidentArrayOutput
	ToAlertRuleMsSecurityIncidentArrayOutputWithContext(context.Context) AlertRuleMsSecurityIncidentArrayOutput
}

AlertRuleMsSecurityIncidentArrayInput is an input type that accepts AlertRuleMsSecurityIncidentArray and AlertRuleMsSecurityIncidentArrayOutput values. You can construct a concrete instance of `AlertRuleMsSecurityIncidentArrayInput` via: 

AlertRuleMsSecurityIncidentArray{ AlertRuleMsSecurityIncidentArgs{...} }

type AlertRuleMsSecurityIncidentArrayOutput 

type AlertRuleMsSecurityIncidentArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleMsSecurityIncidentArrayOutput) ElementType 

func (AlertRuleMsSecurityIncidentArrayOutput) ElementType() reflect.Type

func (AlertRuleMsSecurityIncidentArrayOutput) Index 

func (o AlertRuleMsSecurityIncidentArrayOutput) Index(i pulumi.IntInput) AlertRuleMsSecurityIncidentOutput

func (AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutput 

func (o AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutput() AlertRuleMsSecurityIncidentArrayOutput

func (AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutputWithContext 

func (o AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentArrayOutput

type AlertRuleMsSecurityIncidentInput 

type AlertRuleMsSecurityIncidentInput interface {
	pulumi.Input

	ToAlertRuleMsSecurityIncidentOutput() AlertRuleMsSecurityIncidentOutput
	ToAlertRuleMsSecurityIncidentOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentOutput
}

type AlertRuleMsSecurityIncidentMap 

type AlertRuleMsSecurityIncidentMap map[string]AlertRuleMsSecurityIncidentInput

func (AlertRuleMsSecurityIncidentMap) ElementType 

func (AlertRuleMsSecurityIncidentMap) ElementType() reflect.Type

func (AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutput 

func (i AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutput() AlertRuleMsSecurityIncidentMapOutput

func (AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutputWithContext 

func (i AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentMapOutput

type AlertRuleMsSecurityIncidentMapInput 

type AlertRuleMsSecurityIncidentMapInput interface {
	pulumi.Input

	ToAlertRuleMsSecurityIncidentMapOutput() AlertRuleMsSecurityIncidentMapOutput
	ToAlertRuleMsSecurityIncidentMapOutputWithContext(context.Context) AlertRuleMsSecurityIncidentMapOutput
}

AlertRuleMsSecurityIncidentMapInput is an input type that accepts AlertRuleMsSecurityIncidentMap and AlertRuleMsSecurityIncidentMapOutput values. You can construct a concrete instance of `AlertRuleMsSecurityIncidentMapInput` via: 

AlertRuleMsSecurityIncidentMap{ "key": AlertRuleMsSecurityIncidentArgs{...} }

type AlertRuleMsSecurityIncidentMapOutput 

type AlertRuleMsSecurityIncidentMapOutput struct{ *pulumi.OutputState }

func (AlertRuleMsSecurityIncidentMapOutput) ElementType 

func (AlertRuleMsSecurityIncidentMapOutput) ElementType() reflect.Type

func (AlertRuleMsSecurityIncidentMapOutput) MapIndex 

func (o AlertRuleMsSecurityIncidentMapOutput) MapIndex(k pulumi.StringInput) AlertRuleMsSecurityIncidentOutput

func (AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutput 

func (o AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutput() AlertRuleMsSecurityIncidentMapOutput

func (AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutputWithContext 

func (o AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentMapOutput

type AlertRuleMsSecurityIncidentOutput 

type AlertRuleMsSecurityIncidentOutput struct{ *pulumi.OutputState }

func (AlertRuleMsSecurityIncidentOutput) ElementType 

func (AlertRuleMsSecurityIncidentOutput) ElementType() reflect.Type

func (AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutput 

func (o AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutput() AlertRuleMsSecurityIncidentOutput

func (AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutputWithContext 

func (o AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentOutput

type AlertRuleMsSecurityIncidentState 

type AlertRuleMsSecurityIncidentState struct {
	// The GUID of the alert rule template which is used to create this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The description of this Sentinel MS Security Incident Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel MS Security Incident Alert Rule.
	DisplayName pulumi.StringPtrInput
	// Only create incidents when the alert display name doesn't contain text from this list.
	DisplayNameExcludeFilters pulumi.StringArrayInput
	// Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.
	DisplayNameFilters pulumi.StringArrayInput
	// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT`, `Microsoft Cloud App Security`, `Microsoft Defender Advanced Threat Protection` and `Office 365 Advanced Threat Protection`.
	ProductFilter pulumi.StringPtrInput
	// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
	SeverityFilters pulumi.StringArrayInput
	// Deprecated: this property has been renamed to display_name_filter to better match the SDK & API
	TextWhitelists pulumi.StringArrayInput
}

func (AlertRuleMsSecurityIncidentState) ElementType 

func (AlertRuleMsSecurityIncidentState) ElementType() reflect.Type

type AlertRuleScheduled 

type AlertRuleScheduled struct {
	pulumi.CustomResourceState

	// The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrOutput `pulumi:"alertRuleTemplateGuid"`
	// The description of this Sentinel Scheduled Alert Rule.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The friendly name of this Sentinel Scheduled Alert Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// A `eventGrouping` block as defined below.
	EventGrouping AlertRuleScheduledEventGroupingPtrOutput `pulumi:"eventGrouping"`
	// A `incidentConfiguration` block as defined below.
	IncidentConfiguration AlertRuleScheduledIncidentConfigurationOutput `pulumi:"incidentConfiguration"`
	// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The query of this Sentinel Scheduled Alert Rule.
	Query pulumi.StringOutput `pulumi:"query"`
	// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
	QueryFrequency pulumi.StringPtrOutput `pulumi:"queryFrequency"`
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
	QueryPeriod pulumi.StringPtrOutput `pulumi:"queryPeriod"`
	// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringOutput `pulumi:"severity"`
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	SuppressionDuration pulumi.StringPtrOutput `pulumi:"suppressionDuration"`
	// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrOutput `pulumi:"suppressionEnabled"`
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence` and `PrivilegeEscalation`.
	Tactics pulumi.StringArrayOutput `pulumi:"tactics"`
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`.
	TriggerOperator pulumi.StringPtrOutput `pulumi:"triggerOperator"`
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule.
	TriggerThreshold pulumi.IntPtrOutput `pulumi:"triggerThreshold"`
}

Manages a Sentinel Scheduled Alert Rule.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("pergb2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleScheduled(ctx, "exampleAlertRuleScheduled", &sentinel.AlertRuleScheduledArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			DisplayName:             pulumi.String("example"),
			Severity:                pulumi.String("High"),
			Query:                   pulumi.String(fmt.Sprintf("%v%v%v%v", "AzureActivity |\n", "  where OperationName == \"Create or Update Virtual Machine\" or OperationName ==\"Create Deployment\" |\n", "  where ActivityStatus == \"Succeeded\" |\n", "  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Scheduled Alert Rules can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/alertRuleScheduled:AlertRuleScheduled example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1

```

func GetAlertRuleScheduled 

func GetAlertRuleScheduled(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleScheduledState, opts ...pulumi.ResourceOption) (*AlertRuleScheduled, error)

GetAlertRuleScheduled gets an existing AlertRuleScheduled resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleScheduled 

func NewAlertRuleScheduled(ctx *pulumi.Context,
	name string, args *AlertRuleScheduledArgs, opts ...pulumi.ResourceOption) (*AlertRuleScheduled, error)

NewAlertRuleScheduled registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleScheduled) ElementType 

func (*AlertRuleScheduled) ElementType() reflect.Type

func (*AlertRuleScheduled) ToAlertRuleScheduledOutput 

func (i *AlertRuleScheduled) ToAlertRuleScheduledOutput() AlertRuleScheduledOutput

func (*AlertRuleScheduled) ToAlertRuleScheduledOutputWithContext 

func (i *AlertRuleScheduled) ToAlertRuleScheduledOutputWithContext(ctx context.Context) AlertRuleScheduledOutput

type AlertRuleScheduledArgs 

type AlertRuleScheduledArgs struct {
	// The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The description of this Sentinel Scheduled Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel Scheduled Alert Rule.
	DisplayName pulumi.StringInput
	// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// A `eventGrouping` block as defined below.
	EventGrouping AlertRuleScheduledEventGroupingPtrInput
	// A `incidentConfiguration` block as defined below.
	IncidentConfiguration AlertRuleScheduledIncidentConfigurationPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The query of this Sentinel Scheduled Alert Rule.
	Query pulumi.StringInput
	// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
	QueryFrequency pulumi.StringPtrInput
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
	QueryPeriod pulumi.StringPtrInput
	// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringInput
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	SuppressionDuration pulumi.StringPtrInput
	// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrInput
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence` and `PrivilegeEscalation`.
	Tactics pulumi.StringArrayInput
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`.
	TriggerOperator pulumi.StringPtrInput
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule.
	TriggerThreshold pulumi.IntPtrInput
}

The set of arguments for constructing a AlertRuleScheduled resource.

func (AlertRuleScheduledArgs) ElementType 

func (AlertRuleScheduledArgs) ElementType() reflect.Type

type AlertRuleScheduledArray 

type AlertRuleScheduledArray []AlertRuleScheduledInput

func (AlertRuleScheduledArray) ElementType 

func (AlertRuleScheduledArray) ElementType() reflect.Type

func (AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutput 

func (i AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutput() AlertRuleScheduledArrayOutput

func (AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutputWithContext 

func (i AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutputWithContext(ctx context.Context) AlertRuleScheduledArrayOutput

type AlertRuleScheduledArrayInput 

type AlertRuleScheduledArrayInput interface {
	pulumi.Input

	ToAlertRuleScheduledArrayOutput() AlertRuleScheduledArrayOutput
	ToAlertRuleScheduledArrayOutputWithContext(context.Context) AlertRuleScheduledArrayOutput
}

AlertRuleScheduledArrayInput is an input type that accepts AlertRuleScheduledArray and AlertRuleScheduledArrayOutput values. You can construct a concrete instance of `AlertRuleScheduledArrayInput` via: 

AlertRuleScheduledArray{ AlertRuleScheduledArgs{...} }

type AlertRuleScheduledArrayOutput 

type AlertRuleScheduledArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledArrayOutput) ElementType 

func (AlertRuleScheduledArrayOutput) ElementType() reflect.Type

func (AlertRuleScheduledArrayOutput) Index 

func (o AlertRuleScheduledArrayOutput) Index(i pulumi.IntInput) AlertRuleScheduledOutput

func (AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutput 

func (o AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutput() AlertRuleScheduledArrayOutput

func (AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutputWithContext 

func (o AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutputWithContext(ctx context.Context) AlertRuleScheduledArrayOutput

type AlertRuleScheduledEventGrouping 

type AlertRuleScheduledEventGrouping struct {
	// The aggregation type of grouping the events.
	AggregationMethod string `pulumi:"aggregationMethod"`
}

type AlertRuleScheduledEventGroupingArgs 

type AlertRuleScheduledEventGroupingArgs struct {
	// The aggregation type of grouping the events.
	AggregationMethod pulumi.StringInput `pulumi:"aggregationMethod"`
}

func (AlertRuleScheduledEventGroupingArgs) ElementType 

func (AlertRuleScheduledEventGroupingArgs) ElementType() reflect.Type

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutput 

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutput() AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutputWithContext 

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutput 

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutputWithContext 

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingPtrOutput

type AlertRuleScheduledEventGroupingInput 

type AlertRuleScheduledEventGroupingInput interface {
	pulumi.Input

	ToAlertRuleScheduledEventGroupingOutput() AlertRuleScheduledEventGroupingOutput
	ToAlertRuleScheduledEventGroupingOutputWithContext(context.Context) AlertRuleScheduledEventGroupingOutput
}

AlertRuleScheduledEventGroupingInput is an input type that accepts AlertRuleScheduledEventGroupingArgs and AlertRuleScheduledEventGroupingOutput values. You can construct a concrete instance of `AlertRuleScheduledEventGroupingInput` via: 

AlertRuleScheduledEventGroupingArgs{...}

type AlertRuleScheduledEventGroupingOutput 

type AlertRuleScheduledEventGroupingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEventGroupingOutput) AggregationMethod 

func (o AlertRuleScheduledEventGroupingOutput) AggregationMethod() pulumi.StringOutput

The aggregation type of grouping the events.

func (AlertRuleScheduledEventGroupingOutput) ElementType 

func (AlertRuleScheduledEventGroupingOutput) ElementType() reflect.Type

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutput 

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutput() AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutputWithContext 

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutput 

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext 

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingPtrOutput

type AlertRuleScheduledEventGroupingPtrInput 

type AlertRuleScheduledEventGroupingPtrInput interface {
	pulumi.Input

	ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput
	ToAlertRuleScheduledEventGroupingPtrOutputWithContext(context.Context) AlertRuleScheduledEventGroupingPtrOutput
}

AlertRuleScheduledEventGroupingPtrInput is an input type that accepts AlertRuleScheduledEventGroupingArgs, AlertRuleScheduledEventGroupingPtr and AlertRuleScheduledEventGroupingPtrOutput values. You can construct a concrete instance of `AlertRuleScheduledEventGroupingPtrInput` via: 

        AlertRuleScheduledEventGroupingArgs{...}

or:

        nil

func AlertRuleScheduledEventGroupingPtr 

func AlertRuleScheduledEventGroupingPtr(v *AlertRuleScheduledEventGroupingArgs) AlertRuleScheduledEventGroupingPtrInput

type AlertRuleScheduledEventGroupingPtrOutput 

type AlertRuleScheduledEventGroupingPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEventGroupingPtrOutput) AggregationMethod 

func (o AlertRuleScheduledEventGroupingPtrOutput) AggregationMethod() pulumi.StringPtrOutput

The aggregation type of grouping the events.

func (AlertRuleScheduledEventGroupingPtrOutput) Elem 

func (o AlertRuleScheduledEventGroupingPtrOutput) Elem() AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingPtrOutput) ElementType 

func (AlertRuleScheduledEventGroupingPtrOutput) ElementType() reflect.Type

func (AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutput 

func (o AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput

func (AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext 

func (o AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingPtrOutput

type AlertRuleScheduledIncidentConfiguration 

type AlertRuleScheduledIncidentConfiguration struct {
	// Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?
	CreateIncident bool `pulumi:"createIncident"`
	// A `grouping` block as defined below.
	Grouping AlertRuleScheduledIncidentConfigurationGrouping `pulumi:"grouping"`
}

type AlertRuleScheduledIncidentConfigurationArgs 

type AlertRuleScheduledIncidentConfigurationArgs struct {
	// Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?
	CreateIncident pulumi.BoolInput `pulumi:"createIncident"`
	// A `grouping` block as defined below.
	Grouping AlertRuleScheduledIncidentConfigurationGroupingInput `pulumi:"grouping"`
}

func (AlertRuleScheduledIncidentConfigurationArgs) ElementType 

func (AlertRuleScheduledIncidentConfigurationArgs) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutput 

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutput() AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutputWithContext 

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutput 

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext 

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput

type AlertRuleScheduledIncidentConfigurationGrouping 

type AlertRuleScheduledIncidentConfigurationGrouping struct {
	// Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.
	Enabled *bool `pulumi:"enabled"`
	// The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.
	EntityMatchingMethod *string `pulumi:"entityMatchingMethod"`
	// A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	GroupBies []string `pulumi:"groupBies"`
	// Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.
	LookbackDuration *string `pulumi:"lookbackDuration"`
	// Whether to re-open closed matching incidents? Defaults to `false`.
	ReopenClosedIncidents *bool `pulumi:"reopenClosedIncidents"`
}

type AlertRuleScheduledIncidentConfigurationGroupingArgs 

type AlertRuleScheduledIncidentConfigurationGroupingArgs struct {
	// Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.
	Enabled pulumi.BoolPtrInput `pulumi:"enabled"`
	// The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.
	EntityMatchingMethod pulumi.StringPtrInput `pulumi:"entityMatchingMethod"`
	// A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	GroupBies pulumi.StringArrayInput `pulumi:"groupBies"`
	// Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.
	LookbackDuration pulumi.StringPtrInput `pulumi:"lookbackDuration"`
	// Whether to re-open closed matching incidents? Defaults to `false`.
	ReopenClosedIncidents pulumi.BoolPtrInput `pulumi:"reopenClosedIncidents"`
}

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ElementType 

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutput 

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutput() AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext 

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput 

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext 

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

type AlertRuleScheduledIncidentConfigurationGroupingInput 

type AlertRuleScheduledIncidentConfigurationGroupingInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationGroupingOutput() AlertRuleScheduledIncidentConfigurationGroupingOutput
	ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationGroupingOutput
}

AlertRuleScheduledIncidentConfigurationGroupingInput is an input type that accepts AlertRuleScheduledIncidentConfigurationGroupingArgs and AlertRuleScheduledIncidentConfigurationGroupingOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationGroupingInput` via: 

AlertRuleScheduledIncidentConfigurationGroupingArgs{...}

type AlertRuleScheduledIncidentConfigurationGroupingOutput 

type AlertRuleScheduledIncidentConfigurationGroupingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ElementType 

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) Enabled 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) Enabled() pulumi.BoolPtrOutput

Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) EntityMatchingMethod 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) EntityMatchingMethod() pulumi.StringPtrOutput

The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) GroupBies 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) GroupBies() pulumi.StringArrayOutput

A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) LookbackDuration 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) LookbackDuration() pulumi.StringPtrOutput

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ReopenClosedIncidents 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ReopenClosedIncidents() pulumi.BoolPtrOutput

Whether to re-open closed matching incidents? Defaults to `false`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingOutput 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingOutput() AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

type AlertRuleScheduledIncidentConfigurationGroupingPtrInput 

type AlertRuleScheduledIncidentConfigurationGroupingPtrInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput
	ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput
}

AlertRuleScheduledIncidentConfigurationGroupingPtrInput is an input type that accepts AlertRuleScheduledIncidentConfigurationGroupingArgs, AlertRuleScheduledIncidentConfigurationGroupingPtr and AlertRuleScheduledIncidentConfigurationGroupingPtrOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationGroupingPtrInput` via: 

        AlertRuleScheduledIncidentConfigurationGroupingArgs{...}

or:

        nil

func AlertRuleScheduledIncidentConfigurationGroupingPtr 

func AlertRuleScheduledIncidentConfigurationGroupingPtr(v *AlertRuleScheduledIncidentConfigurationGroupingArgs) AlertRuleScheduledIncidentConfigurationGroupingPtrInput

type AlertRuleScheduledIncidentConfigurationGroupingPtrOutput 

type AlertRuleScheduledIncidentConfigurationGroupingPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) Elem 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) Elem() AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ElementType 

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) Enabled 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) Enabled() pulumi.BoolPtrOutput

Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) EntityMatchingMethod 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) EntityMatchingMethod() pulumi.StringPtrOutput

The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) GroupBies 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) GroupBies() pulumi.StringArrayOutput

A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) LookbackDuration 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) LookbackDuration() pulumi.StringPtrOutput

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ReopenClosedIncidents 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ReopenClosedIncidents() pulumi.BoolPtrOutput

Whether to re-open closed matching incidents? Defaults to `false`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

type AlertRuleScheduledIncidentConfigurationInput 

type AlertRuleScheduledIncidentConfigurationInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationOutput() AlertRuleScheduledIncidentConfigurationOutput
	ToAlertRuleScheduledIncidentConfigurationOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationOutput
}

AlertRuleScheduledIncidentConfigurationInput is an input type that accepts AlertRuleScheduledIncidentConfigurationArgs and AlertRuleScheduledIncidentConfigurationOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationInput` via: 

AlertRuleScheduledIncidentConfigurationArgs{...}

type AlertRuleScheduledIncidentConfigurationOutput 

type AlertRuleScheduledIncidentConfigurationOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationOutput) CreateIncident 

func (o AlertRuleScheduledIncidentConfigurationOutput) CreateIncident() pulumi.BoolOutput

Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?

func (AlertRuleScheduledIncidentConfigurationOutput) ElementType 

func (AlertRuleScheduledIncidentConfigurationOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationOutput) Grouping 

func (o AlertRuleScheduledIncidentConfigurationOutput) Grouping() AlertRuleScheduledIncidentConfigurationGroupingOutput

A `grouping` block as defined below.

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutput 

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutput() AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput 

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput

type AlertRuleScheduledIncidentConfigurationPtrInput 

type AlertRuleScheduledIncidentConfigurationPtrInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput
	ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput
}

AlertRuleScheduledIncidentConfigurationPtrInput is an input type that accepts AlertRuleScheduledIncidentConfigurationArgs, AlertRuleScheduledIncidentConfigurationPtr and AlertRuleScheduledIncidentConfigurationPtrOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationPtrInput` via: 

        AlertRuleScheduledIncidentConfigurationArgs{...}

or:

        nil

func AlertRuleScheduledIncidentConfigurationPtr 

func AlertRuleScheduledIncidentConfigurationPtr(v *AlertRuleScheduledIncidentConfigurationArgs) AlertRuleScheduledIncidentConfigurationPtrInput

type AlertRuleScheduledIncidentConfigurationPtrOutput 

type AlertRuleScheduledIncidentConfigurationPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationPtrOutput) CreateIncident 

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) CreateIncident() pulumi.BoolPtrOutput

Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?

func (AlertRuleScheduledIncidentConfigurationPtrOutput) Elem 

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) Elem() AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationPtrOutput) ElementType 

func (AlertRuleScheduledIncidentConfigurationPtrOutput) ElementType() reflect.Type

func (AlertRuleScheduledIncidentConfigurationPtrOutput) Grouping 

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) Grouping() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

A `grouping` block as defined below.

func (AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput 

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput

func (AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext 

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput

type AlertRuleScheduledInput 

type AlertRuleScheduledInput interface {
	pulumi.Input

	ToAlertRuleScheduledOutput() AlertRuleScheduledOutput
	ToAlertRuleScheduledOutputWithContext(ctx context.Context) AlertRuleScheduledOutput
}

type AlertRuleScheduledMap 

type AlertRuleScheduledMap map[string]AlertRuleScheduledInput

func (AlertRuleScheduledMap) ElementType 

func (AlertRuleScheduledMap) ElementType() reflect.Type

func (AlertRuleScheduledMap) ToAlertRuleScheduledMapOutput 

func (i AlertRuleScheduledMap) ToAlertRuleScheduledMapOutput() AlertRuleScheduledMapOutput

func (AlertRuleScheduledMap) ToAlertRuleScheduledMapOutputWithContext 

func (i AlertRuleScheduledMap) ToAlertRuleScheduledMapOutputWithContext(ctx context.Context) AlertRuleScheduledMapOutput

type AlertRuleScheduledMapInput 

type AlertRuleScheduledMapInput interface {
	pulumi.Input

	ToAlertRuleScheduledMapOutput() AlertRuleScheduledMapOutput
	ToAlertRuleScheduledMapOutputWithContext(context.Context) AlertRuleScheduledMapOutput
}

AlertRuleScheduledMapInput is an input type that accepts AlertRuleScheduledMap and AlertRuleScheduledMapOutput values. You can construct a concrete instance of `AlertRuleScheduledMapInput` via: 

AlertRuleScheduledMap{ "key": AlertRuleScheduledArgs{...} }

type AlertRuleScheduledMapOutput 

type AlertRuleScheduledMapOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledMapOutput) ElementType 

func (AlertRuleScheduledMapOutput) ElementType() reflect.Type

func (AlertRuleScheduledMapOutput) MapIndex 

func (o AlertRuleScheduledMapOutput) MapIndex(k pulumi.StringInput) AlertRuleScheduledOutput

func (AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutput 

func (o AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutput() AlertRuleScheduledMapOutput

func (AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutputWithContext 

func (o AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutputWithContext(ctx context.Context) AlertRuleScheduledMapOutput

type AlertRuleScheduledOutput 

type AlertRuleScheduledOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledOutput) ElementType 

func (AlertRuleScheduledOutput) ElementType() reflect.Type

func (AlertRuleScheduledOutput) ToAlertRuleScheduledOutput 

func (o AlertRuleScheduledOutput) ToAlertRuleScheduledOutput() AlertRuleScheduledOutput

func (AlertRuleScheduledOutput) ToAlertRuleScheduledOutputWithContext 

func (o AlertRuleScheduledOutput) ToAlertRuleScheduledOutputWithContext(ctx context.Context) AlertRuleScheduledOutput

type AlertRuleScheduledState 

type AlertRuleScheduledState struct {
	// The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The description of this Sentinel Scheduled Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel Scheduled Alert Rule.
	DisplayName pulumi.StringPtrInput
	// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// A `eventGrouping` block as defined below.
	EventGrouping AlertRuleScheduledEventGroupingPtrInput
	// A `incidentConfiguration` block as defined below.
	IncidentConfiguration AlertRuleScheduledIncidentConfigurationPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The query of this Sentinel Scheduled Alert Rule.
	Query pulumi.StringPtrInput
	// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
	QueryFrequency pulumi.StringPtrInput
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
	QueryPeriod pulumi.StringPtrInput
	// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringPtrInput
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	SuppressionDuration pulumi.StringPtrInput
	// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrInput
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence` and `PrivilegeEscalation`.
	Tactics pulumi.StringArrayInput
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`.
	TriggerOperator pulumi.StringPtrInput
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule.
	TriggerThreshold pulumi.IntPtrInput
}

func (AlertRuleScheduledState) ElementType 

func (AlertRuleScheduledState) ElementType() reflect.Type

type AuthomationRule deprecated added in v4.25.0 

type AuthomationRule struct {
	pulumi.CustomResourceState

	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AuthomationRuleActionIncidentArrayOutput `pulumi:"actionIncidents"`
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AuthomationRuleActionPlaybookArrayOutput `pulumi:"actionPlaybooks"`
	// One or more `condition` blocks as defined below.
	Conditions AuthomationRuleConditionArrayOutput `pulumi:"conditions"`
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrOutput `pulumi:"expiration"`
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntOutput `pulumi:"order"`
}

Manages a Sentinel Automation Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("pergb2018"),
		})
		if err != nil {
			return err
		}
		sentinel, err := operationalinsights.NewAnalyticsSolution(ctx, "sentinel", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAutomationRule(ctx, "exampleAutomationRule", &sentinel.AutomationRuleArgs{
			LogAnalyticsWorkspaceId: sentinel.WorkspaceResourceId,
			DisplayName:             pulumi.String("automation_rule1"),
			Order:                   pulumi.Int(1),
			ActionIncidents: sentinel.AutomationRuleActionIncidentArray{
				&sentinel.AutomationRuleActionIncidentArgs{
					Order:  pulumi.Int(1),
					Status: pulumi.String("Active"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Automation Rules can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/authomationRule:AuthomationRule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/AutomationRules/rule1

```

Deprecated: azure.sentinel.AuthomationRule has been deprecated in favor of azure.sentinel.AutomationRule

func GetAuthomationRule added in v4.25.0 

func GetAuthomationRule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthomationRuleState, opts ...pulumi.ResourceOption) (*AuthomationRule, error)

GetAuthomationRule gets an existing AuthomationRule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthomationRule added in v4.25.0 

func NewAuthomationRule(ctx *pulumi.Context,
	name string, args *AuthomationRuleArgs, opts ...pulumi.ResourceOption) (*AuthomationRule, error)

NewAuthomationRule registers a new resource with the given unique name, arguments, and options.

func (*AuthomationRule) ElementType added in v4.25.0 

func (*AuthomationRule) ElementType() reflect.Type

func (*AuthomationRule) ToAuthomationRuleOutput added in v4.25.0 

func (i *AuthomationRule) ToAuthomationRuleOutput() AuthomationRuleOutput

func (*AuthomationRule) ToAuthomationRuleOutputWithContext added in v4.25.0 

func (i *AuthomationRule) ToAuthomationRuleOutputWithContext(ctx context.Context) AuthomationRuleOutput

type AuthomationRuleActionIncident added in v4.25.0 

type AuthomationRuleActionIncident struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	Classification *string `pulumi:"classification"`
	// The comment why the incident is to be closed.
	ClassificationComment *string `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels []string `pulumi:"labels"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId *string `pulumi:"ownerId"`
	// The severity to add to the incident.
	Severity *string `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status *string `pulumi:"status"`
}

type AuthomationRuleActionIncidentArgs added in v4.25.0 

type AuthomationRuleActionIncidentArgs struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	Classification pulumi.StringPtrInput `pulumi:"classification"`
	// The comment why the incident is to be closed.
	ClassificationComment pulumi.StringPtrInput `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels pulumi.StringArrayInput `pulumi:"labels"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId pulumi.StringPtrInput `pulumi:"ownerId"`
	// The severity to add to the incident.
	Severity pulumi.StringPtrInput `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status pulumi.StringPtrInput `pulumi:"status"`
}

func (AuthomationRuleActionIncidentArgs) ElementType added in v4.25.0 

func (AuthomationRuleActionIncidentArgs) ElementType() reflect.Type

func (AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutput added in v4.25.0 

func (i AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutput() AuthomationRuleActionIncidentOutput

func (AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutputWithContext added in v4.25.0 

func (i AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentOutput

type AuthomationRuleActionIncidentArray added in v4.25.0 

type AuthomationRuleActionIncidentArray []AuthomationRuleActionIncidentInput

func (AuthomationRuleActionIncidentArray) ElementType added in v4.25.0 

func (AuthomationRuleActionIncidentArray) ElementType() reflect.Type

func (AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutput added in v4.25.0 

func (i AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutput() AuthomationRuleActionIncidentArrayOutput

func (AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutputWithContext added in v4.25.0 

func (i AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentArrayOutput

type AuthomationRuleActionIncidentArrayInput added in v4.25.0 

type AuthomationRuleActionIncidentArrayInput interface {
	pulumi.Input

	ToAuthomationRuleActionIncidentArrayOutput() AuthomationRuleActionIncidentArrayOutput
	ToAuthomationRuleActionIncidentArrayOutputWithContext(context.Context) AuthomationRuleActionIncidentArrayOutput
}

AuthomationRuleActionIncidentArrayInput is an input type that accepts AuthomationRuleActionIncidentArray and AuthomationRuleActionIncidentArrayOutput values. You can construct a concrete instance of `AuthomationRuleActionIncidentArrayInput` via: 

AuthomationRuleActionIncidentArray{ AuthomationRuleActionIncidentArgs{...} }

type AuthomationRuleActionIncidentArrayOutput added in v4.25.0 

type AuthomationRuleActionIncidentArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionIncidentArrayOutput) ElementType added in v4.25.0 

func (AuthomationRuleActionIncidentArrayOutput) ElementType() reflect.Type

func (AuthomationRuleActionIncidentArrayOutput) Index added in v4.25.0 

func (o AuthomationRuleActionIncidentArrayOutput) Index(i pulumi.IntInput) AuthomationRuleActionIncidentOutput

func (AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutput added in v4.25.0 

func (o AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutput() AuthomationRuleActionIncidentArrayOutput

func (AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutputWithContext added in v4.25.0 

func (o AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentArrayOutput

type AuthomationRuleActionIncidentInput added in v4.25.0 

type AuthomationRuleActionIncidentInput interface {
	pulumi.Input

	ToAuthomationRuleActionIncidentOutput() AuthomationRuleActionIncidentOutput
	ToAuthomationRuleActionIncidentOutputWithContext(context.Context) AuthomationRuleActionIncidentOutput
}

AuthomationRuleActionIncidentInput is an input type that accepts AuthomationRuleActionIncidentArgs and AuthomationRuleActionIncidentOutput values. You can construct a concrete instance of `AuthomationRuleActionIncidentInput` via: 

AuthomationRuleActionIncidentArgs{...}

type AuthomationRuleActionIncidentOutput added in v4.25.0 

type AuthomationRuleActionIncidentOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionIncidentOutput) Classification added in v4.25.0 

func (o AuthomationRuleActionIncidentOutput) Classification() pulumi.StringPtrOutput

The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.

func (AuthomationRuleActionIncidentOutput) ClassificationComment added in v4.25.0 

func (o AuthomationRuleActionIncidentOutput) ClassificationComment() pulumi.StringPtrOutput

The comment why the incident is to be closed.

func (AuthomationRuleActionIncidentOutput) ElementType added in v4.25.0 

func (AuthomationRuleActionIncidentOutput) ElementType() reflect.Type

func (AuthomationRuleActionIncidentOutput) Labels added in v4.25.0 

func (o AuthomationRuleActionIncidentOutput) Labels() pulumi.StringArrayOutput

Specifies a list of labels to add to the incident.

func (AuthomationRuleActionIncidentOutput) Order added in v4.25.0 

func (o AuthomationRuleActionIncidentOutput) Order() pulumi.IntOutput

The execution order of this action.

func (AuthomationRuleActionIncidentOutput) OwnerId added in v4.25.0 

func (o AuthomationRuleActionIncidentOutput) OwnerId() pulumi.StringPtrOutput

The object ID of the entity this incident is assigned to.

func (AuthomationRuleActionIncidentOutput) Severity added in v4.25.0 

func (o AuthomationRuleActionIncidentOutput) Severity() pulumi.StringPtrOutput

The severity to add to the incident.

func (AuthomationRuleActionIncidentOutput) Status added in v4.25.0 

func (o AuthomationRuleActionIncidentOutput) Status() pulumi.StringPtrOutput

The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.

func (AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutput added in v4.25.0 

func (o AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutput() AuthomationRuleActionIncidentOutput

func (AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutputWithContext added in v4.25.0 

func (o AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentOutput

type AuthomationRuleActionPlaybook added in v4.25.0 

type AuthomationRuleActionPlaybook struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId string `pulumi:"logicAppId"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId *string `pulumi:"tenantId"`
}

type AuthomationRuleActionPlaybookArgs added in v4.25.0 

type AuthomationRuleActionPlaybookArgs struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId pulumi.StringInput `pulumi:"logicAppId"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId pulumi.StringPtrInput `pulumi:"tenantId"`
}

func (AuthomationRuleActionPlaybookArgs) ElementType added in v4.25.0 

func (AuthomationRuleActionPlaybookArgs) ElementType() reflect.Type

func (AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutput added in v4.25.0 

func (i AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutput() AuthomationRuleActionPlaybookOutput

func (AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutputWithContext added in v4.25.0 

func (i AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookOutput

type AuthomationRuleActionPlaybookArray added in v4.25.0 

type AuthomationRuleActionPlaybookArray []AuthomationRuleActionPlaybookInput

func (AuthomationRuleActionPlaybookArray) ElementType added in v4.25.0 

func (AuthomationRuleActionPlaybookArray) ElementType() reflect.Type

func (AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutput added in v4.25.0 

func (i AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutput() AuthomationRuleActionPlaybookArrayOutput

func (AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutputWithContext added in v4.25.0 

func (i AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookArrayOutput

type AuthomationRuleActionPlaybookArrayInput added in v4.25.0 

type AuthomationRuleActionPlaybookArrayInput interface {
	pulumi.Input

	ToAuthomationRuleActionPlaybookArrayOutput() AuthomationRuleActionPlaybookArrayOutput
	ToAuthomationRuleActionPlaybookArrayOutputWithContext(context.Context) AuthomationRuleActionPlaybookArrayOutput
}

AuthomationRuleActionPlaybookArrayInput is an input type that accepts AuthomationRuleActionPlaybookArray and AuthomationRuleActionPlaybookArrayOutput values. You can construct a concrete instance of `AuthomationRuleActionPlaybookArrayInput` via: 

AuthomationRuleActionPlaybookArray{ AuthomationRuleActionPlaybookArgs{...} }

type AuthomationRuleActionPlaybookArrayOutput added in v4.25.0 

type AuthomationRuleActionPlaybookArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionPlaybookArrayOutput) ElementType added in v4.25.0 

func (AuthomationRuleActionPlaybookArrayOutput) ElementType() reflect.Type

func (AuthomationRuleActionPlaybookArrayOutput) Index added in v4.25.0 

func (o AuthomationRuleActionPlaybookArrayOutput) Index(i pulumi.IntInput) AuthomationRuleActionPlaybookOutput

func (AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutput added in v4.25.0 

func (o AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutput() AuthomationRuleActionPlaybookArrayOutput

func (AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutputWithContext added in v4.25.0 

func (o AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookArrayOutput

type AuthomationRuleActionPlaybookInput added in v4.25.0 

type AuthomationRuleActionPlaybookInput interface {
	pulumi.Input

	ToAuthomationRuleActionPlaybookOutput() AuthomationRuleActionPlaybookOutput
	ToAuthomationRuleActionPlaybookOutputWithContext(context.Context) AuthomationRuleActionPlaybookOutput
}

AuthomationRuleActionPlaybookInput is an input type that accepts AuthomationRuleActionPlaybookArgs and AuthomationRuleActionPlaybookOutput values. You can construct a concrete instance of `AuthomationRuleActionPlaybookInput` via: 

AuthomationRuleActionPlaybookArgs{...}

type AuthomationRuleActionPlaybookOutput added in v4.25.0 

type AuthomationRuleActionPlaybookOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionPlaybookOutput) ElementType added in v4.25.0 

func (AuthomationRuleActionPlaybookOutput) ElementType() reflect.Type

func (AuthomationRuleActionPlaybookOutput) LogicAppId added in v4.25.0 

func (o AuthomationRuleActionPlaybookOutput) LogicAppId() pulumi.StringOutput

The ID of the Logic App that defines the playbook's logic.

func (AuthomationRuleActionPlaybookOutput) Order added in v4.25.0 

func (o AuthomationRuleActionPlaybookOutput) Order() pulumi.IntOutput

The execution order of this action.

func (AuthomationRuleActionPlaybookOutput) TenantId added in v4.25.0 

func (o AuthomationRuleActionPlaybookOutput) TenantId() pulumi.StringPtrOutput

The ID of the Tenant that owns the playbook.

func (AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutput added in v4.25.0 

func (o AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutput() AuthomationRuleActionPlaybookOutput

func (AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutputWithContext added in v4.25.0 

func (o AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookOutput

type AuthomationRuleArgs added in v4.25.0 

type AuthomationRuleArgs struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AuthomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AuthomationRuleActionPlaybookArrayInput
	// One or more `condition` blocks as defined below.
	Conditions AuthomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntInput
}

The set of arguments for constructing a AuthomationRule resource.

func (AuthomationRuleArgs) ElementType added in v4.25.0 

func (AuthomationRuleArgs) ElementType() reflect.Type

type AuthomationRuleArray added in v4.25.0 

type AuthomationRuleArray []AuthomationRuleInput

func (AuthomationRuleArray) ElementType added in v4.25.0 

func (AuthomationRuleArray) ElementType() reflect.Type

func (AuthomationRuleArray) ToAuthomationRuleArrayOutput added in v4.25.0 

func (i AuthomationRuleArray) ToAuthomationRuleArrayOutput() AuthomationRuleArrayOutput

func (AuthomationRuleArray) ToAuthomationRuleArrayOutputWithContext added in v4.25.0 

func (i AuthomationRuleArray) ToAuthomationRuleArrayOutputWithContext(ctx context.Context) AuthomationRuleArrayOutput

type AuthomationRuleArrayInput added in v4.25.0 

type AuthomationRuleArrayInput interface {
	pulumi.Input

	ToAuthomationRuleArrayOutput() AuthomationRuleArrayOutput
	ToAuthomationRuleArrayOutputWithContext(context.Context) AuthomationRuleArrayOutput
}

AuthomationRuleArrayInput is an input type that accepts AuthomationRuleArray and AuthomationRuleArrayOutput values. You can construct a concrete instance of `AuthomationRuleArrayInput` via: 

AuthomationRuleArray{ AuthomationRuleArgs{...} }

type AuthomationRuleArrayOutput added in v4.25.0 

type AuthomationRuleArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleArrayOutput) ElementType added in v4.25.0 

func (AuthomationRuleArrayOutput) ElementType() reflect.Type

func (AuthomationRuleArrayOutput) Index added in v4.25.0 

func (o AuthomationRuleArrayOutput) Index(i pulumi.IntInput) AuthomationRuleOutput

func (AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutput added in v4.25.0 

func (o AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutput() AuthomationRuleArrayOutput

func (AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutputWithContext added in v4.25.0 

func (o AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutputWithContext(ctx context.Context) AuthomationRuleArrayOutput

type AuthomationRuleCondition added in v4.25.0 

type AuthomationRuleCondition struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator string `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.
	Property string `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values []string `pulumi:"values"`
}

type AuthomationRuleConditionArgs added in v4.25.0 

type AuthomationRuleConditionArgs struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator pulumi.StringInput `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.
	Property pulumi.StringInput `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (AuthomationRuleConditionArgs) ElementType added in v4.25.0 

func (AuthomationRuleConditionArgs) ElementType() reflect.Type

func (AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutput added in v4.25.0 

func (i AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutput() AuthomationRuleConditionOutput

func (AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutputWithContext added in v4.25.0 

func (i AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutputWithContext(ctx context.Context) AuthomationRuleConditionOutput

type AuthomationRuleConditionArray added in v4.25.0 

type AuthomationRuleConditionArray []AuthomationRuleConditionInput

func (AuthomationRuleConditionArray) ElementType added in v4.25.0 

func (AuthomationRuleConditionArray) ElementType() reflect.Type

func (AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutput added in v4.25.0 

func (i AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutput() AuthomationRuleConditionArrayOutput

func (AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutputWithContext added in v4.25.0 

func (i AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutputWithContext(ctx context.Context) AuthomationRuleConditionArrayOutput

type AuthomationRuleConditionArrayInput added in v4.25.0 

type AuthomationRuleConditionArrayInput interface {
	pulumi.Input

	ToAuthomationRuleConditionArrayOutput() AuthomationRuleConditionArrayOutput
	ToAuthomationRuleConditionArrayOutputWithContext(context.Context) AuthomationRuleConditionArrayOutput
}

AuthomationRuleConditionArrayInput is an input type that accepts AuthomationRuleConditionArray and AuthomationRuleConditionArrayOutput values. You can construct a concrete instance of `AuthomationRuleConditionArrayInput` via: 

AuthomationRuleConditionArray{ AuthomationRuleConditionArgs{...} }

type AuthomationRuleConditionArrayOutput added in v4.25.0 

type AuthomationRuleConditionArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleConditionArrayOutput) ElementType added in v4.25.0 

func (AuthomationRuleConditionArrayOutput) ElementType() reflect.Type

func (AuthomationRuleConditionArrayOutput) Index added in v4.25.0 

func (o AuthomationRuleConditionArrayOutput) Index(i pulumi.IntInput) AuthomationRuleConditionOutput

func (AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutput added in v4.25.0 

func (o AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutput() AuthomationRuleConditionArrayOutput

func (AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutputWithContext added in v4.25.0 

func (o AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutputWithContext(ctx context.Context) AuthomationRuleConditionArrayOutput

type AuthomationRuleConditionInput added in v4.25.0 

type AuthomationRuleConditionInput interface {
	pulumi.Input

	ToAuthomationRuleConditionOutput() AuthomationRuleConditionOutput
	ToAuthomationRuleConditionOutputWithContext(context.Context) AuthomationRuleConditionOutput
}

AuthomationRuleConditionInput is an input type that accepts AuthomationRuleConditionArgs and AuthomationRuleConditionOutput values. You can construct a concrete instance of `AuthomationRuleConditionInput` via: 

AuthomationRuleConditionArgs{...}

type AuthomationRuleConditionOutput added in v4.25.0 

type AuthomationRuleConditionOutput struct{ *pulumi.OutputState }

func (AuthomationRuleConditionOutput) ElementType added in v4.25.0 

func (AuthomationRuleConditionOutput) ElementType() reflect.Type

func (AuthomationRuleConditionOutput) Operator added in v4.25.0 

func (o AuthomationRuleConditionOutput) Operator() pulumi.StringOutput

The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.

func (AuthomationRuleConditionOutput) Property added in v4.25.0 

func (o AuthomationRuleConditionOutput) Property() pulumi.StringOutput

The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.

func (AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutput added in v4.25.0 

func (o AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutput() AuthomationRuleConditionOutput

func (AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutputWithContext added in v4.25.0 

func (o AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutputWithContext(ctx context.Context) AuthomationRuleConditionOutput

func (AuthomationRuleConditionOutput) Values added in v4.25.0 

func (o AuthomationRuleConditionOutput) Values() pulumi.StringArrayOutput

Specifies a list of values to use for evaluate the condition.

type AuthomationRuleInput added in v4.25.0 

type AuthomationRuleInput interface {
	pulumi.Input

	ToAuthomationRuleOutput() AuthomationRuleOutput
	ToAuthomationRuleOutputWithContext(ctx context.Context) AuthomationRuleOutput
}

type AuthomationRuleMap added in v4.25.0 

type AuthomationRuleMap map[string]AuthomationRuleInput

func (AuthomationRuleMap) ElementType added in v4.25.0 

func (AuthomationRuleMap) ElementType() reflect.Type

func (AuthomationRuleMap) ToAuthomationRuleMapOutput added in v4.25.0 

func (i AuthomationRuleMap) ToAuthomationRuleMapOutput() AuthomationRuleMapOutput

func (AuthomationRuleMap) ToAuthomationRuleMapOutputWithContext added in v4.25.0 

func (i AuthomationRuleMap) ToAuthomationRuleMapOutputWithContext(ctx context.Context) AuthomationRuleMapOutput

type AuthomationRuleMapInput added in v4.25.0 

type AuthomationRuleMapInput interface {
	pulumi.Input

	ToAuthomationRuleMapOutput() AuthomationRuleMapOutput
	ToAuthomationRuleMapOutputWithContext(context.Context) AuthomationRuleMapOutput
}

AuthomationRuleMapInput is an input type that accepts AuthomationRuleMap and AuthomationRuleMapOutput values. You can construct a concrete instance of `AuthomationRuleMapInput` via: 

AuthomationRuleMap{ "key": AuthomationRuleArgs{...} }

type AuthomationRuleMapOutput added in v4.25.0 

type AuthomationRuleMapOutput struct{ *pulumi.OutputState }

func (AuthomationRuleMapOutput) ElementType added in v4.25.0 

func (AuthomationRuleMapOutput) ElementType() reflect.Type

func (AuthomationRuleMapOutput) MapIndex added in v4.25.0 

func (o AuthomationRuleMapOutput) MapIndex(k pulumi.StringInput) AuthomationRuleOutput

func (AuthomationRuleMapOutput) ToAuthomationRuleMapOutput added in v4.25.0 

func (o AuthomationRuleMapOutput) ToAuthomationRuleMapOutput() AuthomationRuleMapOutput

func (AuthomationRuleMapOutput) ToAuthomationRuleMapOutputWithContext added in v4.25.0 

func (o AuthomationRuleMapOutput) ToAuthomationRuleMapOutputWithContext(ctx context.Context) AuthomationRuleMapOutput

type AuthomationRuleOutput added in v4.25.0 

type AuthomationRuleOutput struct{ *pulumi.OutputState }

func (AuthomationRuleOutput) ElementType added in v4.25.0 

func (AuthomationRuleOutput) ElementType() reflect.Type

func (AuthomationRuleOutput) ToAuthomationRuleOutput added in v4.25.0 

func (o AuthomationRuleOutput) ToAuthomationRuleOutput() AuthomationRuleOutput

func (AuthomationRuleOutput) ToAuthomationRuleOutputWithContext added in v4.25.0 

func (o AuthomationRuleOutput) ToAuthomationRuleOutputWithContext(ctx context.Context) AuthomationRuleOutput

type AuthomationRuleState added in v4.25.0 

type AuthomationRuleState struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AuthomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AuthomationRuleActionPlaybookArrayInput
	// One or more `condition` blocks as defined below.
	Conditions AuthomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringPtrInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntPtrInput
}

func (AuthomationRuleState) ElementType added in v4.25.0 

func (AuthomationRuleState) ElementType() reflect.Type

type AutomationRule added in v4.29.0 

type AutomationRule struct {
	pulumi.CustomResourceState

	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AutomationRuleActionIncidentArrayOutput `pulumi:"actionIncidents"`
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AutomationRuleActionPlaybookArrayOutput `pulumi:"actionPlaybooks"`
	// One or more `condition` blocks as defined below.
	Conditions AutomationRuleConditionArrayOutput `pulumi:"conditions"`
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrOutput `pulumi:"expiration"`
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntOutput `pulumi:"order"`
}

Manages a Sentinel Automation Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("pergb2018"),
		})
		if err != nil {
			return err
		}
		sentinel, err := operationalinsights.NewAnalyticsSolution(ctx, "sentinel", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAutomationRule(ctx, "exampleAutomationRule", &sentinel.AutomationRuleArgs{
			LogAnalyticsWorkspaceId: sentinel.WorkspaceResourceId,
			DisplayName:             pulumi.String("automation_rule1"),
			Order:                   pulumi.Int(1),
			ActionIncidents: sentinel.AutomationRuleActionIncidentArray{
				&sentinel.AutomationRuleActionIncidentArgs{
					Order:  pulumi.Int(1),
					Status: pulumi.String("Active"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Automation Rules can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/automationRule:AutomationRule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/AutomationRules/rule1

```

func GetAutomationRule added in v4.29.0 

func GetAutomationRule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AutomationRuleState, opts ...pulumi.ResourceOption) (*AutomationRule, error)

GetAutomationRule gets an existing AutomationRule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAutomationRule added in v4.29.0 

func NewAutomationRule(ctx *pulumi.Context,
	name string, args *AutomationRuleArgs, opts ...pulumi.ResourceOption) (*AutomationRule, error)

NewAutomationRule registers a new resource with the given unique name, arguments, and options.

func (*AutomationRule) ElementType added in v4.29.0 

func (*AutomationRule) ElementType() reflect.Type

func (*AutomationRule) ToAutomationRuleOutput added in v4.29.0 

func (i *AutomationRule) ToAutomationRuleOutput() AutomationRuleOutput

func (*AutomationRule) ToAutomationRuleOutputWithContext added in v4.29.0 

func (i *AutomationRule) ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput

type AutomationRuleActionIncident added in v4.29.0 

type AutomationRuleActionIncident struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	Classification *string `pulumi:"classification"`
	// The comment why the incident is to be closed.
	ClassificationComment *string `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels []string `pulumi:"labels"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId *string `pulumi:"ownerId"`
	// The severity to add to the incident.
	Severity *string `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status *string `pulumi:"status"`
}

type AutomationRuleActionIncidentArgs added in v4.29.0 

type AutomationRuleActionIncidentArgs struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	Classification pulumi.StringPtrInput `pulumi:"classification"`
	// The comment why the incident is to be closed.
	ClassificationComment pulumi.StringPtrInput `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels pulumi.StringArrayInput `pulumi:"labels"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId pulumi.StringPtrInput `pulumi:"ownerId"`
	// The severity to add to the incident.
	Severity pulumi.StringPtrInput `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status pulumi.StringPtrInput `pulumi:"status"`
}

func (AutomationRuleActionIncidentArgs) ElementType added in v4.29.0 

func (AutomationRuleActionIncidentArgs) ElementType() reflect.Type

func (AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutput added in v4.29.0 

func (i AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutput() AutomationRuleActionIncidentOutput

func (AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutputWithContext added in v4.29.0 

func (i AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutputWithContext(ctx context.Context) AutomationRuleActionIncidentOutput

type AutomationRuleActionIncidentArray added in v4.29.0 

type AutomationRuleActionIncidentArray []AutomationRuleActionIncidentInput

func (AutomationRuleActionIncidentArray) ElementType added in v4.29.0 

func (AutomationRuleActionIncidentArray) ElementType() reflect.Type

func (AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutput added in v4.29.0 

func (i AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutput() AutomationRuleActionIncidentArrayOutput

func (AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutputWithContext added in v4.29.0 

func (i AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AutomationRuleActionIncidentArrayOutput

type AutomationRuleActionIncidentArrayInput added in v4.29.0 

type AutomationRuleActionIncidentArrayInput interface {
	pulumi.Input

	ToAutomationRuleActionIncidentArrayOutput() AutomationRuleActionIncidentArrayOutput
	ToAutomationRuleActionIncidentArrayOutputWithContext(context.Context) AutomationRuleActionIncidentArrayOutput
}

AutomationRuleActionIncidentArrayInput is an input type that accepts AutomationRuleActionIncidentArray and AutomationRuleActionIncidentArrayOutput values. You can construct a concrete instance of `AutomationRuleActionIncidentArrayInput` via: 

AutomationRuleActionIncidentArray{ AutomationRuleActionIncidentArgs{...} }

type AutomationRuleActionIncidentArrayOutput added in v4.29.0 

type AutomationRuleActionIncidentArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionIncidentArrayOutput) ElementType added in v4.29.0 

func (AutomationRuleActionIncidentArrayOutput) ElementType() reflect.Type

func (AutomationRuleActionIncidentArrayOutput) Index added in v4.29.0 

func (o AutomationRuleActionIncidentArrayOutput) Index(i pulumi.IntInput) AutomationRuleActionIncidentOutput

func (AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutput added in v4.29.0 

func (o AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutput() AutomationRuleActionIncidentArrayOutput

func (AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutputWithContext added in v4.29.0 

func (o AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AutomationRuleActionIncidentArrayOutput

type AutomationRuleActionIncidentInput added in v4.29.0 

type AutomationRuleActionIncidentInput interface {
	pulumi.Input

	ToAutomationRuleActionIncidentOutput() AutomationRuleActionIncidentOutput
	ToAutomationRuleActionIncidentOutputWithContext(context.Context) AutomationRuleActionIncidentOutput
}

AutomationRuleActionIncidentInput is an input type that accepts AutomationRuleActionIncidentArgs and AutomationRuleActionIncidentOutput values. You can construct a concrete instance of `AutomationRuleActionIncidentInput` via: 

AutomationRuleActionIncidentArgs{...}

type AutomationRuleActionIncidentOutput added in v4.29.0 

type AutomationRuleActionIncidentOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionIncidentOutput) Classification added in v4.29.0 

func (o AutomationRuleActionIncidentOutput) Classification() pulumi.StringPtrOutput

The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.

func (AutomationRuleActionIncidentOutput) ClassificationComment added in v4.29.0 

func (o AutomationRuleActionIncidentOutput) ClassificationComment() pulumi.StringPtrOutput

The comment why the incident is to be closed.

func (AutomationRuleActionIncidentOutput) ElementType added in v4.29.0 

func (AutomationRuleActionIncidentOutput) ElementType() reflect.Type

func (AutomationRuleActionIncidentOutput) Labels added in v4.29.0 

func (o AutomationRuleActionIncidentOutput) Labels() pulumi.StringArrayOutput

Specifies a list of labels to add to the incident.

func (AutomationRuleActionIncidentOutput) Order added in v4.29.0 

func (o AutomationRuleActionIncidentOutput) Order() pulumi.IntOutput

The execution order of this action.

func (AutomationRuleActionIncidentOutput) OwnerId added in v4.29.0 

func (o AutomationRuleActionIncidentOutput) OwnerId() pulumi.StringPtrOutput

The object ID of the entity this incident is assigned to.

func (AutomationRuleActionIncidentOutput) Severity added in v4.29.0 

func (o AutomationRuleActionIncidentOutput) Severity() pulumi.StringPtrOutput

The severity to add to the incident.

func (AutomationRuleActionIncidentOutput) Status added in v4.29.0 

func (o AutomationRuleActionIncidentOutput) Status() pulumi.StringPtrOutput

The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.

func (AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutput added in v4.29.0 

func (o AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutput() AutomationRuleActionIncidentOutput

func (AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutputWithContext added in v4.29.0 

func (o AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutputWithContext(ctx context.Context) AutomationRuleActionIncidentOutput

type AutomationRuleActionPlaybook added in v4.29.0 

type AutomationRuleActionPlaybook struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId string `pulumi:"logicAppId"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId *string `pulumi:"tenantId"`
}

type AutomationRuleActionPlaybookArgs added in v4.29.0 

type AutomationRuleActionPlaybookArgs struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId pulumi.StringInput `pulumi:"logicAppId"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId pulumi.StringPtrInput `pulumi:"tenantId"`
}

func (AutomationRuleActionPlaybookArgs) ElementType added in v4.29.0 

func (AutomationRuleActionPlaybookArgs) ElementType() reflect.Type

func (AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutput added in v4.29.0 

func (i AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutput() AutomationRuleActionPlaybookOutput

func (AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutputWithContext added in v4.29.0 

func (i AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookOutput

type AutomationRuleActionPlaybookArray added in v4.29.0 

type AutomationRuleActionPlaybookArray []AutomationRuleActionPlaybookInput

func (AutomationRuleActionPlaybookArray) ElementType added in v4.29.0 

func (AutomationRuleActionPlaybookArray) ElementType() reflect.Type

func (AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutput added in v4.29.0 

func (i AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutput() AutomationRuleActionPlaybookArrayOutput

func (AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutputWithContext added in v4.29.0 

func (i AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookArrayOutput

type AutomationRuleActionPlaybookArrayInput added in v4.29.0 

type AutomationRuleActionPlaybookArrayInput interface {
	pulumi.Input

	ToAutomationRuleActionPlaybookArrayOutput() AutomationRuleActionPlaybookArrayOutput
	ToAutomationRuleActionPlaybookArrayOutputWithContext(context.Context) AutomationRuleActionPlaybookArrayOutput
}

AutomationRuleActionPlaybookArrayInput is an input type that accepts AutomationRuleActionPlaybookArray and AutomationRuleActionPlaybookArrayOutput values. You can construct a concrete instance of `AutomationRuleActionPlaybookArrayInput` via: 

AutomationRuleActionPlaybookArray{ AutomationRuleActionPlaybookArgs{...} }

type AutomationRuleActionPlaybookArrayOutput added in v4.29.0 

type AutomationRuleActionPlaybookArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionPlaybookArrayOutput) ElementType added in v4.29.0 

func (AutomationRuleActionPlaybookArrayOutput) ElementType() reflect.Type

func (AutomationRuleActionPlaybookArrayOutput) Index added in v4.29.0 

func (o AutomationRuleActionPlaybookArrayOutput) Index(i pulumi.IntInput) AutomationRuleActionPlaybookOutput

func (AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutput added in v4.29.0 

func (o AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutput() AutomationRuleActionPlaybookArrayOutput

func (AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutputWithContext added in v4.29.0 

func (o AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookArrayOutput

type AutomationRuleActionPlaybookInput added in v4.29.0 

type AutomationRuleActionPlaybookInput interface {
	pulumi.Input

	ToAutomationRuleActionPlaybookOutput() AutomationRuleActionPlaybookOutput
	ToAutomationRuleActionPlaybookOutputWithContext(context.Context) AutomationRuleActionPlaybookOutput
}

AutomationRuleActionPlaybookInput is an input type that accepts AutomationRuleActionPlaybookArgs and AutomationRuleActionPlaybookOutput values. You can construct a concrete instance of `AutomationRuleActionPlaybookInput` via: 

AutomationRuleActionPlaybookArgs{...}

type AutomationRuleActionPlaybookOutput added in v4.29.0 

type AutomationRuleActionPlaybookOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionPlaybookOutput) ElementType added in v4.29.0 

func (AutomationRuleActionPlaybookOutput) ElementType() reflect.Type

func (AutomationRuleActionPlaybookOutput) LogicAppId added in v4.29.0 

func (o AutomationRuleActionPlaybookOutput) LogicAppId() pulumi.StringOutput

The ID of the Logic App that defines the playbook's logic.

func (AutomationRuleActionPlaybookOutput) Order added in v4.29.0 

func (o AutomationRuleActionPlaybookOutput) Order() pulumi.IntOutput

The execution order of this action.

func (AutomationRuleActionPlaybookOutput) TenantId added in v4.29.0 

func (o AutomationRuleActionPlaybookOutput) TenantId() pulumi.StringPtrOutput

The ID of the Tenant that owns the playbook.

func (AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutput added in v4.29.0 

func (o AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutput() AutomationRuleActionPlaybookOutput

func (AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutputWithContext added in v4.29.0 

func (o AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookOutput

type AutomationRuleArgs added in v4.29.0 

type AutomationRuleArgs struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AutomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AutomationRuleActionPlaybookArrayInput
	// One or more `condition` blocks as defined below.
	Conditions AutomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntInput
}

The set of arguments for constructing a AutomationRule resource.

func (AutomationRuleArgs) ElementType added in v4.29.0 

func (AutomationRuleArgs) ElementType() reflect.Type

type AutomationRuleArray added in v4.29.0 

type AutomationRuleArray []AutomationRuleInput

func (AutomationRuleArray) ElementType added in v4.29.0 

func (AutomationRuleArray) ElementType() reflect.Type

func (AutomationRuleArray) ToAutomationRuleArrayOutput added in v4.29.0 

func (i AutomationRuleArray) ToAutomationRuleArrayOutput() AutomationRuleArrayOutput

func (AutomationRuleArray) ToAutomationRuleArrayOutputWithContext added in v4.29.0 

func (i AutomationRuleArray) ToAutomationRuleArrayOutputWithContext(ctx context.Context) AutomationRuleArrayOutput

type AutomationRuleArrayInput added in v4.29.0 

type AutomationRuleArrayInput interface {
	pulumi.Input

	ToAutomationRuleArrayOutput() AutomationRuleArrayOutput
	ToAutomationRuleArrayOutputWithContext(context.Context) AutomationRuleArrayOutput
}

AutomationRuleArrayInput is an input type that accepts AutomationRuleArray and AutomationRuleArrayOutput values. You can construct a concrete instance of `AutomationRuleArrayInput` via: 

AutomationRuleArray{ AutomationRuleArgs{...} }

type AutomationRuleArrayOutput added in v4.29.0 

type AutomationRuleArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleArrayOutput) ElementType added in v4.29.0 

func (AutomationRuleArrayOutput) ElementType() reflect.Type

func (AutomationRuleArrayOutput) Index added in v4.29.0 

func (o AutomationRuleArrayOutput) Index(i pulumi.IntInput) AutomationRuleOutput

func (AutomationRuleArrayOutput) ToAutomationRuleArrayOutput added in v4.29.0 

func (o AutomationRuleArrayOutput) ToAutomationRuleArrayOutput() AutomationRuleArrayOutput

func (AutomationRuleArrayOutput) ToAutomationRuleArrayOutputWithContext added in v4.29.0 

func (o AutomationRuleArrayOutput) ToAutomationRuleArrayOutputWithContext(ctx context.Context) AutomationRuleArrayOutput

type AutomationRuleCondition added in v4.29.0 

type AutomationRuleCondition struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator string `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.
	Property string `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values []string `pulumi:"values"`
}

type AutomationRuleConditionArgs added in v4.29.0 

type AutomationRuleConditionArgs struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator pulumi.StringInput `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.
	Property pulumi.StringInput `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (AutomationRuleConditionArgs) ElementType added in v4.29.0 

func (AutomationRuleConditionArgs) ElementType() reflect.Type

func (AutomationRuleConditionArgs) ToAutomationRuleConditionOutput added in v4.29.0 

func (i AutomationRuleConditionArgs) ToAutomationRuleConditionOutput() AutomationRuleConditionOutput

func (AutomationRuleConditionArgs) ToAutomationRuleConditionOutputWithContext added in v4.29.0 

func (i AutomationRuleConditionArgs) ToAutomationRuleConditionOutputWithContext(ctx context.Context) AutomationRuleConditionOutput

type AutomationRuleConditionArray added in v4.29.0 

type AutomationRuleConditionArray []AutomationRuleConditionInput

func (AutomationRuleConditionArray) ElementType added in v4.29.0 

func (AutomationRuleConditionArray) ElementType() reflect.Type

func (AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutput added in v4.29.0 

func (i AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutput() AutomationRuleConditionArrayOutput

func (AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutputWithContext added in v4.29.0 

func (i AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutputWithContext(ctx context.Context) AutomationRuleConditionArrayOutput

type AutomationRuleConditionArrayInput added in v4.29.0 

type AutomationRuleConditionArrayInput interface {
	pulumi.Input

	ToAutomationRuleConditionArrayOutput() AutomationRuleConditionArrayOutput
	ToAutomationRuleConditionArrayOutputWithContext(context.Context) AutomationRuleConditionArrayOutput
}

AutomationRuleConditionArrayInput is an input type that accepts AutomationRuleConditionArray and AutomationRuleConditionArrayOutput values. You can construct a concrete instance of `AutomationRuleConditionArrayInput` via: 

AutomationRuleConditionArray{ AutomationRuleConditionArgs{...} }

type AutomationRuleConditionArrayOutput added in v4.29.0 

type AutomationRuleConditionArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleConditionArrayOutput) ElementType added in v4.29.0 

func (AutomationRuleConditionArrayOutput) ElementType() reflect.Type

func (AutomationRuleConditionArrayOutput) Index added in v4.29.0 

func (o AutomationRuleConditionArrayOutput) Index(i pulumi.IntInput) AutomationRuleConditionOutput

func (AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutput added in v4.29.0 

func (o AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutput() AutomationRuleConditionArrayOutput

func (AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutputWithContext added in v4.29.0 

func (o AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutputWithContext(ctx context.Context) AutomationRuleConditionArrayOutput

type AutomationRuleConditionInput added in v4.29.0 

type AutomationRuleConditionInput interface {
	pulumi.Input

	ToAutomationRuleConditionOutput() AutomationRuleConditionOutput
	ToAutomationRuleConditionOutputWithContext(context.Context) AutomationRuleConditionOutput
}

AutomationRuleConditionInput is an input type that accepts AutomationRuleConditionArgs and AutomationRuleConditionOutput values. You can construct a concrete instance of `AutomationRuleConditionInput` via: 

AutomationRuleConditionArgs{...}

type AutomationRuleConditionOutput added in v4.29.0 

type AutomationRuleConditionOutput struct{ *pulumi.OutputState }

func (AutomationRuleConditionOutput) ElementType added in v4.29.0 

func (AutomationRuleConditionOutput) ElementType() reflect.Type

func (AutomationRuleConditionOutput) Operator added in v4.29.0 

func (o AutomationRuleConditionOutput) Operator() pulumi.StringOutput

The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.

func (AutomationRuleConditionOutput) Property added in v4.29.0 

func (o AutomationRuleConditionOutput) Property() pulumi.StringOutput

The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.

func (AutomationRuleConditionOutput) ToAutomationRuleConditionOutput added in v4.29.0 

func (o AutomationRuleConditionOutput) ToAutomationRuleConditionOutput() AutomationRuleConditionOutput

func (AutomationRuleConditionOutput) ToAutomationRuleConditionOutputWithContext added in v4.29.0 

func (o AutomationRuleConditionOutput) ToAutomationRuleConditionOutputWithContext(ctx context.Context) AutomationRuleConditionOutput

func (AutomationRuleConditionOutput) Values added in v4.29.0 

func (o AutomationRuleConditionOutput) Values() pulumi.StringArrayOutput

Specifies a list of values to use for evaluate the condition.

type AutomationRuleInput added in v4.29.0 

type AutomationRuleInput interface {
	pulumi.Input

	ToAutomationRuleOutput() AutomationRuleOutput
	ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput
}

type AutomationRuleMap added in v4.29.0 

type AutomationRuleMap map[string]AutomationRuleInput

func (AutomationRuleMap) ElementType added in v4.29.0 

func (AutomationRuleMap) ElementType() reflect.Type

func (AutomationRuleMap) ToAutomationRuleMapOutput added in v4.29.0 

func (i AutomationRuleMap) ToAutomationRuleMapOutput() AutomationRuleMapOutput

func (AutomationRuleMap) ToAutomationRuleMapOutputWithContext added in v4.29.0 

func (i AutomationRuleMap) ToAutomationRuleMapOutputWithContext(ctx context.Context) AutomationRuleMapOutput

type AutomationRuleMapInput added in v4.29.0 

type AutomationRuleMapInput interface {
	pulumi.Input

	ToAutomationRuleMapOutput() AutomationRuleMapOutput
	ToAutomationRuleMapOutputWithContext(context.Context) AutomationRuleMapOutput
}

AutomationRuleMapInput is an input type that accepts AutomationRuleMap and AutomationRuleMapOutput values. You can construct a concrete instance of `AutomationRuleMapInput` via: 

AutomationRuleMap{ "key": AutomationRuleArgs{...} }

type AutomationRuleMapOutput added in v4.29.0 

type AutomationRuleMapOutput struct{ *pulumi.OutputState }

func (AutomationRuleMapOutput) ElementType added in v4.29.0 

func (AutomationRuleMapOutput) ElementType() reflect.Type

func (AutomationRuleMapOutput) MapIndex added in v4.29.0 

func (o AutomationRuleMapOutput) MapIndex(k pulumi.StringInput) AutomationRuleOutput

func (AutomationRuleMapOutput) ToAutomationRuleMapOutput added in v4.29.0 

func (o AutomationRuleMapOutput) ToAutomationRuleMapOutput() AutomationRuleMapOutput

func (AutomationRuleMapOutput) ToAutomationRuleMapOutputWithContext added in v4.29.0 

func (o AutomationRuleMapOutput) ToAutomationRuleMapOutputWithContext(ctx context.Context) AutomationRuleMapOutput

type AutomationRuleOutput added in v4.29.0 

type AutomationRuleOutput struct{ *pulumi.OutputState }

func (AutomationRuleOutput) ElementType added in v4.29.0 

func (AutomationRuleOutput) ElementType() reflect.Type

func (AutomationRuleOutput) ToAutomationRuleOutput added in v4.29.0 

func (o AutomationRuleOutput) ToAutomationRuleOutput() AutomationRuleOutput

func (AutomationRuleOutput) ToAutomationRuleOutputWithContext added in v4.29.0 

func (o AutomationRuleOutput) ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput

type AutomationRuleState added in v4.29.0 

type AutomationRuleState struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AutomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AutomationRuleActionPlaybookArrayInput
	// One or more `condition` blocks as defined below.
	Conditions AutomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringPtrInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntPtrInput
}

func (AutomationRuleState) ElementType added in v4.29.0 

func (AutomationRuleState) ElementType() reflect.Type

type DataConnectorAwsCloudTrail 

type DataConnectorAwsCloudTrail struct {
	pulumi.CustomResourceState

	// The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.
	AwsRoleArn pulumi.StringOutput `pulumi:"awsRoleArn"`
	// The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a AWS CloudTrail Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAwsCloudTrail(ctx, "exampleDataConnectorAwsCloudTrail", &sentinel.DataConnectorAwsCloudTrailArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			AwsRoleArn:              pulumi.String("arn:aws:iam::000000000000:role/role1"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS CloudTrail Data Connectors can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/dataConnectorAwsCloudTrail:DataConnectorAwsCloudTrail example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorAwsCloudTrail 

func GetDataConnectorAwsCloudTrail(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAwsCloudTrailState, opts ...pulumi.ResourceOption) (*DataConnectorAwsCloudTrail, error)

GetDataConnectorAwsCloudTrail gets an existing DataConnectorAwsCloudTrail resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAwsCloudTrail 

func NewDataConnectorAwsCloudTrail(ctx *pulumi.Context,
	name string, args *DataConnectorAwsCloudTrailArgs, opts ...pulumi.ResourceOption) (*DataConnectorAwsCloudTrail, error)

NewDataConnectorAwsCloudTrail registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAwsCloudTrail) ElementType 

func (*DataConnectorAwsCloudTrail) ElementType() reflect.Type

func (*DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutput 

func (i *DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutput() DataConnectorAwsCloudTrailOutput

func (*DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutputWithContext 

func (i *DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailOutput

type DataConnectorAwsCloudTrailArgs 

type DataConnectorAwsCloudTrailArgs struct {
	// The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.
	AwsRoleArn pulumi.StringInput
	// The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAwsCloudTrail resource.

func (DataConnectorAwsCloudTrailArgs) ElementType 

func (DataConnectorAwsCloudTrailArgs) ElementType() reflect.Type

type DataConnectorAwsCloudTrailArray 

type DataConnectorAwsCloudTrailArray []DataConnectorAwsCloudTrailInput

func (DataConnectorAwsCloudTrailArray) ElementType 

func (DataConnectorAwsCloudTrailArray) ElementType() reflect.Type

func (DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutput 

func (i DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutput() DataConnectorAwsCloudTrailArrayOutput

func (DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutputWithContext 

func (i DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailArrayOutput

type DataConnectorAwsCloudTrailArrayInput 

type DataConnectorAwsCloudTrailArrayInput interface {
	pulumi.Input

	ToDataConnectorAwsCloudTrailArrayOutput() DataConnectorAwsCloudTrailArrayOutput
	ToDataConnectorAwsCloudTrailArrayOutputWithContext(context.Context) DataConnectorAwsCloudTrailArrayOutput
}

DataConnectorAwsCloudTrailArrayInput is an input type that accepts DataConnectorAwsCloudTrailArray and DataConnectorAwsCloudTrailArrayOutput values. You can construct a concrete instance of `DataConnectorAwsCloudTrailArrayInput` via: 

DataConnectorAwsCloudTrailArray{ DataConnectorAwsCloudTrailArgs{...} }

type DataConnectorAwsCloudTrailArrayOutput 

type DataConnectorAwsCloudTrailArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsCloudTrailArrayOutput) ElementType 

func (DataConnectorAwsCloudTrailArrayOutput) ElementType() reflect.Type

func (DataConnectorAwsCloudTrailArrayOutput) Index 

func (o DataConnectorAwsCloudTrailArrayOutput) Index(i pulumi.IntInput) DataConnectorAwsCloudTrailOutput

func (DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutput 

func (o DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutput() DataConnectorAwsCloudTrailArrayOutput

func (DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutputWithContext 

func (o DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailArrayOutput

type DataConnectorAwsCloudTrailInput 

type DataConnectorAwsCloudTrailInput interface {
	pulumi.Input

	ToDataConnectorAwsCloudTrailOutput() DataConnectorAwsCloudTrailOutput
	ToDataConnectorAwsCloudTrailOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailOutput
}

type DataConnectorAwsCloudTrailMap 

type DataConnectorAwsCloudTrailMap map[string]DataConnectorAwsCloudTrailInput

func (DataConnectorAwsCloudTrailMap) ElementType 

func (DataConnectorAwsCloudTrailMap) ElementType() reflect.Type

func (DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutput 

func (i DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutput() DataConnectorAwsCloudTrailMapOutput

func (DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutputWithContext 

func (i DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailMapOutput

type DataConnectorAwsCloudTrailMapInput 

type DataConnectorAwsCloudTrailMapInput interface {
	pulumi.Input

	ToDataConnectorAwsCloudTrailMapOutput() DataConnectorAwsCloudTrailMapOutput
	ToDataConnectorAwsCloudTrailMapOutputWithContext(context.Context) DataConnectorAwsCloudTrailMapOutput
}

DataConnectorAwsCloudTrailMapInput is an input type that accepts DataConnectorAwsCloudTrailMap and DataConnectorAwsCloudTrailMapOutput values. You can construct a concrete instance of `DataConnectorAwsCloudTrailMapInput` via: 

DataConnectorAwsCloudTrailMap{ "key": DataConnectorAwsCloudTrailArgs{...} }

type DataConnectorAwsCloudTrailMapOutput 

type DataConnectorAwsCloudTrailMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsCloudTrailMapOutput) ElementType 

func (DataConnectorAwsCloudTrailMapOutput) ElementType() reflect.Type

func (DataConnectorAwsCloudTrailMapOutput) MapIndex 

func (o DataConnectorAwsCloudTrailMapOutput) MapIndex(k pulumi.StringInput) DataConnectorAwsCloudTrailOutput

func (DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutput 

func (o DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutput() DataConnectorAwsCloudTrailMapOutput

func (DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutputWithContext 

func (o DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailMapOutput

type DataConnectorAwsCloudTrailOutput 

type DataConnectorAwsCloudTrailOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsCloudTrailOutput) ElementType 

func (DataConnectorAwsCloudTrailOutput) ElementType() reflect.Type

func (DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutput 

func (o DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutput() DataConnectorAwsCloudTrailOutput

func (DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutputWithContext 

func (o DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailOutput

type DataConnectorAwsCloudTrailState 

type DataConnectorAwsCloudTrailState struct {
	// The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.
	AwsRoleArn pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.
	Name pulumi.StringPtrInput
}

func (DataConnectorAwsCloudTrailState) ElementType 

func (DataConnectorAwsCloudTrailState) ElementType() reflect.Type

type DataConnectorAzureActiveDirectory 

type DataConnectorAzureActiveDirectory struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. Changing this forces a new Azure Active Directory Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Azure Active Directory Data Connector. Changing this forces a new Azure Active Directory Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Azure Active Directory Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAzureActiveDirectory(ctx, "exampleDataConnectorAzureActiveDirectory", &sentinel.DataConnectorAzureActiveDirectoryArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure Active Directory Data Connectors can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/dataConnectorAzureActiveDirectory:DataConnectorAzureActiveDirectory example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorAzureActiveDirectory 

func GetDataConnectorAzureActiveDirectory(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAzureActiveDirectoryState, opts ...pulumi.ResourceOption) (*DataConnectorAzureActiveDirectory, error)

GetDataConnectorAzureActiveDirectory gets an existing DataConnectorAzureActiveDirectory resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAzureActiveDirectory 

func NewDataConnectorAzureActiveDirectory(ctx *pulumi.Context,
	name string, args *DataConnectorAzureActiveDirectoryArgs, opts ...pulumi.ResourceOption) (*DataConnectorAzureActiveDirectory, error)

NewDataConnectorAzureActiveDirectory registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAzureActiveDirectory) ElementType 

func (*DataConnectorAzureActiveDirectory) ElementType() reflect.Type

func (*DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutput 

func (i *DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutput() DataConnectorAzureActiveDirectoryOutput

func (*DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutputWithContext 

func (i *DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryOutput

type DataConnectorAzureActiveDirectoryArgs 

type DataConnectorAzureActiveDirectoryArgs struct {
	// The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. Changing this forces a new Azure Active Directory Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Azure Active Directory Data Connector. Changing this forces a new Azure Active Directory Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAzureActiveDirectory resource.

func (DataConnectorAzureActiveDirectoryArgs) ElementType 

func (DataConnectorAzureActiveDirectoryArgs) ElementType() reflect.Type

type DataConnectorAzureActiveDirectoryArray 

type DataConnectorAzureActiveDirectoryArray []DataConnectorAzureActiveDirectoryInput

func (DataConnectorAzureActiveDirectoryArray) ElementType 

func (DataConnectorAzureActiveDirectoryArray) ElementType() reflect.Type

func (DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutput 

func (i DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutput() DataConnectorAzureActiveDirectoryArrayOutput

func (DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext 

func (i DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryArrayOutput

type DataConnectorAzureActiveDirectoryArrayInput 

type DataConnectorAzureActiveDirectoryArrayInput interface {
	pulumi.Input

	ToDataConnectorAzureActiveDirectoryArrayOutput() DataConnectorAzureActiveDirectoryArrayOutput
	ToDataConnectorAzureActiveDirectoryArrayOutputWithContext(context.Context) DataConnectorAzureActiveDirectoryArrayOutput
}

DataConnectorAzureActiveDirectoryArrayInput is an input type that accepts DataConnectorAzureActiveDirectoryArray and DataConnectorAzureActiveDirectoryArrayOutput values. You can construct a concrete instance of `DataConnectorAzureActiveDirectoryArrayInput` via: 

DataConnectorAzureActiveDirectoryArray{ DataConnectorAzureActiveDirectoryArgs{...} }

type DataConnectorAzureActiveDirectoryArrayOutput 

type DataConnectorAzureActiveDirectoryArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureActiveDirectoryArrayOutput) ElementType 

func (DataConnectorAzureActiveDirectoryArrayOutput) ElementType() reflect.Type

func (DataConnectorAzureActiveDirectoryArrayOutput) Index 

func (o DataConnectorAzureActiveDirectoryArrayOutput) Index(i pulumi.IntInput) DataConnectorAzureActiveDirectoryOutput

func (DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutput 

func (o DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutput() DataConnectorAzureActiveDirectoryArrayOutput

func (DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext 

func (o DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryArrayOutput

type DataConnectorAzureActiveDirectoryInput 

type DataConnectorAzureActiveDirectoryInput interface {
	pulumi.Input

	ToDataConnectorAzureActiveDirectoryOutput() DataConnectorAzureActiveDirectoryOutput
	ToDataConnectorAzureActiveDirectoryOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryOutput
}

type DataConnectorAzureActiveDirectoryMap 

type DataConnectorAzureActiveDirectoryMap map[string]DataConnectorAzureActiveDirectoryInput

func (DataConnectorAzureActiveDirectoryMap) ElementType 

func (DataConnectorAzureActiveDirectoryMap) ElementType() reflect.Type

func (DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutput 

func (i DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutput() DataConnectorAzureActiveDirectoryMapOutput

func (DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutputWithContext 

func (i DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryMapOutput

type DataConnectorAzureActiveDirectoryMapInput 

type DataConnectorAzureActiveDirectoryMapInput interface {
	pulumi.Input

	ToDataConnectorAzureActiveDirectoryMapOutput() DataConnectorAzureActiveDirectoryMapOutput
	ToDataConnectorAzureActiveDirectoryMapOutputWithContext(context.Context) DataConnectorAzureActiveDirectoryMapOutput
}

DataConnectorAzureActiveDirectoryMapInput is an input type that accepts DataConnectorAzureActiveDirectoryMap and DataConnectorAzureActiveDirectoryMapOutput values. You can construct a concrete instance of `DataConnectorAzureActiveDirectoryMapInput` via: 

DataConnectorAzureActiveDirectoryMap{ "key": DataConnectorAzureActiveDirectoryArgs{...} }

type DataConnectorAzureActiveDirectoryMapOutput 

type DataConnectorAzureActiveDirectoryMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureActiveDirectoryMapOutput) ElementType 

func (DataConnectorAzureActiveDirectoryMapOutput) ElementType() reflect.Type

func (DataConnectorAzureActiveDirectoryMapOutput) MapIndex 

func (o DataConnectorAzureActiveDirectoryMapOutput) MapIndex(k pulumi.StringInput) DataConnectorAzureActiveDirectoryOutput

func (DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutput 

func (o DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutput() DataConnectorAzureActiveDirectoryMapOutput

func (DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutputWithContext 

func (o DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryMapOutput

type DataConnectorAzureActiveDirectoryOutput 

type DataConnectorAzureActiveDirectoryOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureActiveDirectoryOutput) ElementType 

func (DataConnectorAzureActiveDirectoryOutput) ElementType() reflect.Type

func (DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutput 

func (o DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutput() DataConnectorAzureActiveDirectoryOutput

func (DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutputWithContext 

func (o DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryOutput

type DataConnectorAzureActiveDirectoryState 

type DataConnectorAzureActiveDirectoryState struct {
	// The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. Changing this forces a new Azure Active Directory Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Azure Active Directory Data Connector. Changing this forces a new Azure Active Directory Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorAzureActiveDirectoryState) ElementType 

func (DataConnectorAzureActiveDirectoryState) ElementType() reflect.Type

type DataConnectorAzureAdvancedThreadProtection 

type DataConnectorAzureAdvancedThreadProtection struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Azure Advanced Threat Protection Data Connector. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Azure Advanced Threat Protection Data Connector.

!> **NOTE:** This resource requires that [Enterprise Mobility + Security E5](https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security) is enabled on the tenant being connected to.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAzureAdvancedThreadProtection(ctx, "exampleDataConnectorAzureAdvancedThreadProtection", &sentinel.DataConnectorAzureAdvancedThreadProtectionArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure Advanced Threat Protection Data Connectors can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/dataConnectorAzureAdvancedThreadProtection:DataConnectorAzureAdvancedThreadProtection example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorAzureAdvancedThreadProtection 

func GetDataConnectorAzureAdvancedThreadProtection(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAzureAdvancedThreadProtectionState, opts ...pulumi.ResourceOption) (*DataConnectorAzureAdvancedThreadProtection, error)

GetDataConnectorAzureAdvancedThreadProtection gets an existing DataConnectorAzureAdvancedThreadProtection resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAzureAdvancedThreadProtection 

func NewDataConnectorAzureAdvancedThreadProtection(ctx *pulumi.Context,
	name string, args *DataConnectorAzureAdvancedThreadProtectionArgs, opts ...pulumi.ResourceOption) (*DataConnectorAzureAdvancedThreadProtection, error)

NewDataConnectorAzureAdvancedThreadProtection registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAzureAdvancedThreadProtection) ElementType 

func (*DataConnectorAzureAdvancedThreadProtection) ElementType() reflect.Type

func (*DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutput 

func (i *DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutput() DataConnectorAzureAdvancedThreadProtectionOutput

func (*DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext 

func (i *DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionOutput

type DataConnectorAzureAdvancedThreadProtectionArgs 

type DataConnectorAzureAdvancedThreadProtectionArgs struct {
	// The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Azure Advanced Threat Protection Data Connector. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAzureAdvancedThreadProtection resource.

func (DataConnectorAzureAdvancedThreadProtectionArgs) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionArgs) ElementType() reflect.Type

type DataConnectorAzureAdvancedThreadProtectionArray 

type DataConnectorAzureAdvancedThreadProtectionArray []DataConnectorAzureAdvancedThreadProtectionInput

func (DataConnectorAzureAdvancedThreadProtectionArray) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionArray) ElementType() reflect.Type

func (DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutput 

func (i DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutput() DataConnectorAzureAdvancedThreadProtectionArrayOutput

func (DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext 

func (i DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionArrayOutput

type DataConnectorAzureAdvancedThreadProtectionArrayInput 

type DataConnectorAzureAdvancedThreadProtectionArrayInput interface {
	pulumi.Input

	ToDataConnectorAzureAdvancedThreadProtectionArrayOutput() DataConnectorAzureAdvancedThreadProtectionArrayOutput
	ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext(context.Context) DataConnectorAzureAdvancedThreadProtectionArrayOutput
}

DataConnectorAzureAdvancedThreadProtectionArrayInput is an input type that accepts DataConnectorAzureAdvancedThreadProtectionArray and DataConnectorAzureAdvancedThreadProtectionArrayOutput values. You can construct a concrete instance of `DataConnectorAzureAdvancedThreadProtectionArrayInput` via: 

DataConnectorAzureAdvancedThreadProtectionArray{ DataConnectorAzureAdvancedThreadProtectionArgs{...} }

type DataConnectorAzureAdvancedThreadProtectionArrayOutput 

type DataConnectorAzureAdvancedThreadProtectionArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) ElementType() reflect.Type

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) Index 

func (o DataConnectorAzureAdvancedThreadProtectionArrayOutput) Index(i pulumi.IntInput) DataConnectorAzureAdvancedThreadProtectionOutput

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) ToDataConnectorAzureAdvancedThreadProtectionArrayOutput 

func (o DataConnectorAzureAdvancedThreadProtectionArrayOutput) ToDataConnectorAzureAdvancedThreadProtectionArrayOutput() DataConnectorAzureAdvancedThreadProtectionArrayOutput

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext 

func (o DataConnectorAzureAdvancedThreadProtectionArrayOutput) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionArrayOutput

type DataConnectorAzureAdvancedThreadProtectionInput 

type DataConnectorAzureAdvancedThreadProtectionInput interface {
	pulumi.Input

	ToDataConnectorAzureAdvancedThreadProtectionOutput() DataConnectorAzureAdvancedThreadProtectionOutput
	ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionOutput
}

type DataConnectorAzureAdvancedThreadProtectionMap 

type DataConnectorAzureAdvancedThreadProtectionMap map[string]DataConnectorAzureAdvancedThreadProtectionInput

func (DataConnectorAzureAdvancedThreadProtectionMap) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionMap) ElementType() reflect.Type

func (DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutput 

func (i DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutput() DataConnectorAzureAdvancedThreadProtectionMapOutput

func (DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext 

func (i DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionMapOutput

type DataConnectorAzureAdvancedThreadProtectionMapInput 

type DataConnectorAzureAdvancedThreadProtectionMapInput interface {
	pulumi.Input

	ToDataConnectorAzureAdvancedThreadProtectionMapOutput() DataConnectorAzureAdvancedThreadProtectionMapOutput
	ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext(context.Context) DataConnectorAzureAdvancedThreadProtectionMapOutput
}

DataConnectorAzureAdvancedThreadProtectionMapInput is an input type that accepts DataConnectorAzureAdvancedThreadProtectionMap and DataConnectorAzureAdvancedThreadProtectionMapOutput values. You can construct a concrete instance of `DataConnectorAzureAdvancedThreadProtectionMapInput` via: 

DataConnectorAzureAdvancedThreadProtectionMap{ "key": DataConnectorAzureAdvancedThreadProtectionArgs{...} }

type DataConnectorAzureAdvancedThreadProtectionMapOutput 

type DataConnectorAzureAdvancedThreadProtectionMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) ElementType() reflect.Type

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) MapIndex 

func (o DataConnectorAzureAdvancedThreadProtectionMapOutput) MapIndex(k pulumi.StringInput) DataConnectorAzureAdvancedThreadProtectionOutput

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutput 

func (o DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutput() DataConnectorAzureAdvancedThreadProtectionMapOutput

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext 

func (o DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionMapOutput

type DataConnectorAzureAdvancedThreadProtectionOutput 

type DataConnectorAzureAdvancedThreadProtectionOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureAdvancedThreadProtectionOutput) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionOutput) ElementType() reflect.Type

func (DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutput 

func (o DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutput() DataConnectorAzureAdvancedThreadProtectionOutput

func (DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext 

func (o DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionOutput

type DataConnectorAzureAdvancedThreadProtectionState 

type DataConnectorAzureAdvancedThreadProtectionState struct {
	// The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Azure Advanced Threat Protection Data Connector. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorAzureAdvancedThreadProtectionState) ElementType 

func (DataConnectorAzureAdvancedThreadProtectionState) ElementType() reflect.Type

type DataConnectorAzureSecurityCenter 

type DataConnectorAzureSecurityCenter struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. Changing this forces a new Azure Security Center Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Azure Security Center Data Connector. Changing this forces a new Azure Security Center Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the subscription that this Azure Security Center Data Connector connects to. Changing this forces a new Azure Security Center Data Connector to be created.
	SubscriptionId pulumi.StringOutput `pulumi:"subscriptionId"`
}

Manages a Azure Security Center Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAzureSecurityCenter(ctx, "exampleDataConnectorAzureSecurityCenter", &sentinel.DataConnectorAzureSecurityCenterArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure Security Center Data Connectors can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/dataConnectorAzureSecurityCenter:DataConnectorAzureSecurityCenter example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorAzureSecurityCenter 

func GetDataConnectorAzureSecurityCenter(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAzureSecurityCenterState, opts ...pulumi.ResourceOption) (*DataConnectorAzureSecurityCenter, error)

GetDataConnectorAzureSecurityCenter gets an existing DataConnectorAzureSecurityCenter resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAzureSecurityCenter 

func NewDataConnectorAzureSecurityCenter(ctx *pulumi.Context,
	name string, args *DataConnectorAzureSecurityCenterArgs, opts ...pulumi.ResourceOption) (*DataConnectorAzureSecurityCenter, error)

NewDataConnectorAzureSecurityCenter registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAzureSecurityCenter) ElementType 

func (*DataConnectorAzureSecurityCenter) ElementType() reflect.Type

func (*DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutput 

func (i *DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutput() DataConnectorAzureSecurityCenterOutput

func (*DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutputWithContext 

func (i *DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterOutput

type DataConnectorAzureSecurityCenterArgs 

type DataConnectorAzureSecurityCenterArgs struct {
	// The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. Changing this forces a new Azure Security Center Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Azure Security Center Data Connector. Changing this forces a new Azure Security Center Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the subscription that this Azure Security Center Data Connector connects to. Changing this forces a new Azure Security Center Data Connector to be created.
	SubscriptionId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAzureSecurityCenter resource.

func (DataConnectorAzureSecurityCenterArgs) ElementType 

func (DataConnectorAzureSecurityCenterArgs) ElementType() reflect.Type

type DataConnectorAzureSecurityCenterArray 

type DataConnectorAzureSecurityCenterArray []DataConnectorAzureSecurityCenterInput

func (DataConnectorAzureSecurityCenterArray) ElementType 

func (DataConnectorAzureSecurityCenterArray) ElementType() reflect.Type

func (DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutput 

func (i DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutput() DataConnectorAzureSecurityCenterArrayOutput

func (DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutputWithContext 

func (i DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterArrayOutput

type DataConnectorAzureSecurityCenterArrayInput 

type DataConnectorAzureSecurityCenterArrayInput interface {
	pulumi.Input

	ToDataConnectorAzureSecurityCenterArrayOutput() DataConnectorAzureSecurityCenterArrayOutput
	ToDataConnectorAzureSecurityCenterArrayOutputWithContext(context.Context) DataConnectorAzureSecurityCenterArrayOutput
}

DataConnectorAzureSecurityCenterArrayInput is an input type that accepts DataConnectorAzureSecurityCenterArray and DataConnectorAzureSecurityCenterArrayOutput values. You can construct a concrete instance of `DataConnectorAzureSecurityCenterArrayInput` via: 

DataConnectorAzureSecurityCenterArray{ DataConnectorAzureSecurityCenterArgs{...} }

type DataConnectorAzureSecurityCenterArrayOutput 

type DataConnectorAzureSecurityCenterArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureSecurityCenterArrayOutput) ElementType 

func (DataConnectorAzureSecurityCenterArrayOutput) ElementType() reflect.Type

func (DataConnectorAzureSecurityCenterArrayOutput) Index 

func (o DataConnectorAzureSecurityCenterArrayOutput) Index(i pulumi.IntInput) DataConnectorAzureSecurityCenterOutput

func (DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutput 

func (o DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutput() DataConnectorAzureSecurityCenterArrayOutput

func (DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutputWithContext 

func (o DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterArrayOutput

type DataConnectorAzureSecurityCenterInput 

type DataConnectorAzureSecurityCenterInput interface {
	pulumi.Input

	ToDataConnectorAzureSecurityCenterOutput() DataConnectorAzureSecurityCenterOutput
	ToDataConnectorAzureSecurityCenterOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterOutput
}

type DataConnectorAzureSecurityCenterMap 

type DataConnectorAzureSecurityCenterMap map[string]DataConnectorAzureSecurityCenterInput

func (DataConnectorAzureSecurityCenterMap) ElementType 

func (DataConnectorAzureSecurityCenterMap) ElementType() reflect.Type

func (DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutput 

func (i DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutput() DataConnectorAzureSecurityCenterMapOutput

func (DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutputWithContext 

func (i DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterMapOutput

type DataConnectorAzureSecurityCenterMapInput 

type DataConnectorAzureSecurityCenterMapInput interface {
	pulumi.Input

	ToDataConnectorAzureSecurityCenterMapOutput() DataConnectorAzureSecurityCenterMapOutput
	ToDataConnectorAzureSecurityCenterMapOutputWithContext(context.Context) DataConnectorAzureSecurityCenterMapOutput
}

DataConnectorAzureSecurityCenterMapInput is an input type that accepts DataConnectorAzureSecurityCenterMap and DataConnectorAzureSecurityCenterMapOutput values. You can construct a concrete instance of `DataConnectorAzureSecurityCenterMapInput` via: 

DataConnectorAzureSecurityCenterMap{ "key": DataConnectorAzureSecurityCenterArgs{...} }

type DataConnectorAzureSecurityCenterMapOutput 

type DataConnectorAzureSecurityCenterMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureSecurityCenterMapOutput) ElementType 

func (DataConnectorAzureSecurityCenterMapOutput) ElementType() reflect.Type

func (DataConnectorAzureSecurityCenterMapOutput) MapIndex 

func (o DataConnectorAzureSecurityCenterMapOutput) MapIndex(k pulumi.StringInput) DataConnectorAzureSecurityCenterOutput

func (DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutput 

func (o DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutput() DataConnectorAzureSecurityCenterMapOutput

func (DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutputWithContext 

func (o DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterMapOutput

type DataConnectorAzureSecurityCenterOutput 

type DataConnectorAzureSecurityCenterOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureSecurityCenterOutput) ElementType 

func (DataConnectorAzureSecurityCenterOutput) ElementType() reflect.Type

func (DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutput 

func (o DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutput() DataConnectorAzureSecurityCenterOutput

func (DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutputWithContext 

func (o DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterOutput

type DataConnectorAzureSecurityCenterState 

type DataConnectorAzureSecurityCenterState struct {
	// The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. Changing this forces a new Azure Security Center Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Azure Security Center Data Connector. Changing this forces a new Azure Security Center Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the subscription that this Azure Security Center Data Connector connects to. Changing this forces a new Azure Security Center Data Connector to be created.
	SubscriptionId pulumi.StringPtrInput
}

func (DataConnectorAzureSecurityCenterState) ElementType 

func (DataConnectorAzureSecurityCenterState) ElementType() reflect.Type

type DataConnectorMicrosoftCloudAppSecurity 

type DataConnectorMicrosoftCloudAppSecurity struct {
	pulumi.CustomResourceState

	// Should the alerts be enabled? Defaults to `true`.
	AlertsEnabled pulumi.BoolPtrOutput `pulumi:"alertsEnabled"`
	// Should the Discovery Logs be enabled? Defaults to `true`.
	DiscoveryLogsEnabled pulumi.BoolPtrOutput `pulumi:"discoveryLogsEnabled"`
	// The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Microsoft Cloud App Security Data Connector. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Microsoft Cloud App Security Data Connector. 

!> **NOTE:** This resource requires that [Enterprise Mobility + Security E5](https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security) is enabled on the tenant being connected to.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorMicrosoftCloudAppSecurity(ctx, "exampleDataConnectorMicrosoftCloudAppSecurity", &sentinel.DataConnectorMicrosoftCloudAppSecurityArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Microsoft Cloud App Security Data Connectors can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/dataConnectorMicrosoftCloudAppSecurity:DataConnectorMicrosoftCloudAppSecurity example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorMicrosoftCloudAppSecurity 

func GetDataConnectorMicrosoftCloudAppSecurity(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorMicrosoftCloudAppSecurityState, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftCloudAppSecurity, error)

GetDataConnectorMicrosoftCloudAppSecurity gets an existing DataConnectorMicrosoftCloudAppSecurity resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorMicrosoftCloudAppSecurity 

func NewDataConnectorMicrosoftCloudAppSecurity(ctx *pulumi.Context,
	name string, args *DataConnectorMicrosoftCloudAppSecurityArgs, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftCloudAppSecurity, error)

NewDataConnectorMicrosoftCloudAppSecurity registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorMicrosoftCloudAppSecurity) ElementType 

func (*DataConnectorMicrosoftCloudAppSecurity) ElementType() reflect.Type

func (*DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutput 

func (i *DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutput() DataConnectorMicrosoftCloudAppSecurityOutput

func (*DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext 

func (i *DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityOutput

type DataConnectorMicrosoftCloudAppSecurityArgs 

type DataConnectorMicrosoftCloudAppSecurityArgs struct {
	// Should the alerts be enabled? Defaults to `true`.
	AlertsEnabled pulumi.BoolPtrInput
	// Should the Discovery Logs be enabled? Defaults to `true`.
	DiscoveryLogsEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Microsoft Cloud App Security Data Connector. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorMicrosoftCloudAppSecurity resource.

func (DataConnectorMicrosoftCloudAppSecurityArgs) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityArgs) ElementType() reflect.Type

type DataConnectorMicrosoftCloudAppSecurityArray 

type DataConnectorMicrosoftCloudAppSecurityArray []DataConnectorMicrosoftCloudAppSecurityInput

func (DataConnectorMicrosoftCloudAppSecurityArray) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityArray) ElementType() reflect.Type

func (DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput 

func (i DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput() DataConnectorMicrosoftCloudAppSecurityArrayOutput

func (DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext 

func (i DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityArrayOutput

type DataConnectorMicrosoftCloudAppSecurityArrayInput 

type DataConnectorMicrosoftCloudAppSecurityArrayInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftCloudAppSecurityArrayOutput() DataConnectorMicrosoftCloudAppSecurityArrayOutput
	ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext(context.Context) DataConnectorMicrosoftCloudAppSecurityArrayOutput
}

DataConnectorMicrosoftCloudAppSecurityArrayInput is an input type that accepts DataConnectorMicrosoftCloudAppSecurityArray and DataConnectorMicrosoftCloudAppSecurityArrayOutput values. You can construct a concrete instance of `DataConnectorMicrosoftCloudAppSecurityArrayInput` via: 

DataConnectorMicrosoftCloudAppSecurityArray{ DataConnectorMicrosoftCloudAppSecurityArgs{...} }

type DataConnectorMicrosoftCloudAppSecurityArrayOutput 

type DataConnectorMicrosoftCloudAppSecurityArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) Index 

func (o DataConnectorMicrosoftCloudAppSecurityArrayOutput) Index(i pulumi.IntInput) DataConnectorMicrosoftCloudAppSecurityOutput

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput 

func (o DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput() DataConnectorMicrosoftCloudAppSecurityArrayOutput

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext 

func (o DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityArrayOutput

type DataConnectorMicrosoftCloudAppSecurityInput 

type DataConnectorMicrosoftCloudAppSecurityInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftCloudAppSecurityOutput() DataConnectorMicrosoftCloudAppSecurityOutput
	ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityOutput
}

type DataConnectorMicrosoftCloudAppSecurityMap 

type DataConnectorMicrosoftCloudAppSecurityMap map[string]DataConnectorMicrosoftCloudAppSecurityInput

func (DataConnectorMicrosoftCloudAppSecurityMap) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityMap) ElementType() reflect.Type

func (DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutput 

func (i DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutput() DataConnectorMicrosoftCloudAppSecurityMapOutput

func (DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext 

func (i DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityMapOutput

type DataConnectorMicrosoftCloudAppSecurityMapInput 

type DataConnectorMicrosoftCloudAppSecurityMapInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftCloudAppSecurityMapOutput() DataConnectorMicrosoftCloudAppSecurityMapOutput
	ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext(context.Context) DataConnectorMicrosoftCloudAppSecurityMapOutput
}

DataConnectorMicrosoftCloudAppSecurityMapInput is an input type that accepts DataConnectorMicrosoftCloudAppSecurityMap and DataConnectorMicrosoftCloudAppSecurityMapOutput values. You can construct a concrete instance of `DataConnectorMicrosoftCloudAppSecurityMapInput` via: 

DataConnectorMicrosoftCloudAppSecurityMap{ "key": DataConnectorMicrosoftCloudAppSecurityArgs{...} }

type DataConnectorMicrosoftCloudAppSecurityMapOutput 

type DataConnectorMicrosoftCloudAppSecurityMapOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) MapIndex 

func (o DataConnectorMicrosoftCloudAppSecurityMapOutput) MapIndex(k pulumi.StringInput) DataConnectorMicrosoftCloudAppSecurityOutput

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutput 

func (o DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutput() DataConnectorMicrosoftCloudAppSecurityMapOutput

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext 

func (o DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityMapOutput

type DataConnectorMicrosoftCloudAppSecurityOutput 

type DataConnectorMicrosoftCloudAppSecurityOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftCloudAppSecurityOutput) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutput 

func (o DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutput() DataConnectorMicrosoftCloudAppSecurityOutput

func (DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext 

func (o DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityOutput

type DataConnectorMicrosoftCloudAppSecurityState 

type DataConnectorMicrosoftCloudAppSecurityState struct {
	// Should the alerts be enabled? Defaults to `true`.
	AlertsEnabled pulumi.BoolPtrInput
	// Should the Discovery Logs be enabled? Defaults to `true`.
	DiscoveryLogsEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Microsoft Cloud App Security Data Connector. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorMicrosoftCloudAppSecurityState) ElementType 

func (DataConnectorMicrosoftCloudAppSecurityState) ElementType() reflect.Type

type DataConnectorMicrosoftDefenderAdvancedThreatProtection added in v4.1.0 

type DataConnectorMicrosoftDefenderAdvancedThreatProtection struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Microsoft Defender Advanced Threat Protection Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorMicrosoftDefenderAdvancedThreatProtection(ctx, "exampleDataConnectorMicrosoftDefenderAdvancedThreatProtection", &sentinel.DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Microsoft Defender Advanced Threat Protection Data Connectors can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/dataConnectorMicrosoftDefenderAdvancedThreatProtection:DataConnectorMicrosoftDefenderAdvancedThreatProtection example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorMicrosoftDefenderAdvancedThreatProtection added in v4.1.0 

func GetDataConnectorMicrosoftDefenderAdvancedThreatProtection(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorMicrosoftDefenderAdvancedThreatProtectionState, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftDefenderAdvancedThreatProtection, error)

GetDataConnectorMicrosoftDefenderAdvancedThreatProtection gets an existing DataConnectorMicrosoftDefenderAdvancedThreatProtection resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorMicrosoftDefenderAdvancedThreatProtection added in v4.1.0 

func NewDataConnectorMicrosoftDefenderAdvancedThreatProtection(ctx *pulumi.Context,
	name string, args *DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftDefenderAdvancedThreatProtection, error)

NewDataConnectorMicrosoftDefenderAdvancedThreatProtection registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorMicrosoftDefenderAdvancedThreatProtection) ElementType added in v4.1.0 

func (*DataConnectorMicrosoftDefenderAdvancedThreatProtection) ElementType() reflect.Type

func (*DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput added in v4.1.0 

func (i *DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

func (*DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext added in v4.1.0 

func (i *DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs added in v4.1.0 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs struct {
	// The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorMicrosoftDefenderAdvancedThreatProtection resource.

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs) ElementType added in v4.1.0 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs) ElementType() reflect.Type

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray added in v4.1.0 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray []DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ElementType added in v4.1.0 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ElementType() reflect.Type

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput added in v4.1.0 

func (i DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext added in v4.1.0 

func (i DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput added in v4.1.0 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput
	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext(context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput
}

DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput is an input type that accepts DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray and DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput values. You can construct a concrete instance of `DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput` via: 

DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray{ DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs{...} }

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput added in v4.1.0 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ElementType added in v4.1.0 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) Index added in v4.1.0 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) Index(i pulumi.IntInput) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput added in v4.1.0 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext added in v4.1.0 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput added in v4.1.0 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput
	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput
}

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap added in v4.1.0 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap map[string]DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ElementType added in v4.1.0 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ElementType() reflect.Type

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput added in v4.1.0 

func (i DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext added in v4.1.0 

func (i DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput added in v4.1.0 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput
	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext(context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput
}

DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput is an input type that accepts DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap and DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput values. You can construct a concrete instance of `DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput` via: 

DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap{ "key": DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs{...} }

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput added in v4.1.0 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ElementType added in v4.1.0 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) MapIndex added in v4.1.0 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) MapIndex(k pulumi.StringInput) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput added in v4.1.0 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext added in v4.1.0 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput added in v4.1.0 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ElementType added in v4.1.0 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ElementType() reflect.Type

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput added in v4.1.0 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext added in v4.1.0 

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionState added in v4.1.0 

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionState struct {
	// The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionState) ElementType added in v4.1.0 

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionState) ElementType() reflect.Type

type DataConnectorOffice365 

type DataConnectorOffice365 struct {
	pulumi.CustomResourceState

	// Should the Exchange data connector be enabled? Defaults to `true`.
	ExchangeEnabled pulumi.BoolPtrOutput `pulumi:"exchangeEnabled"`
	// The ID of the Log Analytics Workspace that this Office 365 Data Connector resides in. Changing this forces a new Office 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Office 365 Data Connector. Changing this forces a new Office 365 Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// Should the SharePoint data connector be enabled? Defaults to `true`.
	SharepointEnabled pulumi.BoolPtrOutput `pulumi:"sharepointEnabled"`
	// Should the Microsoft Teams data connector be enabled? Defaults to `true`.
	TeamsEnabled pulumi.BoolPtrOutput `pulumi:"teamsEnabled"`
	// The ID of the Tenant that this Office 365 Data Connector connects to. Changing this forces a new Office 365 Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Office 365 Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorOffice365(ctx, "exampleDataConnectorOffice365", &sentinel.DataConnectorOffice365Args{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Office 365 Data Connectors can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/dataConnectorOffice365:DataConnectorOffice365 example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorOffice365 

func GetDataConnectorOffice365(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorOffice365State, opts ...pulumi.ResourceOption) (*DataConnectorOffice365, error)

GetDataConnectorOffice365 gets an existing DataConnectorOffice365 resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorOffice365 

func NewDataConnectorOffice365(ctx *pulumi.Context,
	name string, args *DataConnectorOffice365Args, opts ...pulumi.ResourceOption) (*DataConnectorOffice365, error)

NewDataConnectorOffice365 registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorOffice365) ElementType 

func (*DataConnectorOffice365) ElementType() reflect.Type

func (*DataConnectorOffice365) ToDataConnectorOffice365Output 

func (i *DataConnectorOffice365) ToDataConnectorOffice365Output() DataConnectorOffice365Output

func (*DataConnectorOffice365) ToDataConnectorOffice365OutputWithContext 

func (i *DataConnectorOffice365) ToDataConnectorOffice365OutputWithContext(ctx context.Context) DataConnectorOffice365Output

type DataConnectorOffice365Args 

type DataConnectorOffice365Args struct {
	// Should the Exchange data connector be enabled? Defaults to `true`.
	ExchangeEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Office 365 Data Connector resides in. Changing this forces a new Office 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Office 365 Data Connector. Changing this forces a new Office 365 Data Connector to be created.
	Name pulumi.StringPtrInput
	// Should the SharePoint data connector be enabled? Defaults to `true`.
	SharepointEnabled pulumi.BoolPtrInput
	// Should the Microsoft Teams data connector be enabled? Defaults to `true`.
	TeamsEnabled pulumi.BoolPtrInput
	// The ID of the Tenant that this Office 365 Data Connector connects to. Changing this forces a new Office 365 Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorOffice365 resource.

func (DataConnectorOffice365Args) ElementType 

func (DataConnectorOffice365Args) ElementType() reflect.Type

type DataConnectorOffice365Array 

type DataConnectorOffice365Array []DataConnectorOffice365Input

func (DataConnectorOffice365Array) ElementType 

func (DataConnectorOffice365Array) ElementType() reflect.Type

func (DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutput 

func (i DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutput() DataConnectorOffice365ArrayOutput

func (DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutputWithContext 

func (i DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutputWithContext(ctx context.Context) DataConnectorOffice365ArrayOutput

type DataConnectorOffice365ArrayInput 

type DataConnectorOffice365ArrayInput interface {
	pulumi.Input

	ToDataConnectorOffice365ArrayOutput() DataConnectorOffice365ArrayOutput
	ToDataConnectorOffice365ArrayOutputWithContext(context.Context) DataConnectorOffice365ArrayOutput
}

DataConnectorOffice365ArrayInput is an input type that accepts DataConnectorOffice365Array and DataConnectorOffice365ArrayOutput values. You can construct a concrete instance of `DataConnectorOffice365ArrayInput` via: 

DataConnectorOffice365Array{ DataConnectorOffice365Args{...} }

type DataConnectorOffice365ArrayOutput 

type DataConnectorOffice365ArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorOffice365ArrayOutput) ElementType 

func (DataConnectorOffice365ArrayOutput) ElementType() reflect.Type

func (DataConnectorOffice365ArrayOutput) Index 

func (o DataConnectorOffice365ArrayOutput) Index(i pulumi.IntInput) DataConnectorOffice365Output

func (DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutput 

func (o DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutput() DataConnectorOffice365ArrayOutput

func (DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutputWithContext 

func (o DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutputWithContext(ctx context.Context) DataConnectorOffice365ArrayOutput

type DataConnectorOffice365Input 

type DataConnectorOffice365Input interface {
	pulumi.Input

	ToDataConnectorOffice365Output() DataConnectorOffice365Output
	ToDataConnectorOffice365OutputWithContext(ctx context.Context) DataConnectorOffice365Output
}

type DataConnectorOffice365Map 

type DataConnectorOffice365Map map[string]DataConnectorOffice365Input

func (DataConnectorOffice365Map) ElementType 

func (DataConnectorOffice365Map) ElementType() reflect.Type

func (DataConnectorOffice365Map) ToDataConnectorOffice365MapOutput 

func (i DataConnectorOffice365Map) ToDataConnectorOffice365MapOutput() DataConnectorOffice365MapOutput

func (DataConnectorOffice365Map) ToDataConnectorOffice365MapOutputWithContext 

func (i DataConnectorOffice365Map) ToDataConnectorOffice365MapOutputWithContext(ctx context.Context) DataConnectorOffice365MapOutput

type DataConnectorOffice365MapInput 

type DataConnectorOffice365MapInput interface {
	pulumi.Input

	ToDataConnectorOffice365MapOutput() DataConnectorOffice365MapOutput
	ToDataConnectorOffice365MapOutputWithContext(context.Context) DataConnectorOffice365MapOutput
}

DataConnectorOffice365MapInput is an input type that accepts DataConnectorOffice365Map and DataConnectorOffice365MapOutput values. You can construct a concrete instance of `DataConnectorOffice365MapInput` via: 

DataConnectorOffice365Map{ "key": DataConnectorOffice365Args{...} }

type DataConnectorOffice365MapOutput 

type DataConnectorOffice365MapOutput struct{ *pulumi.OutputState }

func (DataConnectorOffice365MapOutput) ElementType 

func (DataConnectorOffice365MapOutput) ElementType() reflect.Type

func (DataConnectorOffice365MapOutput) MapIndex 

func (o DataConnectorOffice365MapOutput) MapIndex(k pulumi.StringInput) DataConnectorOffice365Output

func (DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutput 

func (o DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutput() DataConnectorOffice365MapOutput

func (DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutputWithContext 

func (o DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutputWithContext(ctx context.Context) DataConnectorOffice365MapOutput

type DataConnectorOffice365Output 

type DataConnectorOffice365Output struct{ *pulumi.OutputState }

func (DataConnectorOffice365Output) ElementType 

func (DataConnectorOffice365Output) ElementType() reflect.Type

func (DataConnectorOffice365Output) ToDataConnectorOffice365Output 

func (o DataConnectorOffice365Output) ToDataConnectorOffice365Output() DataConnectorOffice365Output

func (DataConnectorOffice365Output) ToDataConnectorOffice365OutputWithContext 

func (o DataConnectorOffice365Output) ToDataConnectorOffice365OutputWithContext(ctx context.Context) DataConnectorOffice365Output

type DataConnectorOffice365State 

type DataConnectorOffice365State struct {
	// Should the Exchange data connector be enabled? Defaults to `true`.
	ExchangeEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Office 365 Data Connector resides in. Changing this forces a new Office 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Office 365 Data Connector. Changing this forces a new Office 365 Data Connector to be created.
	Name pulumi.StringPtrInput
	// Should the SharePoint data connector be enabled? Defaults to `true`.
	SharepointEnabled pulumi.BoolPtrInput
	// Should the Microsoft Teams data connector be enabled? Defaults to `true`.
	TeamsEnabled pulumi.BoolPtrInput
	// The ID of the Tenant that this Office 365 Data Connector connects to. Changing this forces a new Office 365 Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorOffice365State) ElementType 

func (DataConnectorOffice365State) ElementType() reflect.Type

type DataConnectorThreatIntelligence 

type DataConnectorThreatIntelligence struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Threat Intelligence Data Connector resides in. Changing this forces a new Threat Intelligence Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Threat Intelligence Data Connector.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorThreatIntelligence(ctx, "exampleDataConnectorThreatIntelligence", &sentinel.DataConnectorThreatIntelligenceArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Threat Intelligence Data Connectors can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/dataConnectorThreatIntelligence:DataConnectorThreatIntelligence example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorThreatIntelligence 

func GetDataConnectorThreatIntelligence(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorThreatIntelligenceState, opts ...pulumi.ResourceOption) (*DataConnectorThreatIntelligence, error)

GetDataConnectorThreatIntelligence gets an existing DataConnectorThreatIntelligence resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorThreatIntelligence 

func NewDataConnectorThreatIntelligence(ctx *pulumi.Context,
	name string, args *DataConnectorThreatIntelligenceArgs, opts ...pulumi.ResourceOption) (*DataConnectorThreatIntelligence, error)

NewDataConnectorThreatIntelligence registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorThreatIntelligence) ElementType 

func (*DataConnectorThreatIntelligence) ElementType() reflect.Type

func (*DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutput 

func (i *DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutput() DataConnectorThreatIntelligenceOutput

func (*DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutputWithContext 

func (i *DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceOutput

type DataConnectorThreatIntelligenceArgs 

type DataConnectorThreatIntelligenceArgs struct {
	// The ID of the Log Analytics Workspace that this Threat Intelligence Data Connector resides in. Changing this forces a new Threat Intelligence Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorThreatIntelligence resource.

func (DataConnectorThreatIntelligenceArgs) ElementType 

func (DataConnectorThreatIntelligenceArgs) ElementType() reflect.Type

type DataConnectorThreatIntelligenceArray 

type DataConnectorThreatIntelligenceArray []DataConnectorThreatIntelligenceInput

func (DataConnectorThreatIntelligenceArray) ElementType 

func (DataConnectorThreatIntelligenceArray) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutput 

func (i DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutput() DataConnectorThreatIntelligenceArrayOutput

func (DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutputWithContext 

func (i DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceArrayOutput

type DataConnectorThreatIntelligenceArrayInput 

type DataConnectorThreatIntelligenceArrayInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceArrayOutput() DataConnectorThreatIntelligenceArrayOutput
	ToDataConnectorThreatIntelligenceArrayOutputWithContext(context.Context) DataConnectorThreatIntelligenceArrayOutput
}

DataConnectorThreatIntelligenceArrayInput is an input type that accepts DataConnectorThreatIntelligenceArray and DataConnectorThreatIntelligenceArrayOutput values. You can construct a concrete instance of `DataConnectorThreatIntelligenceArrayInput` via: 

DataConnectorThreatIntelligenceArray{ DataConnectorThreatIntelligenceArgs{...} }

type DataConnectorThreatIntelligenceArrayOutput 

type DataConnectorThreatIntelligenceArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceArrayOutput) ElementType 

func (DataConnectorThreatIntelligenceArrayOutput) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceArrayOutput) Index 

func (o DataConnectorThreatIntelligenceArrayOutput) Index(i pulumi.IntInput) DataConnectorThreatIntelligenceOutput

func (DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutput 

func (o DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutput() DataConnectorThreatIntelligenceArrayOutput

func (DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutputWithContext 

func (o DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceArrayOutput

type DataConnectorThreatIntelligenceInput 

type DataConnectorThreatIntelligenceInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceOutput() DataConnectorThreatIntelligenceOutput
	ToDataConnectorThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceOutput
}

type DataConnectorThreatIntelligenceMap 

type DataConnectorThreatIntelligenceMap map[string]DataConnectorThreatIntelligenceInput

func (DataConnectorThreatIntelligenceMap) ElementType 

func (DataConnectorThreatIntelligenceMap) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutput 

func (i DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutput() DataConnectorThreatIntelligenceMapOutput

func (DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutputWithContext 

func (i DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceMapOutput

type DataConnectorThreatIntelligenceMapInput 

type DataConnectorThreatIntelligenceMapInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceMapOutput() DataConnectorThreatIntelligenceMapOutput
	ToDataConnectorThreatIntelligenceMapOutputWithContext(context.Context) DataConnectorThreatIntelligenceMapOutput
}

DataConnectorThreatIntelligenceMapInput is an input type that accepts DataConnectorThreatIntelligenceMap and DataConnectorThreatIntelligenceMapOutput values. You can construct a concrete instance of `DataConnectorThreatIntelligenceMapInput` via: 

DataConnectorThreatIntelligenceMap{ "key": DataConnectorThreatIntelligenceArgs{...} }

type DataConnectorThreatIntelligenceMapOutput 

type DataConnectorThreatIntelligenceMapOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceMapOutput) ElementType 

func (DataConnectorThreatIntelligenceMapOutput) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceMapOutput) MapIndex 

func (o DataConnectorThreatIntelligenceMapOutput) MapIndex(k pulumi.StringInput) DataConnectorThreatIntelligenceOutput

func (DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutput 

func (o DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutput() DataConnectorThreatIntelligenceMapOutput

func (DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutputWithContext 

func (o DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceMapOutput

type DataConnectorThreatIntelligenceOutput 

type DataConnectorThreatIntelligenceOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceOutput) ElementType 

func (DataConnectorThreatIntelligenceOutput) ElementType() reflect.Type

func (DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutput 

func (o DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutput() DataConnectorThreatIntelligenceOutput

func (DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutputWithContext 

func (o DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceOutput

type DataConnectorThreatIntelligenceState 

type DataConnectorThreatIntelligenceState struct {
	// The ID of the Log Analytics Workspace that this Threat Intelligence Data Connector resides in. Changing this forces a new Threat Intelligence Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorThreatIntelligenceState) ElementType 

func (DataConnectorThreatIntelligenceState) ElementType() reflect.Type

type GetAlertRuleArgs 

type GetAlertRuleArgs struct {
	// The ID of the Log Analytics Workspace this Sentinel Alert Rule belongs to.
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Alert Rule.
	Name string `pulumi:"name"`
}

A collection of arguments for invoking getAlertRule.

type GetAlertRuleOutputArgs added in v4.20.0 

type GetAlertRuleOutputArgs struct {
	// The ID of the Log Analytics Workspace this Sentinel Alert Rule belongs to.
	LogAnalyticsWorkspaceId pulumi.StringInput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Alert Rule.
	Name pulumi.StringInput `pulumi:"name"`
}

A collection of arguments for invoking getAlertRule.

func (GetAlertRuleOutputArgs) ElementType added in v4.20.0 

func (GetAlertRuleOutputArgs) ElementType() reflect.Type

type GetAlertRuleResult 

type GetAlertRuleResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id                      string `pulumi:"id"`
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	Name                    string `pulumi:"name"`
}

A collection of values returned by getAlertRule.

func GetAlertRule 

func GetAlertRule(ctx *pulumi.Context, args *GetAlertRuleArgs, opts ...pulumi.InvokeOption) (*GetAlertRuleResult, error)

Use this data source to access information about an existing Sentinel Alert Rule.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleAnalyticsWorkspace, err := operationalinsights.LookupAnalyticsWorkspace(ctx, &operationalinsights.LookupAnalyticsWorkspaceArgs{
			Name:              "example",
			ResourceGroupName: "example-resources",
		}, nil)
		if err != nil {
			return err
		}
		exampleAlertRule, err := sentinel.GetAlertRule(ctx, &sentinel.GetAlertRuleArgs{
			Name:                    "existing",
			LogAnalyticsWorkspaceId: exampleAnalyticsWorkspace.Id,
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("id", exampleAlertRule.Id)
		return nil
	})
}

```

type GetAlertRuleResultOutput added in v4.20.0 

type GetAlertRuleResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAlertRule.

func GetAlertRuleOutput added in v4.20.0 

func GetAlertRuleOutput(ctx *pulumi.Context, args GetAlertRuleOutputArgs, opts ...pulumi.InvokeOption) GetAlertRuleResultOutput

func (GetAlertRuleResultOutput) ElementType added in v4.20.0 

func (GetAlertRuleResultOutput) ElementType() reflect.Type

func (GetAlertRuleResultOutput) Id added in v4.20.0 

func (o GetAlertRuleResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAlertRuleResultOutput) LogAnalyticsWorkspaceId added in v4.20.0 

func (o GetAlertRuleResultOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

func (GetAlertRuleResultOutput) Name added in v4.20.0 

func (o GetAlertRuleResultOutput) Name() pulumi.StringOutput

func (GetAlertRuleResultOutput) ToGetAlertRuleResultOutput added in v4.20.0 

func (o GetAlertRuleResultOutput) ToGetAlertRuleResultOutput() GetAlertRuleResultOutput

func (GetAlertRuleResultOutput) ToGetAlertRuleResultOutputWithContext added in v4.20.0 

func (o GetAlertRuleResultOutput) ToGetAlertRuleResultOutputWithContext(ctx context.Context) GetAlertRuleResultOutput

type GetAlertRuleTemplateArgs 

type GetAlertRuleTemplateArgs struct {
	// The display name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	DisplayName *string `pulumi:"displayName"`
	// The ID of the Log Analytics Workspace.
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	// The name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name *string `pulumi:"name"`
}

A collection of arguments for invoking getAlertRuleTemplate.

type GetAlertRuleTemplateOutputArgs added in v4.20.0 

type GetAlertRuleTemplateOutputArgs struct {
	// The display name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	DisplayName pulumi.StringPtrInput `pulumi:"displayName"`
	// The ID of the Log Analytics Workspace.
	LogAnalyticsWorkspaceId pulumi.StringInput `pulumi:"logAnalyticsWorkspaceId"`
	// The name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

A collection of arguments for invoking getAlertRuleTemplate.

func (GetAlertRuleTemplateOutputArgs) ElementType added in v4.20.0 

func (GetAlertRuleTemplateOutputArgs) ElementType() reflect.Type

type GetAlertRuleTemplateResult 

type GetAlertRuleTemplateResult struct {
	DisplayName string `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id                      string `pulumi:"id"`
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	Name                    string `pulumi:"name"`
	// A `scheduledTemplate` block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
	ScheduledTemplates []GetAlertRuleTemplateScheduledTemplate `pulumi:"scheduledTemplates"`
	// A `securityIncidentTemplate` block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
	SecurityIncidentTemplates []GetAlertRuleTemplateSecurityIncidentTemplate `pulumi:"securityIncidentTemplates"`
}

A collection of values returned by getAlertRuleTemplate.

func GetAlertRuleTemplate 

func GetAlertRuleTemplate(ctx *pulumi.Context, args *GetAlertRuleTemplateArgs, opts ...pulumi.InvokeOption) (*GetAlertRuleTemplateResult, error)

Use this data source to access information about an existing Sentinel Alert Rule Template.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := sentinel.GetAlertRuleTemplate(ctx, &sentinel.GetAlertRuleTemplateArgs{
			LogAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
			DisplayName:             pulumi.StringRef("Create incidents based on Azure Security Center for IoT alerts"),
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("id", example.Id)
		return nil
	})
}

```

type GetAlertRuleTemplateResultOutput added in v4.20.0 

type GetAlertRuleTemplateResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAlertRuleTemplate.

func GetAlertRuleTemplateOutput added in v4.20.0 

func GetAlertRuleTemplateOutput(ctx *pulumi.Context, args GetAlertRuleTemplateOutputArgs, opts ...pulumi.InvokeOption) GetAlertRuleTemplateResultOutput

func (GetAlertRuleTemplateResultOutput) DisplayName added in v4.20.0 

func (o GetAlertRuleTemplateResultOutput) DisplayName() pulumi.StringOutput

func (GetAlertRuleTemplateResultOutput) ElementType added in v4.20.0 

func (GetAlertRuleTemplateResultOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateResultOutput) Id added in v4.20.0 

func (o GetAlertRuleTemplateResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAlertRuleTemplateResultOutput) LogAnalyticsWorkspaceId added in v4.20.0 

func (o GetAlertRuleTemplateResultOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

func (GetAlertRuleTemplateResultOutput) Name added in v4.20.0 

func (o GetAlertRuleTemplateResultOutput) Name() pulumi.StringOutput

func (GetAlertRuleTemplateResultOutput) ScheduledTemplates added in v4.20.0 

func (o GetAlertRuleTemplateResultOutput) ScheduledTemplates() GetAlertRuleTemplateScheduledTemplateArrayOutput

A `scheduledTemplate` block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateResultOutput) SecurityIncidentTemplates added in v4.20.0 

func (o GetAlertRuleTemplateResultOutput) SecurityIncidentTemplates() GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

A `securityIncidentTemplate` block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

func (GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutput added in v4.20.0 

func (o GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutput() GetAlertRuleTemplateResultOutput

func (GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutputWithContext added in v4.20.0 

func (o GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutputWithContext(ctx context.Context) GetAlertRuleTemplateResultOutput

type GetAlertRuleTemplateScheduledTemplate 

type GetAlertRuleTemplateScheduledTemplate struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description string `pulumi:"description"`
	// The query of this Sentinel Scheduled Alert Rule Template.
	Query string `pulumi:"query"`
	// The ISO 8601 timespan duration between two consecutive queries.
	QueryFrequency string `pulumi:"queryFrequency"`
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
	QueryPeriod string `pulumi:"queryPeriod"`
	// The alert severity of this Sentinel Scheduled Alert Rule Template.
	Severity string `pulumi:"severity"`
	// A list of categories of attacks by which to classify the rule.
	Tactics []string `pulumi:"tactics"`
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerOperator string `pulumi:"triggerOperator"`
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerThreshold int `pulumi:"triggerThreshold"`
}

type GetAlertRuleTemplateScheduledTemplateArgs 

type GetAlertRuleTemplateScheduledTemplateArgs struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description pulumi.StringInput `pulumi:"description"`
	// The query of this Sentinel Scheduled Alert Rule Template.
	Query pulumi.StringInput `pulumi:"query"`
	// The ISO 8601 timespan duration between two consecutive queries.
	QueryFrequency pulumi.StringInput `pulumi:"queryFrequency"`
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
	QueryPeriod pulumi.StringInput `pulumi:"queryPeriod"`
	// The alert severity of this Sentinel Scheduled Alert Rule Template.
	Severity pulumi.StringInput `pulumi:"severity"`
	// A list of categories of attacks by which to classify the rule.
	Tactics pulumi.StringArrayInput `pulumi:"tactics"`
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerOperator pulumi.StringInput `pulumi:"triggerOperator"`
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerThreshold pulumi.IntInput `pulumi:"triggerThreshold"`
}

func (GetAlertRuleTemplateScheduledTemplateArgs) ElementType 

func (GetAlertRuleTemplateScheduledTemplateArgs) ElementType() reflect.Type

func (GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutput 

func (i GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutput() GetAlertRuleTemplateScheduledTemplateOutput

func (GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext 

func (i GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateOutput

type GetAlertRuleTemplateScheduledTemplateArray 

type GetAlertRuleTemplateScheduledTemplateArray []GetAlertRuleTemplateScheduledTemplateInput

func (GetAlertRuleTemplateScheduledTemplateArray) ElementType 

func (GetAlertRuleTemplateScheduledTemplateArray) ElementType() reflect.Type

func (GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutput 

func (i GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutput() GetAlertRuleTemplateScheduledTemplateArrayOutput

func (GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext 

func (i GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateArrayOutput

type GetAlertRuleTemplateScheduledTemplateArrayInput 

type GetAlertRuleTemplateScheduledTemplateArrayInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateScheduledTemplateArrayOutput() GetAlertRuleTemplateScheduledTemplateArrayOutput
	ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext(context.Context) GetAlertRuleTemplateScheduledTemplateArrayOutput
}

GetAlertRuleTemplateScheduledTemplateArrayInput is an input type that accepts GetAlertRuleTemplateScheduledTemplateArray and GetAlertRuleTemplateScheduledTemplateArrayOutput values. You can construct a concrete instance of `GetAlertRuleTemplateScheduledTemplateArrayInput` via: 

GetAlertRuleTemplateScheduledTemplateArray{ GetAlertRuleTemplateScheduledTemplateArgs{...} }

type GetAlertRuleTemplateScheduledTemplateArrayOutput 

type GetAlertRuleTemplateScheduledTemplateArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) ElementType 

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) Index 

func (o GetAlertRuleTemplateScheduledTemplateArrayOutput) Index(i pulumi.IntInput) GetAlertRuleTemplateScheduledTemplateOutput

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutput 

func (o GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutput() GetAlertRuleTemplateScheduledTemplateArrayOutput

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext 

func (o GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateArrayOutput

type GetAlertRuleTemplateScheduledTemplateInput 

type GetAlertRuleTemplateScheduledTemplateInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateScheduledTemplateOutput() GetAlertRuleTemplateScheduledTemplateOutput
	ToGetAlertRuleTemplateScheduledTemplateOutputWithContext(context.Context) GetAlertRuleTemplateScheduledTemplateOutput
}

GetAlertRuleTemplateScheduledTemplateInput is an input type that accepts GetAlertRuleTemplateScheduledTemplateArgs and GetAlertRuleTemplateScheduledTemplateOutput values. You can construct a concrete instance of `GetAlertRuleTemplateScheduledTemplateInput` via: 

GetAlertRuleTemplateScheduledTemplateArgs{...}

type GetAlertRuleTemplateScheduledTemplateOutput 

type GetAlertRuleTemplateScheduledTemplateOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateScheduledTemplateOutput) Description 

func (o GetAlertRuleTemplateScheduledTemplateOutput) Description() pulumi.StringOutput

The description of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) ElementType 

func (GetAlertRuleTemplateScheduledTemplateOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateScheduledTemplateOutput) Query 

func (o GetAlertRuleTemplateScheduledTemplateOutput) Query() pulumi.StringOutput

The query of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) QueryFrequency 

func (o GetAlertRuleTemplateScheduledTemplateOutput) QueryFrequency() pulumi.StringOutput

The ISO 8601 timespan duration between two consecutive queries.

func (GetAlertRuleTemplateScheduledTemplateOutput) QueryPeriod 

func (o GetAlertRuleTemplateScheduledTemplateOutput) QueryPeriod() pulumi.StringOutput

The ISO 8601 timespan duration, which determine the time period of the data covered by the query.

func (GetAlertRuleTemplateScheduledTemplateOutput) Severity 

func (o GetAlertRuleTemplateScheduledTemplateOutput) Severity() pulumi.StringOutput

The alert severity of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) Tactics 

func (o GetAlertRuleTemplateScheduledTemplateOutput) Tactics() pulumi.StringArrayOutput

A list of categories of attacks by which to classify the rule.

func (GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutput 

func (o GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutput() GetAlertRuleTemplateScheduledTemplateOutput

func (GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext 

func (o GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateOutput

func (GetAlertRuleTemplateScheduledTemplateOutput) TriggerOperator 

func (o GetAlertRuleTemplateScheduledTemplateOutput) TriggerOperator() pulumi.StringOutput

The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) TriggerThreshold 

func (o GetAlertRuleTemplateScheduledTemplateOutput) TriggerThreshold() pulumi.IntOutput

The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

type GetAlertRuleTemplateSecurityIncidentTemplate 

type GetAlertRuleTemplateSecurityIncidentTemplate struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description string `pulumi:"description"`
	// The Microsoft Security Service from where the alert will be generated.
	ProductFilter string `pulumi:"productFilter"`
}

type GetAlertRuleTemplateSecurityIncidentTemplateArgs 

type GetAlertRuleTemplateSecurityIncidentTemplateArgs struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description pulumi.StringInput `pulumi:"description"`
	// The Microsoft Security Service from where the alert will be generated.
	ProductFilter pulumi.StringInput `pulumi:"productFilter"`
}

func (GetAlertRuleTemplateSecurityIncidentTemplateArgs) ElementType 

func (GetAlertRuleTemplateSecurityIncidentTemplateArgs) ElementType() reflect.Type

func (GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput 

func (i GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput() GetAlertRuleTemplateSecurityIncidentTemplateOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext 

func (i GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateOutput

type GetAlertRuleTemplateSecurityIncidentTemplateArray 

type GetAlertRuleTemplateSecurityIncidentTemplateArray []GetAlertRuleTemplateSecurityIncidentTemplateInput

func (GetAlertRuleTemplateSecurityIncidentTemplateArray) ElementType 

func (GetAlertRuleTemplateSecurityIncidentTemplateArray) ElementType() reflect.Type

func (GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput 

func (i GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput() GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext 

func (i GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

type GetAlertRuleTemplateSecurityIncidentTemplateArrayInput 

type GetAlertRuleTemplateSecurityIncidentTemplateArrayInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput() GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput
	ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext(context.Context) GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput
}

GetAlertRuleTemplateSecurityIncidentTemplateArrayInput is an input type that accepts GetAlertRuleTemplateSecurityIncidentTemplateArray and GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput values. You can construct a concrete instance of `GetAlertRuleTemplateSecurityIncidentTemplateArrayInput` via: 

GetAlertRuleTemplateSecurityIncidentTemplateArray{ GetAlertRuleTemplateSecurityIncidentTemplateArgs{...} }

type GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput 

type GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ElementType 

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) Index 

func (o GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) Index(i pulumi.IntInput) GetAlertRuleTemplateSecurityIncidentTemplateOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput 

func (o GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput() GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext 

func (o GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

type GetAlertRuleTemplateSecurityIncidentTemplateInput 

type GetAlertRuleTemplateSecurityIncidentTemplateInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateSecurityIncidentTemplateOutput() GetAlertRuleTemplateSecurityIncidentTemplateOutput
	ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext(context.Context) GetAlertRuleTemplateSecurityIncidentTemplateOutput
}

GetAlertRuleTemplateSecurityIncidentTemplateInput is an input type that accepts GetAlertRuleTemplateSecurityIncidentTemplateArgs and GetAlertRuleTemplateSecurityIncidentTemplateOutput values. You can construct a concrete instance of `GetAlertRuleTemplateSecurityIncidentTemplateInput` via: 

GetAlertRuleTemplateSecurityIncidentTemplateArgs{...}

type GetAlertRuleTemplateSecurityIncidentTemplateOutput 

type GetAlertRuleTemplateSecurityIncidentTemplateOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) Description 

func (o GetAlertRuleTemplateSecurityIncidentTemplateOutput) Description() pulumi.StringOutput

The description of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ElementType 

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ElementType() reflect.Type

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ProductFilter 

func (o GetAlertRuleTemplateSecurityIncidentTemplateOutput) ProductFilter() pulumi.StringOutput

The Microsoft Security Service from where the alert will be generated.

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput 

func (o GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput() GetAlertRuleTemplateSecurityIncidentTemplateOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext 

func (o GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateOutput

type Watchlist added in v4.29.0 

type Watchlist struct {
	pulumi.CustomResourceState

	// The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DefaultDuration pulumi.StringPtrOutput `pulumi:"defaultDuration"`
	// The description of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Specifies a list of labels related to this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Labels pulumi.StringArrayOutput `pulumi:"labels"`
	// The ID of the Log Analytics Workspace where this Sentinel Watchlist resides in. Changing this forces a new Sentinel Watchlist to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a Sentinel Watchlist.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewWatchlist(ctx, "exampleWatchlist", &sentinel.WatchlistArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			DisplayName:             pulumi.String("example-wl"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Watchlists can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/watchlist:Watchlist example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/watchlists/list1

```

func GetWatchlist added in v4.29.0 

func GetWatchlist(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WatchlistState, opts ...pulumi.ResourceOption) (*Watchlist, error)

GetWatchlist gets an existing Watchlist resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWatchlist added in v4.29.0 

func NewWatchlist(ctx *pulumi.Context,
	name string, args *WatchlistArgs, opts ...pulumi.ResourceOption) (*Watchlist, error)

NewWatchlist registers a new resource with the given unique name, arguments, and options.

func (*Watchlist) ElementType added in v4.29.0 

func (*Watchlist) ElementType() reflect.Type

func (*Watchlist) ToWatchlistOutput added in v4.29.0 

func (i *Watchlist) ToWatchlistOutput() WatchlistOutput

func (*Watchlist) ToWatchlistOutputWithContext added in v4.29.0 

func (i *Watchlist) ToWatchlistOutputWithContext(ctx context.Context) WatchlistOutput

type WatchlistArgs added in v4.29.0 

type WatchlistArgs struct {
	// The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DefaultDuration pulumi.StringPtrInput
	// The description of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Description pulumi.StringPtrInput
	// The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DisplayName pulumi.StringInput
	// Specifies a list of labels related to this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Labels pulumi.StringArrayInput
	// The ID of the Log Analytics Workspace where this Sentinel Watchlist resides in. Changing this forces a new Sentinel Watchlist to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a Watchlist resource.

func (WatchlistArgs) ElementType added in v4.29.0 

func (WatchlistArgs) ElementType() reflect.Type

type WatchlistArray added in v4.29.0 

type WatchlistArray []WatchlistInput

func (WatchlistArray) ElementType added in v4.29.0 

func (WatchlistArray) ElementType() reflect.Type

func (WatchlistArray) ToWatchlistArrayOutput added in v4.29.0 

func (i WatchlistArray) ToWatchlistArrayOutput() WatchlistArrayOutput

func (WatchlistArray) ToWatchlistArrayOutputWithContext added in v4.29.0 

func (i WatchlistArray) ToWatchlistArrayOutputWithContext(ctx context.Context) WatchlistArrayOutput

type WatchlistArrayInput added in v4.29.0 

type WatchlistArrayInput interface {
	pulumi.Input

	ToWatchlistArrayOutput() WatchlistArrayOutput
	ToWatchlistArrayOutputWithContext(context.Context) WatchlistArrayOutput
}

WatchlistArrayInput is an input type that accepts WatchlistArray and WatchlistArrayOutput values. You can construct a concrete instance of `WatchlistArrayInput` via: 

WatchlistArray{ WatchlistArgs{...} }

type WatchlistArrayOutput added in v4.29.0 

type WatchlistArrayOutput struct{ *pulumi.OutputState }

func (WatchlistArrayOutput) ElementType added in v4.29.0 

func (WatchlistArrayOutput) ElementType() reflect.Type

func (WatchlistArrayOutput) Index added in v4.29.0 

func (o WatchlistArrayOutput) Index(i pulumi.IntInput) WatchlistOutput

func (WatchlistArrayOutput) ToWatchlistArrayOutput added in v4.29.0 

func (o WatchlistArrayOutput) ToWatchlistArrayOutput() WatchlistArrayOutput

func (WatchlistArrayOutput) ToWatchlistArrayOutputWithContext added in v4.29.0 

func (o WatchlistArrayOutput) ToWatchlistArrayOutputWithContext(ctx context.Context) WatchlistArrayOutput

type WatchlistInput added in v4.29.0 

type WatchlistInput interface {
	pulumi.Input

	ToWatchlistOutput() WatchlistOutput
	ToWatchlistOutputWithContext(ctx context.Context) WatchlistOutput
}

type WatchlistItem added in v4.38.0 

type WatchlistItem struct {
	pulumi.CustomResourceState

	// The name in UUID format which should be used for this Sentinel Watchlist Item. Changing this forces a new Sentinel Watchlist Item to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The key value pairs of the Sentinel Watchlist Item.
	Properties pulumi.StringMapOutput `pulumi:"properties"`
	// The ID of the Sentinel Watchlist that this Item resides in. Changing this forces a new Sentinel Watchlist Item to be created.
	WatchlistId pulumi.StringOutput `pulumi:"watchlistId"`
}

Manages a Sentinel Watchlist Item.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		exampleWatchlist, err := sentinel.NewWatchlist(ctx, "exampleWatchlist", &sentinel.WatchlistArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			DisplayName:             pulumi.String("example-wl"),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewWatchlistItem(ctx, "exampleWatchlistItem", &sentinel.WatchlistItemArgs{
			WatchlistId: exampleWatchlist.ID(),
			Properties: pulumi.StringMap{
				"k1": pulumi.String("v1"),
				"k2": pulumi.String("v2"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Watchlist Items can be imported using the `resource id`, e.g.

```sh 

$ pulumi import azure:sentinel/watchlistItem:WatchlistItem example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/watchlists/list1/watchlistItems/item1

```

func GetWatchlistItem added in v4.38.0 

func GetWatchlistItem(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WatchlistItemState, opts ...pulumi.ResourceOption) (*WatchlistItem, error)

GetWatchlistItem gets an existing WatchlistItem resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWatchlistItem added in v4.38.0 

func NewWatchlistItem(ctx *pulumi.Context,
	name string, args *WatchlistItemArgs, opts ...pulumi.ResourceOption) (*WatchlistItem, error)

NewWatchlistItem registers a new resource with the given unique name, arguments, and options.

func (*WatchlistItem) ElementType added in v4.38.0 

func (*WatchlistItem) ElementType() reflect.Type

func (*WatchlistItem) ToWatchlistItemOutput added in v4.38.0 

func (i *WatchlistItem) ToWatchlistItemOutput() WatchlistItemOutput

func (*WatchlistItem) ToWatchlistItemOutputWithContext added in v4.38.0 

func (i *WatchlistItem) ToWatchlistItemOutputWithContext(ctx context.Context) WatchlistItemOutput

type WatchlistItemArgs added in v4.38.0 

type WatchlistItemArgs struct {
	// The name in UUID format which should be used for this Sentinel Watchlist Item. Changing this forces a new Sentinel Watchlist Item to be created.
	Name pulumi.StringPtrInput
	// The key value pairs of the Sentinel Watchlist Item.
	Properties pulumi.StringMapInput
	// The ID of the Sentinel Watchlist that this Item resides in. Changing this forces a new Sentinel Watchlist Item to be created.
	WatchlistId pulumi.StringInput
}

The set of arguments for constructing a WatchlistItem resource.

func (WatchlistItemArgs) ElementType added in v4.38.0 

func (WatchlistItemArgs) ElementType() reflect.Type

type WatchlistItemArray added in v4.38.0 

type WatchlistItemArray []WatchlistItemInput

func (WatchlistItemArray) ElementType added in v4.38.0 

func (WatchlistItemArray) ElementType() reflect.Type

func (WatchlistItemArray) ToWatchlistItemArrayOutput added in v4.38.0 

func (i WatchlistItemArray) ToWatchlistItemArrayOutput() WatchlistItemArrayOutput

func (WatchlistItemArray) ToWatchlistItemArrayOutputWithContext added in v4.38.0 

func (i WatchlistItemArray) ToWatchlistItemArrayOutputWithContext(ctx context.Context) WatchlistItemArrayOutput

type WatchlistItemArrayInput added in v4.38.0 

type WatchlistItemArrayInput interface {
	pulumi.Input

	ToWatchlistItemArrayOutput() WatchlistItemArrayOutput
	ToWatchlistItemArrayOutputWithContext(context.Context) WatchlistItemArrayOutput
}

WatchlistItemArrayInput is an input type that accepts WatchlistItemArray and WatchlistItemArrayOutput values. You can construct a concrete instance of `WatchlistItemArrayInput` via: 

WatchlistItemArray{ WatchlistItemArgs{...} }

type WatchlistItemArrayOutput added in v4.38.0 

type WatchlistItemArrayOutput struct{ *pulumi.OutputState }

func (WatchlistItemArrayOutput) ElementType added in v4.38.0 

func (WatchlistItemArrayOutput) ElementType() reflect.Type

func (WatchlistItemArrayOutput) Index added in v4.38.0 

func (o WatchlistItemArrayOutput) Index(i pulumi.IntInput) WatchlistItemOutput

func (WatchlistItemArrayOutput) ToWatchlistItemArrayOutput added in v4.38.0 

func (o WatchlistItemArrayOutput) ToWatchlistItemArrayOutput() WatchlistItemArrayOutput

func (WatchlistItemArrayOutput) ToWatchlistItemArrayOutputWithContext added in v4.38.0 

func (o WatchlistItemArrayOutput) ToWatchlistItemArrayOutputWithContext(ctx context.Context) WatchlistItemArrayOutput

type WatchlistItemInput added in v4.38.0 

type WatchlistItemInput interface {
	pulumi.Input

	ToWatchlistItemOutput() WatchlistItemOutput
	ToWatchlistItemOutputWithContext(ctx context.Context) WatchlistItemOutput
}

type WatchlistItemMap added in v4.38.0 

type WatchlistItemMap map[string]WatchlistItemInput

func (WatchlistItemMap) ElementType added in v4.38.0 

func (WatchlistItemMap) ElementType() reflect.Type

func (WatchlistItemMap) ToWatchlistItemMapOutput added in v4.38.0 

func (i WatchlistItemMap) ToWatchlistItemMapOutput() WatchlistItemMapOutput

func (WatchlistItemMap) ToWatchlistItemMapOutputWithContext added in v4.38.0 

func (i WatchlistItemMap) ToWatchlistItemMapOutputWithContext(ctx context.Context) WatchlistItemMapOutput

type WatchlistItemMapInput added in v4.38.0 

type WatchlistItemMapInput interface {
	pulumi.Input

	ToWatchlistItemMapOutput() WatchlistItemMapOutput
	ToWatchlistItemMapOutputWithContext(context.Context) WatchlistItemMapOutput
}

WatchlistItemMapInput is an input type that accepts WatchlistItemMap and WatchlistItemMapOutput values. You can construct a concrete instance of `WatchlistItemMapInput` via: 

WatchlistItemMap{ "key": WatchlistItemArgs{...} }

type WatchlistItemMapOutput added in v4.38.0 

type WatchlistItemMapOutput struct{ *pulumi.OutputState }

func (WatchlistItemMapOutput) ElementType added in v4.38.0 

func (WatchlistItemMapOutput) ElementType() reflect.Type

func (WatchlistItemMapOutput) MapIndex added in v4.38.0 

func (o WatchlistItemMapOutput) MapIndex(k pulumi.StringInput) WatchlistItemOutput

func (WatchlistItemMapOutput) ToWatchlistItemMapOutput added in v4.38.0 

func (o WatchlistItemMapOutput) ToWatchlistItemMapOutput() WatchlistItemMapOutput

func (WatchlistItemMapOutput) ToWatchlistItemMapOutputWithContext added in v4.38.0 

func (o WatchlistItemMapOutput) ToWatchlistItemMapOutputWithContext(ctx context.Context) WatchlistItemMapOutput

type WatchlistItemOutput added in v4.38.0 

type WatchlistItemOutput struct{ *pulumi.OutputState }

func (WatchlistItemOutput) ElementType added in v4.38.0 

func (WatchlistItemOutput) ElementType() reflect.Type

func (WatchlistItemOutput) ToWatchlistItemOutput added in v4.38.0 

func (o WatchlistItemOutput) ToWatchlistItemOutput() WatchlistItemOutput

func (WatchlistItemOutput) ToWatchlistItemOutputWithContext added in v4.38.0 

func (o WatchlistItemOutput) ToWatchlistItemOutputWithContext(ctx context.Context) WatchlistItemOutput

type WatchlistItemState added in v4.38.0 

type WatchlistItemState struct {
	// The name in UUID format which should be used for this Sentinel Watchlist Item. Changing this forces a new Sentinel Watchlist Item to be created.
	Name pulumi.StringPtrInput
	// The key value pairs of the Sentinel Watchlist Item.
	Properties pulumi.StringMapInput
	// The ID of the Sentinel Watchlist that this Item resides in. Changing this forces a new Sentinel Watchlist Item to be created.
	WatchlistId pulumi.StringPtrInput
}

func (WatchlistItemState) ElementType added in v4.38.0 

func (WatchlistItemState) ElementType() reflect.Type

type WatchlistMap added in v4.29.0 

type WatchlistMap map[string]WatchlistInput

func (WatchlistMap) ElementType added in v4.29.0 

func (WatchlistMap) ElementType() reflect.Type

func (WatchlistMap) ToWatchlistMapOutput added in v4.29.0 

func (i WatchlistMap) ToWatchlistMapOutput() WatchlistMapOutput

func (WatchlistMap) ToWatchlistMapOutputWithContext added in v4.29.0 

func (i WatchlistMap) ToWatchlistMapOutputWithContext(ctx context.Context) WatchlistMapOutput

type WatchlistMapInput added in v4.29.0 

type WatchlistMapInput interface {
	pulumi.Input

	ToWatchlistMapOutput() WatchlistMapOutput
	ToWatchlistMapOutputWithContext(context.Context) WatchlistMapOutput
}

WatchlistMapInput is an input type that accepts WatchlistMap and WatchlistMapOutput values. You can construct a concrete instance of `WatchlistMapInput` via: 

WatchlistMap{ "key": WatchlistArgs{...} }

type WatchlistMapOutput added in v4.29.0 

type WatchlistMapOutput struct{ *pulumi.OutputState }

func (WatchlistMapOutput) ElementType added in v4.29.0 

func (WatchlistMapOutput) ElementType() reflect.Type

func (WatchlistMapOutput) MapIndex added in v4.29.0 

func (o WatchlistMapOutput) MapIndex(k pulumi.StringInput) WatchlistOutput

func (WatchlistMapOutput) ToWatchlistMapOutput added in v4.29.0 

func (o WatchlistMapOutput) ToWatchlistMapOutput() WatchlistMapOutput

func (WatchlistMapOutput) ToWatchlistMapOutputWithContext added in v4.29.0 

func (o WatchlistMapOutput) ToWatchlistMapOutputWithContext(ctx context.Context) WatchlistMapOutput

type WatchlistOutput added in v4.29.0 

type WatchlistOutput struct{ *pulumi.OutputState }

func (WatchlistOutput) ElementType added in v4.29.0 

func (WatchlistOutput) ElementType() reflect.Type

func (WatchlistOutput) ToWatchlistOutput added in v4.29.0 

func (o WatchlistOutput) ToWatchlistOutput() WatchlistOutput

func (WatchlistOutput) ToWatchlistOutputWithContext added in v4.29.0 

func (o WatchlistOutput) ToWatchlistOutputWithContext(ctx context.Context) WatchlistOutput

type WatchlistState added in v4.29.0 

type WatchlistState struct {
	// The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DefaultDuration pulumi.StringPtrInput
	// The description of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Description pulumi.StringPtrInput
	// The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DisplayName pulumi.StringPtrInput
	// Specifies a list of labels related to this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Labels pulumi.StringArrayInput
	// The ID of the Log Analytics Workspace where this Sentinel Watchlist resides in. Changing this forces a new Sentinel Watchlist to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Name pulumi.StringPtrInput
}

func (WatchlistState) ElementType added in v4.29.0 

func (WatchlistState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.