pspulumiyaml.azurenative.securityinsights.psm1
|
using module pspulumiyaml function Invoke-AzureNativeFunctionSecurityinsightsGetMicrosoftSecurityIncidentCreationAlertRule { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["ruleId"] = $ruleId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getMicrosoftSecurityIncidentCreationAlertRule -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetBookmark { param ( [parameter(mandatory=$False,HelpMessage='Bookmark ID)')] [string] $bookmarkId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["bookmarkId"] = $bookmarkId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getBookmark -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAnomalySecurityMLAnalyticsSettings { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Security ML Analytics Settings resource name)')] [string] $settingsResourceName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsResourceName"] = $settingsResourceName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAnomalySecurityMLAnalyticsSettings -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAnomalies { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsName"] = $settingsName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAnomalies -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAlertRule { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["ruleId"] = $ruleId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAlertRule -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetIncidentRelation { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='Relation Name)')] [string] $relationName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["incidentId"] = $incidentId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["relationName"] = $relationName $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getIncidentRelation -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetScheduledAlertRule { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["ruleId"] = $ruleId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getScheduledAlertRule -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetWatchlist { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Watchlist Alias)')] [string] $watchlistAlias, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["watchlistAlias"] = $watchlistAlias $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getWatchlist -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetSecurityMLAnalyticsSetting { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Security ML Analytics Settings resource name)')] [string] $settingsResourceName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsResourceName"] = $settingsResourceName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getSecurityMLAnalyticsSetting -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetEntityAnalytics { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsName"] = $settingsName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getEntityAnalytics -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetUeba { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsName"] = $settingsName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getUeba -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetTIDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getTIDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetIncidentComment { param ( [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Incident comment ID)')] [string] $incidentCommentId ) process { $arguments = @{} $arguments["incidentCommentId"] = $incidentCommentId $arguments["incidentId"] = $incidentId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getIncidentComment -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsListSourceControlRepositories { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:listSourceControlRepositories -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetProductSetting { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsName"] = $settingsName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getProductSetting -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAction { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='Action ID)')] [string] $actionId ) process { $arguments = @{} $arguments["actionId"] = $actionId $arguments["resourceGroupName"] = $resourceGroupName $arguments["ruleId"] = $ruleId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAction -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetOfficeDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getOfficeDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetSentinelOnboardingState { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The Sentinel onboarding state name. Supports - default)')] [string] $sentinelOnboardingStateName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["sentinelOnboardingStateName"] = $sentinelOnboardingStateName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getSentinelOnboardingState -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetIncident { param ( [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["incidentId"] = $incidentId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getIncident -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetEntitiesGetTimeline { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='entity ID)')] [string] $entityId, [parameter(mandatory=$False,HelpMessage='The start timeline date, so the results returned are after this date.)')] [string] $startTime, [parameter(mandatory=$False,HelpMessage='The end timeline date, so the results returned are before this date.)')] [string] $endTime, [parameter(mandatory=$False,HelpMessage='Array of timeline Item kinds.)')] $kinds, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The number of bucket for timeline queries aggregation.)')] [int] $numberOfBucket ) process { $arguments = @{} $arguments["endTime"] = $endTime $arguments["entityId"] = $entityId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["startTime"] = $startTime $arguments["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'kinds') { $arguments["kinds"] = $kinds } if($PSBoundParameters.Keys -icontains 'numberOfBucket') { $arguments["numberOfBucket"] = $numberOfBucket } $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getEntitiesGetTimeline -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetEntityQuery { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='entity query ID)')] [string] $entityQueryId ) process { $arguments = @{} $arguments["entityQueryId"] = $entityQueryId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getEntityQuery -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAATPDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAATPDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetSourceControl { param ( [parameter(mandatory=$False,HelpMessage='Source control Id)')] [string] $sourceControlId, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["sourceControlId"] = $sourceControlId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getSourceControl -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAutomationRule { param ( [parameter(mandatory=$False,HelpMessage='Automation rule ID)')] [string] $automationRuleId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["automationRuleId"] = $automationRuleId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAutomationRule -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAwsCloudTrailDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAwsCloudTrailDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetEntityInsights { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='entity ID)')] [string] $entityId, [parameter(mandatory=$False,HelpMessage='The start timeline date, so the results returned are after this date.)')] [string] $startTime, [parameter(mandatory=$False,HelpMessage='The end timeline date, so the results returned are before this date.)')] [string] $endTime, [parameter(mandatory=$False,HelpMessage='List of Insights Query Id. If empty, default value is all insights of this entity)')] [string[]] $insightQueryIds, [parameter(mandatory=$False,HelpMessage='Indicates if query time range should be extended with default time range of the query. Default value is false)')] [bool] $addDefaultExtendedTimeRange, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider ) process { $arguments = @{} $arguments["endTime"] = $endTime $arguments["entityId"] = $entityId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["startTime"] = $startTime $arguments["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'insightQueryIds') { $arguments["insightQueryIds"] = $insightQueryIds } if($PSBoundParameters.Keys -icontains 'addDefaultExtendedTimeRange') { $arguments["addDefaultExtendedTimeRange"] = $addDefaultExtendedTimeRange } $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getEntityInsights -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetMetadata { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The Metadata name.)')] [string] $metadataName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["metadataName"] = $metadataName $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getMetadata -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetMDATPDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getMDATPDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetWatchlistItem { param ( [parameter(mandatory=$False,HelpMessage='Watchlist Item Id (GUID))')] [string] $watchlistItemId, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Watchlist Alias)')] [string] $watchlistAlias, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["watchlistAlias"] = $watchlistAlias $arguments["watchlistItemId"] = $watchlistItemId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getWatchlistItem -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetBookmarkRelation { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Bookmark ID)')] [string] $bookmarkId, [parameter(mandatory=$False,HelpMessage='Relation Name)')] [string] $relationName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["bookmarkId"] = $bookmarkId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["relationName"] = $relationName $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getBookmarkRelation -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetFusionAlertRule { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["ruleId"] = $ruleId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getFusionAlertRule -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetActivityCustomEntityQuery { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='entity query ID)')] [string] $entityQueryId ) process { $arguments = @{} $arguments["entityQueryId"] = $entityQueryId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getActivityCustomEntityQuery -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetEyesOn { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsName"] = $settingsName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getEyesOn -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetThreatIntelligenceIndicator { param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Threat intelligence indicator name field.)')] [string] $name, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["name"] = $name $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getThreatIntelligenceIndicator -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetMCASDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getMCASDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAADDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAADDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetASCDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getASCDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function New-AzureNativeSecurityinsightsAnomalies { [Alias('azure_native_securityinsights_anomalies')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The kind of the setting Expected value is ''Anomalies''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Anomalies") $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'settingsName') { $resource.properties["settingsName"] = $settingsName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsIncidentComment { [Alias('azure_native_securityinsights_incidentcomment')] param ( [parameter(mandatory=$False,HelpMessage='Incident comment ID)')] [string] $incidentCommentId, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The comment message)')] [string] $message, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:IncidentComment") $resource.properties["incidentId"] = $incidentId $resource.properties["message"] = $message $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'incidentCommentId') { $resource.properties["incidentCommentId"] = $incidentCommentId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsSentinelOnboardingState { [Alias('azure_native_securityinsights_sentinelonboardingstate')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Flag that indicates the status of the CMK setting)')] [bool] $customerManagedKey, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The Sentinel onboarding state name. Supports - default)')] [string] $sentinelOnboardingStateName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:SentinelOnboardingState") $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'customerManagedKey') { $resource.properties["customerManagedKey"] = $customerManagedKey } if($PSBoundParameters.Keys -icontains 'sentinelOnboardingStateName') { $resource.properties["sentinelOnboardingStateName"] = $sentinelOnboardingStateName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsBookmarkRelation { [Alias('azure_native_securityinsights_bookmarkrelation')] param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='Relation Name)')] [string] $relationName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The resource ID of the related resource)')] [string] $relatedResourceId, [parameter(mandatory=$False,HelpMessage='Bookmark ID)')] [string] $bookmarkId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:BookmarkRelation") $resource.properties["bookmarkId"] = $bookmarkId $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["relatedResourceId"] = $relatedResourceId $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'relationName') { $resource.properties["relationName"] = $relationName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsEntityQuery { [Alias('azure_native_securityinsights_entityquery')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='the entity query kind)')] [string] [ValidateSet('Activity')] $kind, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='entity query ID)')] [string] $entityQueryId, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:EntityQuery") $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'entityQueryId') { $resource.properties["entityQueryId"] = $entityQueryId } $global:pulumiresources += $resource return $resource } } class DataConnectorDataTypeCommon { [ValidateSet('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsDataConnectorDataTypeCommon { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([DataConnectorDataTypeCommon]$PSBoundParameters) } } class AlertsDataTypeOfDataConnector { [DataConnectorDataTypeCommon] $alerts } function New-AzureNativeTypeSecurityinsightsAlertsDataTypeOfDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Alerts data type connection.)')] [DataConnectorDataTypeCommon] $alerts ) process { return $([AlertsDataTypeOfDataConnector]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsAATPDataConnector { [Alias('azure_native_securityinsights_aatpdataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''AzureAdvancedThreatProtection''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [AlertsDataTypeOfDataConnector] $dataTypes, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AATPDataConnector") $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } $global:pulumiresources += $resource return $resource } } class AwsCloudTrailDataConnectorDataTypesLogs { [ValidateSet('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsAwsCloudTrailDataConnectorDataTypesLogs { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([AwsCloudTrailDataConnectorDataTypesLogs]$PSBoundParameters) } } class AwsCloudTrailDataConnectorDataTypes { [AwsCloudTrailDataConnectorDataTypesLogs] $logs } function New-AzureNativeTypeSecurityinsightsAwsCloudTrailDataConnectorDataTypes { param ( [parameter(mandatory=$False,HelpMessage='Logs data type.)')] [AwsCloudTrailDataConnectorDataTypesLogs] $logs ) process { return $([AwsCloudTrailDataConnectorDataTypes]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsAwsCloudTrailDataConnector { [Alias('azure_native_securityinsights_awscloudtraildataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''AmazonWebServicesCloudTrail''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [AwsCloudTrailDataConnectorDataTypes] $dataTypes, [parameter(mandatory=$False,HelpMessage='The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.)')] [string] $awsRoleArn, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AwsCloudTrailDataConnector") $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'awsRoleArn') { $resource.properties["awsRoleArn"] = $awsRoleArn } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsSecurityMLAnalyticsSetting { [Alias('azure_native_securityinsights_securitymlanalyticssetting')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Security ML Analytics Settings resource name)')] [string] $settingsResourceName, [parameter(mandatory=$False,HelpMessage='The kind of security ML Analytics Settings)')] [string] [ValidateSet('Anomaly')] $kind, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:SecurityMLAnalyticsSetting") $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'settingsResourceName') { $resource.properties["settingsResourceName"] = $settingsResourceName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsEyesOn { [Alias('azure_native_securityinsights_eyeson')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The kind of the setting Expected value is ''EyesOn''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:EyesOn") $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'settingsName') { $resource.properties["settingsName"] = $settingsName } $global:pulumiresources += $resource return $resource } } class ContentPathMap { [string] $path [ValidateSet('AnalyticRule', 'Workbook')] [string] $contentType } function New-AzureNativeTypeSecurityinsightsContentPathMap { param ( [parameter(mandatory=$False,HelpMessage='The path to the content.)')] [string] $path, [parameter(mandatory=$False,HelpMessage='Content type.)')] [string] [ValidateSet('AnalyticRule', 'Workbook')] $contentType ) process { return $([ContentPathMap]$PSBoundParameters) } } class Repository { [string] $displayUrl [ContentPathMap[]] $pathMapping [string] $deploymentLogsUrl [string] $url [string] $branch } function New-AzureNativeTypeSecurityinsightsRepository { param ( [parameter(mandatory=$False,HelpMessage='Display url of repository.)')] [string] $displayUrl, [parameter(mandatory=$False,HelpMessage='Dictionary of source control content type and path mapping.)')] $pathMapping, [parameter(mandatory=$False,HelpMessage='Url to access repository action logs.)')] [string] $deploymentLogsUrl, [parameter(mandatory=$False,HelpMessage='Url of repository.)')] [string] $url, [parameter(mandatory=$False,HelpMessage='Branch name of repository.)')] [string] $branch ) process { return $([Repository]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsSourceControl { [Alias('azure_native_securityinsights_sourcecontrol')] param ( [parameter(mandatory=$False,HelpMessage='Source control Id)')] [string] $sourceControlId, [parameter(mandatory=$False,HelpMessage='Array of source control content types.)')] $contentTypes, [parameter(mandatory=$False,HelpMessage='The timestamp of resource last modification (UTC))')] [string] $lastModifiedAt, [parameter(mandatory=$False,HelpMessage='The identity that last modified the resource.)')] [string] $lastModifiedBy, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The type of identity that last modified the resource.)')] [string] [ValidateSet('User', 'Application', 'ManagedIdentity', 'Key')] $lastModifiedByType, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The timestamp of resource creation (UTC).)')] [string] $createdAt, [parameter(mandatory=$False,HelpMessage='The identity that created the resource.)')] [string] $createdBy, [parameter(mandatory=$False,HelpMessage='A description of the source control)')] [string] $description, [parameter(mandatory=$False,HelpMessage='Repository metadata.)')] [Repository] $repository, [parameter(mandatory=$False,HelpMessage='The type of identity that created the resource.)')] [string] [ValidateSet('User', 'Application', 'ManagedIdentity', 'Key')] $createdByType, [parameter(mandatory=$False,HelpMessage='The display name of the source control)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The id (a Guid) of the source control)')] [string] $id, [parameter(mandatory=$False,HelpMessage='The repository type of the source control)')] [string] [ValidateSet('Github', 'DevOps')] $repoType, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:SourceControl") $resource.properties["contentTypes"] = $contentTypes $resource.properties["displayName"] = $displayName $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["repoType"] = $repoType $resource.properties["repository"] = $repository $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'sourceControlId') { $resource.properties["sourceControlId"] = $sourceControlId } if($PSBoundParameters.Keys -icontains 'lastModifiedAt') { $resource.properties["lastModifiedAt"] = $lastModifiedAt } if($PSBoundParameters.Keys -icontains 'lastModifiedBy') { $resource.properties["lastModifiedBy"] = $lastModifiedBy } if($PSBoundParameters.Keys -icontains 'lastModifiedByType') { $resource.properties["lastModifiedByType"] = $lastModifiedByType } if($PSBoundParameters.Keys -icontains 'createdAt') { $resource.properties["createdAt"] = $createdAt } if($PSBoundParameters.Keys -icontains 'createdBy') { $resource.properties["createdBy"] = $createdBy } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'createdByType') { $resource.properties["createdByType"] = $createdByType } if($PSBoundParameters.Keys -icontains 'id') { $resource.properties["id"] = $id } $global:pulumiresources += $resource return $resource } } class OfficeDataConnectorDataTypesExchange { [ValidateSet('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsOfficeDataConnectorDataTypesExchange { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([OfficeDataConnectorDataTypesExchange]$PSBoundParameters) } } class OfficeDataConnectorDataTypesSharePoint { [ValidateSet('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsOfficeDataConnectorDataTypesSharePoint { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([OfficeDataConnectorDataTypesSharePoint]$PSBoundParameters) } } class OfficeDataConnectorDataTypesTeams { [ValidateSet('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsOfficeDataConnectorDataTypesTeams { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([OfficeDataConnectorDataTypesTeams]$PSBoundParameters) } } class OfficeDataConnectorDataTypes { [OfficeDataConnectorDataTypesExchange] $exchange [OfficeDataConnectorDataTypesSharePoint] $sharePoint [OfficeDataConnectorDataTypesTeams] $teams } function New-AzureNativeTypeSecurityinsightsOfficeDataConnectorDataTypes { param ( [parameter(mandatory=$False,HelpMessage='Exchange data type connection.)')] [OfficeDataConnectorDataTypesExchange] $exchange, [parameter(mandatory=$False,HelpMessage='SharePoint data type connection.)')] [OfficeDataConnectorDataTypesSharePoint] $sharePoint, [parameter(mandatory=$False,HelpMessage='Teams data type connection.)')] [OfficeDataConnectorDataTypesTeams] $teams ) process { return $([OfficeDataConnectorDataTypes]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsOfficeDataConnector { [Alias('azure_native_securityinsights_officedataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''Office365''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [OfficeDataConnectorDataTypes] $dataTypes, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:OfficeDataConnector") $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsMDATPDataConnector { [Alias('azure_native_securityinsights_mdatpdataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''MicrosoftDefenderAdvancedThreatProtection''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [AlertsDataTypeOfDataConnector] $dataTypes, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:MDATPDataConnector") $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsAlertRule { [Alias('azure_native_securityinsights_alertrule')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The alert rule kind)')] [string] [ValidateSet('Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion')] $kind, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AlertRule") $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'ruleId') { $resource.properties["ruleId"] = $ruleId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsEntityAnalytics { [Alias('azure_native_securityinsights_entityanalytics')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The kind of the setting Expected value is ''EntityAnalytics''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:EntityAnalytics") $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'settingsName') { $resource.properties["settingsName"] = $settingsName } $global:pulumiresources += $resource return $resource } } class AutomationRulePropertyValuesConditionConditionProperties { [ValidateSet('IncidentTitle', 'IncidentDescription', 'IncidentSeverity', 'IncidentStatus', 'IncidentTactics', 'IncidentRelatedAnalyticRuleIds', 'IncidentProviderName', 'AccountAadTenantId', 'AccountAadUserId', 'AccountName', 'AccountNTDomain', 'AccountPUID', 'AccountSid', 'AccountObjectGuid', 'AccountUPNSuffix', 'AzureResourceResourceId', 'AzureResourceSubscriptionId', 'CloudApplicationAppId', 'CloudApplicationAppName', 'DNSDomainName', 'FileDirectory', 'FileName', 'FileHashValue', 'HostAzureID', 'HostName', 'HostNetBiosName', 'HostNTDomain', 'HostOSVersion', 'IoTDeviceId', 'IoTDeviceName', 'IoTDeviceType', 'IoTDeviceVendor', 'IoTDeviceModel', 'IoTDeviceOperatingSystem', 'IPAddress', 'MailboxDisplayName', 'MailboxPrimaryAddress', 'MailboxUPN', 'MailMessageDeliveryAction', 'MailMessageDeliveryLocation', 'MailMessageRecipient', 'MailMessageSenderIP', 'MailMessageSubject', 'MailMessageP1Sender', 'MailMessageP2Sender', 'MalwareCategory', 'MalwareName', 'ProcessCommandLine', 'ProcessId', 'RegistryKey', 'RegistryValueData', 'Url')] [string] $propertyName [ValidateSet('IncidentTitle', 'IncidentDescription', 'IncidentSeverity', 'IncidentStatus', 'IncidentTactics', 'IncidentRelatedAnalyticRuleIds', 'IncidentProviderName', 'AccountAadTenantId', 'AccountAadUserId', 'AccountName', 'AccountNTDomain', 'AccountPUID', 'AccountSid', 'AccountObjectGuid', 'AccountUPNSuffix', 'AzureResourceResourceId', 'AzureResourceSubscriptionId', 'CloudApplicationAppId', 'CloudApplicationAppName', 'DNSDomainName', 'FileDirectory', 'FileName', 'FileHashValue', 'HostAzureID', 'HostName', 'HostNetBiosName', 'HostNTDomain', 'HostOSVersion', 'IoTDeviceId', 'IoTDeviceName', 'IoTDeviceType', 'IoTDeviceVendor', 'IoTDeviceModel', 'IoTDeviceOperatingSystem', 'IPAddress', 'MailboxDisplayName', 'MailboxPrimaryAddress', 'MailboxUPN', 'MailMessageDeliveryAction', 'MailMessageDeliveryLocation', 'MailMessageRecipient', 'MailMessageSenderIP', 'MailMessageSubject', 'MailMessageP1Sender', 'MailMessageP2Sender', 'MalwareCategory', 'MalwareName', 'ProcessCommandLine', 'ProcessId', 'RegistryKey', 'RegistryValueData', 'Url')] [string[]] $propertyValues [ValidateSet('Equals', 'NotEquals', 'Contains', 'NotContains', 'StartsWith', 'NotStartsWith', 'EndsWith', 'NotEndsWith')] [string] $operator } function New-AzureNativeTypeSecurityinsightsAutomationRulePropertyValuesConditionConditionProperties { param ( [parameter(mandatory=$False,HelpMessage='The property to evaluate)')] [string] [ValidateSet('IncidentTitle', 'IncidentDescription', 'IncidentSeverity', 'IncidentStatus', 'IncidentTactics', 'IncidentRelatedAnalyticRuleIds', 'IncidentProviderName', 'AccountAadTenantId', 'AccountAadUserId', 'AccountName', 'AccountNTDomain', 'AccountPUID', 'AccountSid', 'AccountObjectGuid', 'AccountUPNSuffix', 'AzureResourceResourceId', 'AzureResourceSubscriptionId', 'CloudApplicationAppId', 'CloudApplicationAppName', 'DNSDomainName', 'FileDirectory', 'FileName', 'FileHashValue', 'HostAzureID', 'HostName', 'HostNetBiosName', 'HostNTDomain', 'HostOSVersion', 'IoTDeviceId', 'IoTDeviceName', 'IoTDeviceType', 'IoTDeviceVendor', 'IoTDeviceModel', 'IoTDeviceOperatingSystem', 'IPAddress', 'MailboxDisplayName', 'MailboxPrimaryAddress', 'MailboxUPN', 'MailMessageDeliveryAction', 'MailMessageDeliveryLocation', 'MailMessageRecipient', 'MailMessageSenderIP', 'MailMessageSubject', 'MailMessageP1Sender', 'MailMessageP2Sender', 'MalwareCategory', 'MalwareName', 'ProcessCommandLine', 'ProcessId', 'RegistryKey', 'RegistryValueData', 'Url')] $propertyName, [parameter(mandatory=$False,HelpMessage='The values to use for evaluating the condition)')] [string[]] $propertyValues, [parameter(mandatory=$False,HelpMessage='The operator to use for evaluation the condition)')] [string] [ValidateSet('Equals', 'NotEquals', 'Contains', 'NotContains', 'StartsWith', 'NotStartsWith', 'EndsWith', 'NotEndsWith')] $operator ) process { return $([AutomationRulePropertyValuesConditionConditionProperties]$PSBoundParameters) } } class AutomationRulePropertyValuesCondition { [ValidateSet('Incidents')] [AutomationRulePropertyValuesConditionConditionProperties] $conditionProperties [ValidateSet('Incidents')] [string] $conditionType } function New-AzureNativeTypeSecurityinsightsAutomationRulePropertyValuesCondition { param ( [parameter(mandatory=$False,HelpMessage='The configuration of the automation rule condition)')] [AutomationRulePropertyValuesConditionConditionProperties] $conditionProperties, [parameter(mandatory=$False,HelpMessage='The type of the automation rule condition Expected value is ''Property''.)')] [string] $conditionType ) process { return $([AutomationRulePropertyValuesCondition]$PSBoundParameters) } } class AutomationRuleTriggeringLogic { [string] $expirationTimeUtc [bool] $isEnabled [ValidateSet('Incidents')] [string] $triggersOn [ValidateSet('Incidents')] [AutomationRulePropertyValuesCondition[]] $conditions [ValidateSet('Created')] [string] $triggersWhen } function New-AzureNativeTypeSecurityinsightsAutomationRuleTriggeringLogic { param ( [parameter(mandatory=$False,HelpMessage='Determines when the automation rule should automatically expire and be disabled.)')] [string] $expirationTimeUtc, [parameter(mandatory=$False,HelpMessage='Determines whether the automation rule is enabled or disabled.)')] [bool] $isEnabled, [parameter(mandatory=$False,HelpMessage='The type of object the automation rule triggers on)')] [string] [ValidateSet('Incidents')] $triggersOn, [parameter(mandatory=$False,HelpMessage='The conditions to evaluate to determine if the automation rule should be triggered on a given object)')] $conditions, [parameter(mandatory=$False,HelpMessage='The type of event the automation rule triggers on)')] [string] [ValidateSet('Created')] $triggersWhen ) process { return $([AutomationRuleTriggeringLogic]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsAutomationRule { [Alias('azure_native_securityinsights_automationrule')] param ( [parameter(mandatory=$False,HelpMessage='The triggering logic of the automation rule)')] [AutomationRuleTriggeringLogic] $triggeringLogic, [parameter(mandatory=$False,HelpMessage='Automation rule ID)')] [string] $automationRuleId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The order of execution of the automation rule)')] [int] $order, [parameter(mandatory=$False,HelpMessage='The actions to execute when the automation rule is triggered)')] $actions, [parameter(mandatory=$False,HelpMessage='The display name of the automation rule)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AutomationRule") $resource.properties["actions"] = $actions $resource.properties["displayName"] = $displayName $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["order"] = $order $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["triggeringLogic"] = $triggeringLogic $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'automationRuleId') { $resource.properties["automationRuleId"] = $automationRuleId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsMicrosoftSecurityIncidentCreationAlertRule { [Alias('azure_native_securityinsights_microsoftsecurityincidentcreationalertrule')] param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='the alerts'' displayNames on which the cases will be generated)')] [string[]] $displayNamesFilter, [parameter(mandatory=$False,HelpMessage='the alerts'' severities on which the cases will be generated)')] $severitiesFilter, [parameter(mandatory=$False,HelpMessage='The description of the alert rule.)')] [string] $description, [parameter(mandatory=$False,HelpMessage='The alerts'' productName on which the cases will be generated)')] [string] [ValidateSet('Microsoft Cloud App Security', 'Azure Security Center', 'Azure Advanced Threat Protection', 'Azure Active Directory Identity Protection', 'Azure Security Center for IoT')] $productFilter, [parameter(mandatory=$False,HelpMessage='The display name for alerts created by this alert rule.)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='Determines whether this alert rule is enabled or disabled.)')] [bool] $enabled, [parameter(mandatory=$False,HelpMessage='The kind of the alert rule Expected value is ''MicrosoftSecurityIncidentCreation''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The Name of the alert rule template used to create this rule.)')] [string] $alertRuleTemplateName, [parameter(mandatory=$False,HelpMessage='the alerts'' displayNames on which the cases will not be generated)')] [string[]] $displayNamesExcludeFilter, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:MicrosoftSecurityIncidentCreationAlertRule") $resource.properties["displayName"] = $displayName $resource.properties["enabled"] = $enabled $resource.properties["kind"] = $kind $resource.properties["productFilter"] = $productFilter $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'displayNamesFilter') { $resource.properties["displayNamesFilter"] = $displayNamesFilter } if($PSBoundParameters.Keys -icontains 'severitiesFilter') { $resource.properties["severitiesFilter"] = $severitiesFilter } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'alertRuleTemplateName') { $resource.properties["alertRuleTemplateName"] = $alertRuleTemplateName } if($PSBoundParameters.Keys -icontains 'displayNamesExcludeFilter') { $resource.properties["displayNamesExcludeFilter"] = $displayNamesExcludeFilter } if($PSBoundParameters.Keys -icontains 'ruleId') { $resource.properties["ruleId"] = $ruleId } $global:pulumiresources += $resource return $resource } } class MetadataCategories { [string[]] $verticals [string[]] $domains } function New-AzureNativeTypeSecurityinsightsMetadataCategories { param ( [parameter(mandatory=$False,HelpMessage='Industry verticals for the solution content item)')] [string[]] $verticals, [parameter(mandatory=$False,HelpMessage='domain for the solution content item)')] [string[]] $domains ) process { return $([MetadataCategories]$PSBoundParameters) } } class MetadataAuthor { [string] $name [string] $link [string] $email } function New-AzureNativeTypeSecurityinsightsMetadataAuthor { param ( [parameter(mandatory=$False,HelpMessage='Name of the author. Company or person.)')] [string] $name, [parameter(mandatory=$False,HelpMessage='Link for author/vendor page)')] [string] $link, [parameter(mandatory=$False,HelpMessage='Email of author contact)')] [string] ) process { return $([MetadataAuthor]$PSBoundParameters) } } class MetadataDependencies { [string] $name [string] $version [ValidateSet('DataConnector', 'DataType', 'Workbook', 'WorkbookTemplate', 'Playbook', 'PlaybookTemplate', 'AnalyticsRuleTemplate', 'AnalyticsRule', 'HuntingQuery', 'InvestigationQuery', 'Parser', 'Watchlist', 'WatchlistTemplate', 'Solution')] [string] $kind [ValidateSet('DataConnector', 'DataType', 'Workbook', 'WorkbookTemplate', 'Playbook', 'PlaybookTemplate', 'AnalyticsRuleTemplate', 'AnalyticsRule', 'HuntingQuery', 'InvestigationQuery', 'Parser', 'Watchlist', 'WatchlistTemplate', 'Solution')] [string] $contentId [ValidateSet('DataConnector', 'DataType', 'Workbook', 'WorkbookTemplate', 'Playbook', 'PlaybookTemplate', 'AnalyticsRuleTemplate', 'AnalyticsRule', 'HuntingQuery', 'InvestigationQuery', 'Parser', 'Watchlist', 'WatchlistTemplate', 'Solution')] [MetadataDependencies[]] $criteria [ValidateSet('AND', 'OR')] [string] $operator } function New-AzureNativeTypeSecurityinsightsMetadataDependencies { param ( [parameter(mandatory=$False,HelpMessage='Name of the content item)')] [string] $name, [parameter(mandatory=$False,HelpMessage='Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.)')] [string] $version, [parameter(mandatory=$False,HelpMessage='Type of the content item we depend on)')] [string] [ValidateSet('DataConnector', 'DataType', 'Workbook', 'WorkbookTemplate', 'Playbook', 'PlaybookTemplate', 'AnalyticsRuleTemplate', 'AnalyticsRule', 'HuntingQuery', 'InvestigationQuery', 'Parser', 'Watchlist', 'WatchlistTemplate', 'Solution')] $kind, [parameter(mandatory=$False,HelpMessage='Id of the content item we depend on)')] [string] $contentId, [parameter(mandatory=$False,HelpMessage='This is the list of dependencies we must fulfill, according to the AND/OR operator)')] $criteria, [parameter(mandatory=$False,HelpMessage='Operator used for list of dependencies in criteria array.)')] [string] [ValidateSet('AND', 'OR')] $operator ) process { return $([MetadataDependencies]$PSBoundParameters) } } class MetadataSupport { [ValidateSet('Microsoft', 'Partner', 'Community')] [string] $tier [ValidateSet('Microsoft', 'Partner', 'Community')] [string] $name [ValidateSet('Microsoft', 'Partner', 'Community')] [string] $link [ValidateSet('Microsoft', 'Partner', 'Community')] [string] $email } function New-AzureNativeTypeSecurityinsightsMetadataSupport { param ( [parameter(mandatory=$False,HelpMessage='Type of support for content item)')] [string] [ValidateSet('Microsoft', 'Partner', 'Community')] $tier, [parameter(mandatory=$False,HelpMessage='Name of the support contact. Company or person.)')] [string] $name, [parameter(mandatory=$False,HelpMessage='Link for support help, like to support page to open a ticket etc.)')] [string] $link, [parameter(mandatory=$False,HelpMessage='Email of support contact)')] [string] ) process { return $([MetadataSupport]$PSBoundParameters) } } class MetadataSource { [string] $sourceId [string] $name [ValidateSet('LocalWorkspace', 'Community', 'Solution', 'SourceRepository')] [string] $kind } function New-AzureNativeTypeSecurityinsightsMetadataSource { param ( [parameter(mandatory=$False,HelpMessage='ID of the content source. The solution ID, workspace ID, etc)')] [string] $sourceId, [parameter(mandatory=$False,HelpMessage='Name of the content source. The repo name, solution name, LA workspace name etc.)')] [string] $name, [parameter(mandatory=$False,HelpMessage='Source type of the content)')] [string] [ValidateSet('LocalWorkspace', 'Community', 'Solution', 'SourceRepository')] $kind ) process { return $([MetadataSource]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsMetadata { [Alias('azure_native_securityinsights_metadata')] param ( [parameter(mandatory=$False,HelpMessage='first publish date solution content item)')] [string] $firstPublishDate, [parameter(mandatory=$False,HelpMessage='Categories for the solution content item)')] [MetadataCategories] $categories, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='last publish date for the solution content item)')] [string] $lastPublishDate, [parameter(mandatory=$False,HelpMessage='Providers for the solution content item)')] [string[]] $providers, [parameter(mandatory=$False,HelpMessage='The Metadata name.)')] [string] $metadataName, [parameter(mandatory=$False,HelpMessage='Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks)')] [string] $version, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group))')] [string] $parentId, [parameter(mandatory=$False,HelpMessage='Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name)')] [string] $contentId, [parameter(mandatory=$False,HelpMessage='The creator of the content item.)')] [MetadataAuthor] $author, [parameter(mandatory=$False,HelpMessage='The kind of content the metadata is for.)')] [string] [ValidateSet('DataConnector', 'DataType', 'Workbook', 'WorkbookTemplate', 'Playbook', 'PlaybookTemplate', 'AnalyticsRuleTemplate', 'AnalyticsRule', 'HuntingQuery', 'InvestigationQuery', 'Parser', 'Watchlist', 'WatchlistTemplate', 'Solution')] $kind, [parameter(mandatory=$False,HelpMessage='Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.)')] [MetadataDependencies] $dependencies, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='Support information for the metadata - type, name, contact information)')] [MetadataSupport] $support, [parameter(mandatory=$False,HelpMessage='Source of the content. This is where/how it was created.)')] [MetadataSource] $source, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Metadata") $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["parentId"] = $parentId $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'firstPublishDate') { $resource.properties["firstPublishDate"] = $firstPublishDate } if($PSBoundParameters.Keys -icontains 'categories') { $resource.properties["categories"] = $categories } if($PSBoundParameters.Keys -icontains 'lastPublishDate') { $resource.properties["lastPublishDate"] = $lastPublishDate } if($PSBoundParameters.Keys -icontains 'providers') { $resource.properties["providers"] = $providers } if($PSBoundParameters.Keys -icontains 'metadataName') { $resource.properties["metadataName"] = $metadataName } if($PSBoundParameters.Keys -icontains 'version') { $resource.properties["version"] = $version } if($PSBoundParameters.Keys -icontains 'contentId') { $resource.properties["contentId"] = $contentId } if($PSBoundParameters.Keys -icontains 'author') { $resource.properties["author"] = $author } if($PSBoundParameters.Keys -icontains 'dependencies') { $resource.properties["dependencies"] = $dependencies } if($PSBoundParameters.Keys -icontains 'support') { $resource.properties["support"] = $support } if($PSBoundParameters.Keys -icontains 'source') { $resource.properties["source"] = $source } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsScheduledAlertRule { [Alias('azure_native_securityinsights_scheduledalertrule')] param ( [parameter(mandatory=$False,HelpMessage='The description of the alert rule.)')] [string] $description, [parameter(mandatory=$False,HelpMessage='The period (in ISO 8601 duration format) that this alert rule looks at.)')] [string] $queryPeriod, [parameter(mandatory=$False,HelpMessage='The kind of the alert rule Expected value is ''Scheduled''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The severity for alerts created by this alert rule.)')] [string] [ValidateSet('High', 'Medium', 'Low', 'Informational')] $severity, [parameter(mandatory=$False,HelpMessage='The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.)')] [string] $suppressionDuration, [parameter(mandatory=$False,HelpMessage='The display name for alerts created by this alert rule.)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The Name of the alert rule template used to create this rule.)')] [string] $alertRuleTemplateName, [parameter(mandatory=$False,HelpMessage='The threshold triggers this alert rule.)')] [int] $triggerThreshold, [parameter(mandatory=$False,HelpMessage='Determines whether this alert rule is enabled or disabled.)')] [bool] $enabled, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The frequency (in ISO 8601 duration format) for this alert rule to run.)')] [string] $queryFrequency, [parameter(mandatory=$False,HelpMessage='The operation against the threshold that triggers alert rule.)')] $triggerOperator, [parameter(mandatory=$False,HelpMessage='Determines whether the suppression for this alert rule is enabled or disabled.)')] [bool] $suppressionEnabled, [parameter(mandatory=$False,HelpMessage='The query that creates alerts for this rule.)')] [string] $query, [parameter(mandatory=$False,HelpMessage='The tactics of the alert rule)')] $tactics, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:ScheduledAlertRule") $resource.properties["displayName"] = $displayName $resource.properties["enabled"] = $enabled $resource.properties["kind"] = $kind $resource.properties["query"] = $query $resource.properties["queryFrequency"] = $queryFrequency $resource.properties["queryPeriod"] = $queryPeriod $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["severity"] = $severity $resource.properties["suppressionDuration"] = $suppressionDuration $resource.properties["suppressionEnabled"] = $suppressionEnabled $resource.properties["triggerOperator"] = $triggerOperator $resource.properties["triggerThreshold"] = $triggerThreshold $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'ruleId') { $resource.properties["ruleId"] = $ruleId } if($PSBoundParameters.Keys -icontains 'alertRuleTemplateName') { $resource.properties["alertRuleTemplateName"] = $alertRuleTemplateName } if($PSBoundParameters.Keys -icontains 'tactics') { $resource.properties["tactics"] = $tactics } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsProductSetting { [Alias('azure_native_securityinsights_productsetting')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The kind of the setting)')] [string] [ValidateSet('Anomalies', 'EyesOn', 'EntityAnalytics', 'Ueba')] $kind, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:ProductSetting") $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'settingsName') { $resource.properties["settingsName"] = $settingsName } $global:pulumiresources += $resource return $resource } } class WatchlistUserInfo { [string] $objectId } function New-AzureNativeTypeSecurityinsightsWatchlistUserInfo { param ( [parameter(mandatory=$False,HelpMessage='The object id of the user.)')] [string] $objectId ) process { return $([WatchlistUserInfo]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsWatchlist { [Alias('azure_native_securityinsights_watchlist')] param ( [parameter(mandatory=$False,HelpMessage='Describes a user that created the watchlist)')] [WatchlistUserInfo] $createdBy, [parameter(mandatory=$False,HelpMessage='Describes a user that updated the watchlist)')] [WatchlistUserInfo] $updatedBy, [parameter(mandatory=$False,HelpMessage='The raw content that represents to watchlist items to create. In case of csv/tsv content type, it''s the content of the file that will parsed by the endpoint)')] [string] $rawContent, [parameter(mandatory=$False,HelpMessage='The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted)')] [string] $uploadStatus, [parameter(mandatory=$False,HelpMessage='The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.)')] [string] $itemsSearchKey, [parameter(mandatory=$False,HelpMessage='The time the watchlist was created)')] [string] $created, [parameter(mandatory=$False,HelpMessage='List of labels relevant to this watchlist)')] [string[]] $labels, [parameter(mandatory=$False,HelpMessage='A description of the watchlist)')] [string] $description, [parameter(mandatory=$False,HelpMessage='The tenantId where the watchlist belongs to)')] [string] $tenantId, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The last time the watchlist was updated)')] [string] $updated, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The default duration of a watchlist (in ISO 8601 duration format))')] [string] $defaultDuration, [parameter(mandatory=$False,HelpMessage='A flag that indicates if the watchlist is deleted or not)')] [bool] $isDeleted, [parameter(mandatory=$False,HelpMessage='The content type of the raw content. Example : text/csv or text/tsv )')] [string] $contentType, [parameter(mandatory=$False,HelpMessage='The number of lines in a csv/tsv content to skip before the header)')] [int] $numberOfLinesToSkip, [parameter(mandatory=$False,HelpMessage='The type of the watchlist)')] [string] $watchlistType, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The source of the watchlist)')] [string] [ValidateSet('Local file', 'Remote storage')] $source, [parameter(mandatory=$False,HelpMessage='The alias of the watchlist)')] [string] $watchlistAlias, [parameter(mandatory=$False,HelpMessage='The display name of the watchlist)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='The provider of the watchlist)')] [string] $provider, [parameter(mandatory=$False,HelpMessage='The id (a Guid) of the watchlist)')] [string] $watchlistId, [parameter(mandatory=$False,HelpMessage='The number of Watchlist Items in the Watchlist)')] [int] $watchlistItemsCount, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Watchlist") $resource.properties["displayName"] = $displayName $resource.properties["itemsSearchKey"] = $itemsSearchKey $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["provider"] = $provider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["source"] = $source $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'createdBy') { $resource.properties["createdBy"] = $createdBy } if($PSBoundParameters.Keys -icontains 'updatedBy') { $resource.properties["updatedBy"] = $updatedBy } if($PSBoundParameters.Keys -icontains 'rawContent') { $resource.properties["rawContent"] = $rawContent } if($PSBoundParameters.Keys -icontains 'uploadStatus') { $resource.properties["uploadStatus"] = $uploadStatus } if($PSBoundParameters.Keys -icontains 'created') { $resource.properties["created"] = $created } if($PSBoundParameters.Keys -icontains 'labels') { $resource.properties["labels"] = $labels } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } if($PSBoundParameters.Keys -icontains 'updated') { $resource.properties["updated"] = $updated } if($PSBoundParameters.Keys -icontains 'defaultDuration') { $resource.properties["defaultDuration"] = $defaultDuration } if($PSBoundParameters.Keys -icontains 'isDeleted') { $resource.properties["isDeleted"] = $isDeleted } if($PSBoundParameters.Keys -icontains 'contentType') { $resource.properties["contentType"] = $contentType } if($PSBoundParameters.Keys -icontains 'numberOfLinesToSkip') { $resource.properties["numberOfLinesToSkip"] = $numberOfLinesToSkip } if($PSBoundParameters.Keys -icontains 'watchlistType') { $resource.properties["watchlistType"] = $watchlistType } if($PSBoundParameters.Keys -icontains 'watchlistAlias') { $resource.properties["watchlistAlias"] = $watchlistAlias } if($PSBoundParameters.Keys -icontains 'watchlistId') { $resource.properties["watchlistId"] = $watchlistId } if($PSBoundParameters.Keys -icontains 'watchlistItemsCount') { $resource.properties["watchlistItemsCount"] = $watchlistItemsCount } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsIncidentRelation { [Alias('azure_native_securityinsights_incidentrelation')] param ( [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='Relation Name)')] [string] $relationName, [parameter(mandatory=$False,HelpMessage='The resource ID of the related resource)')] [string] $relatedResourceId, [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:IncidentRelation") $resource.properties["incidentId"] = $incidentId $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["relatedResourceId"] = $relatedResourceId $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'relationName') { $resource.properties["relationName"] = $relationName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsDataConnector { [Alias('azure_native_securityinsights_dataconnector')] param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The data connector kind)')] [string] [ValidateSet('AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSecurity', 'ThreatIntelligence', 'Office365', 'AmazonWebServicesCloudTrail', 'AzureAdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection')] $kind, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:DataConnector") $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } $global:pulumiresources += $resource return $resource } } class TIDataConnectorDataTypesIndicators { [ValidateSet('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsTIDataConnectorDataTypesIndicators { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([TIDataConnectorDataTypesIndicators]$PSBoundParameters) } } class TIDataConnectorDataTypes { [TIDataConnectorDataTypesIndicators] $indicators } function New-AzureNativeTypeSecurityinsightsTIDataConnectorDataTypes { param ( [parameter(mandatory=$False,HelpMessage='Data type for indicators connection.)')] [TIDataConnectorDataTypesIndicators] $indicators ) process { return $([TIDataConnectorDataTypes]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsTIDataConnector { [Alias('azure_native_securityinsights_tidataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The lookback period for the feed to be imported.)')] [string] $tipLookbackPeriod, [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''ThreatIntelligence''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [TIDataConnectorDataTypes] $dataTypes, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:TIDataConnector") $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'tipLookbackPeriod') { $resource.properties["tipLookbackPeriod"] = $tipLookbackPeriod } if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsAnomalySecurityMLAnalyticsSettings { [Alias('azure_native_securityinsights_anomalysecuritymlanalyticssettings')] param ( [parameter(mandatory=$False,HelpMessage='The description of the SecurityMLAnalyticsSettings.)')] [string] $description, [parameter(mandatory=$False,HelpMessage='The customizable observations of the AnomalySecurityMLAnalyticsSettings.)')] $customizableObservations, [parameter(mandatory=$False,HelpMessage='The required data sources for this SecurityMLAnalyticsSettings)')] $requiredDataConnectors, [parameter(mandatory=$False,HelpMessage='The frequency that this SecurityMLAnalyticsSettings will be run.)')] [string] $frequency, [parameter(mandatory=$False,HelpMessage='The anomaly version of the AnomalySecurityMLAnalyticsSettings.)')] [string] $anomalyVersion, [parameter(mandatory=$False,HelpMessage='The kind of security ML analytics settings Expected value is ''Anomaly''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The display name for settings created by this SecurityMLAnalyticsSettings.)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='The techniques of the SecurityMLAnalyticsSettings)')] [string[]] $techniques, [parameter(mandatory=$False,HelpMessage='The anomaly settings definition Id)')] [string] $settingsDefinitionId, [parameter(mandatory=$False,HelpMessage='Determines whether this settings is enabled or disabled.)')] [bool] $enabled, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.)')] [int] $anomalySettingsVersion, [parameter(mandatory=$False,HelpMessage='Security ML Analytics Settings resource name)')] [string] $settingsResourceName, [parameter(mandatory=$False,HelpMessage='The anomaly SecurityMLAnalyticsSettings status)')] [string] [ValidateSet('Production', 'Flighting')] $settingsStatus, [parameter(mandatory=$False,HelpMessage='The tactics of the SecurityMLAnalyticsSettings)')] $tactics, [parameter(mandatory=$False,HelpMessage='Determines whether this anomaly security ml analytics settings is a default settings)')] [bool] $isDefaultSettings, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings") $resource.properties["anomalyVersion"] = $anomalyVersion $resource.properties["displayName"] = $displayName $resource.properties["enabled"] = $enabled $resource.properties["frequency"] = $frequency $resource.properties["isDefaultSettings"] = $isDefaultSettings $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["settingsStatus"] = $settingsStatus $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'customizableObservations') { $resource.properties["customizableObservations"] = $customizableObservations } if($PSBoundParameters.Keys -icontains 'requiredDataConnectors') { $resource.properties["requiredDataConnectors"] = $requiredDataConnectors } if($PSBoundParameters.Keys -icontains 'techniques') { $resource.properties["techniques"] = $techniques } if($PSBoundParameters.Keys -icontains 'settingsDefinitionId') { $resource.properties["settingsDefinitionId"] = $settingsDefinitionId } if($PSBoundParameters.Keys -icontains 'anomalySettingsVersion') { $resource.properties["anomalySettingsVersion"] = $anomalySettingsVersion } if($PSBoundParameters.Keys -icontains 'settingsResourceName') { $resource.properties["settingsResourceName"] = $settingsResourceName } if($PSBoundParameters.Keys -icontains 'tactics') { $resource.properties["tactics"] = $tactics } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsWatchlistItem { [Alias('azure_native_securityinsights_watchlistitem')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Watchlist Alias)')] [string] $watchlistAlias, [parameter(mandatory=$False,HelpMessage='The time the watchlist item was created)')] [string] $created, [parameter(mandatory=$False,HelpMessage='key-value pairs for a watchlist item entity mapping)')] $entityMapping, [parameter(mandatory=$False,HelpMessage='The type of the watchlist item)')] [string] $watchlistItemType, [parameter(mandatory=$False,HelpMessage='A flag that indicates if the watchlist item is deleted or not)')] [bool] $isDeleted, [parameter(mandatory=$False,HelpMessage='Describes a user that created the watchlist item)')] [WatchlistUserInfo] $createdBy, [parameter(mandatory=$False,HelpMessage='The id (a Guid) of the watchlist item)')] [string] $watchlistItemId, [parameter(mandatory=$False,HelpMessage='The tenantId to which the watchlist item belongs to)')] [string] $tenantId, [parameter(mandatory=$False,HelpMessage='key-value pairs for a watchlist item)')] $itemsKeyValue, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The last time the watchlist item was updated)')] [string] $updated, [parameter(mandatory=$False,HelpMessage='Describes a user that updated the watchlist item)')] [WatchlistUserInfo] $updatedBy, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:WatchlistItem") $resource.properties["itemsKeyValue"] = $itemsKeyValue $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["watchlistAlias"] = $watchlistAlias $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'created') { $resource.properties["created"] = $created } if($PSBoundParameters.Keys -icontains 'entityMapping') { $resource.properties["entityMapping"] = $entityMapping } if($PSBoundParameters.Keys -icontains 'watchlistItemType') { $resource.properties["watchlistItemType"] = $watchlistItemType } if($PSBoundParameters.Keys -icontains 'isDeleted') { $resource.properties["isDeleted"] = $isDeleted } if($PSBoundParameters.Keys -icontains 'createdBy') { $resource.properties["createdBy"] = $createdBy } if($PSBoundParameters.Keys -icontains 'watchlistItemId') { $resource.properties["watchlistItemId"] = $watchlistItemId } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } if($PSBoundParameters.Keys -icontains 'updated') { $resource.properties["updated"] = $updated } if($PSBoundParameters.Keys -icontains 'updatedBy') { $resource.properties["updatedBy"] = $updatedBy } $global:pulumiresources += $resource return $resource } } class ActivityEntityQueriesPropertiesQueryDefinitions { [string] $query } function New-AzureNativeTypeSecurityinsightsActivityEntityQueriesPropertiesQueryDefinitions { param ( [parameter(mandatory=$False,HelpMessage='The Activity query to run on a given entity)')] [string] $query ) process { return $([ActivityEntityQueriesPropertiesQueryDefinitions]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsActivityCustomEntityQuery { [Alias('azure_native_securityinsights_activitycustomentityquery')] param ( [parameter(mandatory=$False,HelpMessage='entity query ID)')] [string] $entityQueryId, [parameter(mandatory=$False,HelpMessage='The entity query title)')] [string] $title, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The template id this activity was created from)')] [string] $templateName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The type of the query''s source entity)')] [string] [ValidateSet('Account', 'Host', 'File', 'AzureResource', 'CloudApplication', 'DNS', 'FileHash', 'IP', 'Malware', 'Process', 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'URL', 'IoTDevice', 'SecurityAlert', 'HuntingBookmark', 'MailCluster', 'MailMessage', 'Mailbox', 'SubmissionMail')] $inputEntityType, [parameter(mandatory=$False,HelpMessage='The Activity query definitions)')] [ActivityEntityQueriesPropertiesQueryDefinitions] $queryDefinitions, [parameter(mandatory=$False,HelpMessage='The entity query description)')] [string] $description, [parameter(mandatory=$False,HelpMessage='The entity query content to display in timeline)')] [string] $content, [parameter(mandatory=$False,HelpMessage='The query applied only to entities matching to all filters)')] [object] $entitiesFilter, [parameter(mandatory=$False,HelpMessage='The kind of the entity query that supports put request. Expected value is ''Activity''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='Determines whether this activity is enabled or disabled.)')] [bool] $enabled, [parameter(mandatory=$False,HelpMessage='List of the fields of the source entity that are required to run the query)')] [array[]] $requiredInputFieldsSets, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:ActivityCustomEntityQuery") $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'entityQueryId') { $resource.properties["entityQueryId"] = $entityQueryId } if($PSBoundParameters.Keys -icontains 'title') { $resource.properties["title"] = $title } if($PSBoundParameters.Keys -icontains 'templateName') { $resource.properties["templateName"] = $templateName } if($PSBoundParameters.Keys -icontains 'inputEntityType') { $resource.properties["inputEntityType"] = $inputEntityType } if($PSBoundParameters.Keys -icontains 'queryDefinitions') { $resource.properties["queryDefinitions"] = $queryDefinitions } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'content') { $resource.properties["content"] = $content } if($PSBoundParameters.Keys -icontains 'entitiesFilter') { $resource.properties["entitiesFilter"] = $entitiesFilter } if($PSBoundParameters.Keys -icontains 'enabled') { $resource.properties["enabled"] = $enabled } if($PSBoundParameters.Keys -icontains 'requiredInputFieldsSets') { $resource.properties["requiredInputFieldsSets"] = $requiredInputFieldsSets } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsAction { [Alias('azure_native_securityinsights_action')] param ( [parameter(mandatory=$False,HelpMessage='Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.)')] [string] $logicAppResourceId, [parameter(mandatory=$False,HelpMessage='Logic App Callback URL for this specific workflow.)')] [string] $triggerUri, [parameter(mandatory=$False,HelpMessage='Action ID)')] [string] $actionId, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Action") $resource.properties["logicAppResourceId"] = $logicAppResourceId $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["ruleId"] = $ruleId $resource.properties["triggerUri"] = $triggerUri $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'actionId') { $resource.properties["actionId"] = $actionId } $global:pulumiresources += $resource return $resource } } class UserInfo { [string] $objectId } function New-AzureNativeTypeSecurityinsightsUserInfo { param ( [parameter(mandatory=$False,HelpMessage='The object id of the user.)')] [string] $objectId ) process { return $([UserInfo]$PSBoundParameters) } } class IncidentInfo { [ValidateSet('High', 'Medium', 'Low', 'Informational')] [string] $severity [ValidateSet('High', 'Medium', 'Low', 'Informational')] [string] $incidentId [ValidateSet('High', 'Medium', 'Low', 'Informational')] [string] $relationName [ValidateSet('High', 'Medium', 'Low', 'Informational')] [string] $title } function New-AzureNativeTypeSecurityinsightsIncidentInfo { param ( [parameter(mandatory=$False,HelpMessage='The severity of the incident)')] [string] [ValidateSet('High', 'Medium', 'Low', 'Informational')] $severity, [parameter(mandatory=$False,HelpMessage='Incident Id)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='Relation Name)')] [string] $relationName, [parameter(mandatory=$False,HelpMessage='The title of the incident)')] [string] $title ) process { return $([IncidentInfo]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsBookmark { [Alias('azure_native_securityinsights_bookmark')] param ( [parameter(mandatory=$False,HelpMessage='The end time for the query)')] [string] $queryEndTime, [parameter(mandatory=$False,HelpMessage='The time the bookmark was created)')] [string] $created, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='List of labels relevant to this bookmark)')] [string[]] $labels, [parameter(mandatory=$False,HelpMessage='The bookmark event time)')] [string] $eventTime, [parameter(mandatory=$False,HelpMessage='Describes a user that created the bookmark)')] [UserInfo] $createdBy, [parameter(mandatory=$False,HelpMessage='The last time the bookmark was updated)')] [string] $updated, [parameter(mandatory=$False,HelpMessage='Describes an incident that relates to bookmark)')] [IncidentInfo] $incidentInfo, [parameter(mandatory=$False,HelpMessage='The start time for the query)')] [string] $queryStartTime, [parameter(mandatory=$False,HelpMessage='The notes of the bookmark)')] [string] $notes, [parameter(mandatory=$False,HelpMessage='The display name of the bookmark)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Bookmark ID)')] [string] $bookmarkId, [parameter(mandatory=$False,HelpMessage='The query result of the bookmark.)')] [string] $queryResult, [parameter(mandatory=$False,HelpMessage='The query of the bookmark.)')] [string] $query, [parameter(mandatory=$False,HelpMessage='Describes a user that updated the bookmark)')] [UserInfo] $updatedBy, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Bookmark") $resource.properties["displayName"] = $displayName $resource.properties["query"] = $query $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'queryEndTime') { $resource.properties["queryEndTime"] = $queryEndTime } if($PSBoundParameters.Keys -icontains 'created') { $resource.properties["created"] = $created } if($PSBoundParameters.Keys -icontains 'labels') { $resource.properties["labels"] = $labels } if($PSBoundParameters.Keys -icontains 'eventTime') { $resource.properties["eventTime"] = $eventTime } if($PSBoundParameters.Keys -icontains 'createdBy') { $resource.properties["createdBy"] = $createdBy } if($PSBoundParameters.Keys -icontains 'updated') { $resource.properties["updated"] = $updated } if($PSBoundParameters.Keys -icontains 'incidentInfo') { $resource.properties["incidentInfo"] = $incidentInfo } if($PSBoundParameters.Keys -icontains 'queryStartTime') { $resource.properties["queryStartTime"] = $queryStartTime } if($PSBoundParameters.Keys -icontains 'notes') { $resource.properties["notes"] = $notes } if($PSBoundParameters.Keys -icontains 'bookmarkId') { $resource.properties["bookmarkId"] = $bookmarkId } if($PSBoundParameters.Keys -icontains 'queryResult') { $resource.properties["queryResult"] = $queryResult } if($PSBoundParameters.Keys -icontains 'updatedBy') { $resource.properties["updatedBy"] = $updatedBy } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsThreatIntelligenceIndicator { [Alias('azure_native_securityinsights_threatintelligenceindicator')] param ( [parameter(mandatory=$False,HelpMessage='Description of a threat intelligence entity)')] [string] $description, [parameter(mandatory=$False,HelpMessage='External ID of threat intelligence entity)')] [string] $externalId, [parameter(mandatory=$False,HelpMessage='Valid until)')] [string] $validUntil, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='Created by reference of threat intelligence entity)')] [string] $createdByRef, [parameter(mandatory=$False,HelpMessage='Indicator types of threat intelligence entities)')] [string[]] $indicatorTypes, [parameter(mandatory=$False,HelpMessage='Parsed patterns)')] $parsedPattern, [parameter(mandatory=$False,HelpMessage='Kill chain phases)')] $killChainPhases, [parameter(mandatory=$False,HelpMessage='Labels of threat intelligence entity)')] [string[]] $labels, [parameter(mandatory=$False,HelpMessage='Pattern type of a threat intelligence entity)')] [string] $patternType, [parameter(mandatory=$False,HelpMessage='Created by)')] [string] $created, [parameter(mandatory=$False,HelpMessage='The kind of the entity.)')] [string] [ValidateSet('indicator')] $kind, [parameter(mandatory=$False,HelpMessage='Language of threat intelligence entity)')] [string] $language, [parameter(mandatory=$False,HelpMessage='Threat intelligence indicator name field.)')] [string] $name, [parameter(mandatory=$False,HelpMessage='Display name of a threat intelligence entity)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='Pattern of a threat intelligence entity)')] [string] $pattern, [parameter(mandatory=$False,HelpMessage='Threat intelligence entity object marking references)')] [string[]] $objectMarkingRefs, [parameter(mandatory=$False,HelpMessage='Modified by)')] [string] $modified, [parameter(mandatory=$False,HelpMessage='Is threat intelligence entity revoked)')] [bool] $revoked, [parameter(mandatory=$False,HelpMessage='Source of a threat intelligence entity)')] [string] $source, [parameter(mandatory=$False,HelpMessage='Last updated time in UTC)')] [string] $lastUpdatedTimeUtc, [parameter(mandatory=$False,HelpMessage='Granular Markings)')] $granularMarkings, [parameter(mandatory=$False,HelpMessage='External last updated time in UTC)')] [string] $externalLastUpdatedTimeUtc, [parameter(mandatory=$False,HelpMessage='Pattern version of a threat intelligence entity)')] [string] $patternVersion, [parameter(mandatory=$False,HelpMessage='Is threat intelligence entity defanged)')] [bool] $defanged, [parameter(mandatory=$False,HelpMessage='List of tags)')] [string[]] $threatIntelligenceTags, [parameter(mandatory=$False,HelpMessage='Valid from)')] [string] $validFrom, [parameter(mandatory=$False,HelpMessage='Extensions map)')] $extensions, [parameter(mandatory=$False,HelpMessage='Confidence of threat intelligence entity)')] [int] $confidence, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Threat types)')] [string[]] $threatTypes, [parameter(mandatory=$False,HelpMessage='External References)')] $externalReferences, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:ThreatIntelligenceIndicator") $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'externalId') { $resource.properties["externalId"] = $externalId } if($PSBoundParameters.Keys -icontains 'validUntil') { $resource.properties["validUntil"] = $validUntil } if($PSBoundParameters.Keys -icontains 'createdByRef') { $resource.properties["createdByRef"] = $createdByRef } if($PSBoundParameters.Keys -icontains 'indicatorTypes') { $resource.properties["indicatorTypes"] = $indicatorTypes } if($PSBoundParameters.Keys -icontains 'parsedPattern') { $resource.properties["parsedPattern"] = $parsedPattern } if($PSBoundParameters.Keys -icontains 'killChainPhases') { $resource.properties["killChainPhases"] = $killChainPhases } if($PSBoundParameters.Keys -icontains 'labels') { $resource.properties["labels"] = $labels } if($PSBoundParameters.Keys -icontains 'patternType') { $resource.properties["patternType"] = $patternType } if($PSBoundParameters.Keys -icontains 'created') { $resource.properties["created"] = $created } if($PSBoundParameters.Keys -icontains 'language') { $resource.properties["language"] = $language } if($PSBoundParameters.Keys -icontains 'name') { $resource.properties["name"] = $name } if($PSBoundParameters.Keys -icontains 'displayName') { $resource.properties["displayName"] = $displayName } if($PSBoundParameters.Keys -icontains 'pattern') { $resource.properties["pattern"] = $pattern } if($PSBoundParameters.Keys -icontains 'objectMarkingRefs') { $resource.properties["objectMarkingRefs"] = $objectMarkingRefs } if($PSBoundParameters.Keys -icontains 'modified') { $resource.properties["modified"] = $modified } if($PSBoundParameters.Keys -icontains 'revoked') { $resource.properties["revoked"] = $revoked } if($PSBoundParameters.Keys -icontains 'source') { $resource.properties["source"] = $source } if($PSBoundParameters.Keys -icontains 'lastUpdatedTimeUtc') { $resource.properties["lastUpdatedTimeUtc"] = $lastUpdatedTimeUtc } if($PSBoundParameters.Keys -icontains 'granularMarkings') { $resource.properties["granularMarkings"] = $granularMarkings } if($PSBoundParameters.Keys -icontains 'externalLastUpdatedTimeUtc') { $resource.properties["externalLastUpdatedTimeUtc"] = $externalLastUpdatedTimeUtc } if($PSBoundParameters.Keys -icontains 'patternVersion') { $resource.properties["patternVersion"] = $patternVersion } if($PSBoundParameters.Keys -icontains 'defanged') { $resource.properties["defanged"] = $defanged } if($PSBoundParameters.Keys -icontains 'threatIntelligenceTags') { $resource.properties["threatIntelligenceTags"] = $threatIntelligenceTags } if($PSBoundParameters.Keys -icontains 'validFrom') { $resource.properties["validFrom"] = $validFrom } if($PSBoundParameters.Keys -icontains 'extensions') { $resource.properties["extensions"] = $extensions } if($PSBoundParameters.Keys -icontains 'confidence') { $resource.properties["confidence"] = $confidence } if($PSBoundParameters.Keys -icontains 'threatTypes') { $resource.properties["threatTypes"] = $threatTypes } if($PSBoundParameters.Keys -icontains 'externalReferences') { $resource.properties["externalReferences"] = $externalReferences } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsUeba { [Alias('azure_native_securityinsights_ueba')] param ( [parameter(mandatory=$False,HelpMessage='The relevant data sources that enriched by ueba)')] $dataSources, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The kind of the setting Expected value is ''Ueba''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Ueba") $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataSources') { $resource.properties["dataSources"] = $dataSources } if($PSBoundParameters.Keys -icontains 'settingsName') { $resource.properties["settingsName"] = $settingsName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsASCDataConnector { [Alias('azure_native_securityinsights_ascdataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''AzureSecurityCenter''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The subscription id to connect to, and get the data from.)')] [string] $subscriptionId, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [AlertsDataTypeOfDataConnector] $dataTypes, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:ASCDataConnector") $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'subscriptionId') { $resource.properties["subscriptionId"] = $subscriptionId } if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } $global:pulumiresources += $resource return $resource } } class IncidentOwnerInfo { [string] $assignedTo [string] $objectId [string] $userPrincipalName [string] $email } function New-AzureNativeTypeSecurityinsightsIncidentOwnerInfo { param ( [parameter(mandatory=$False,HelpMessage='The name of the user the incident is assigned to.)')] [string] $assignedTo, [parameter(mandatory=$False,HelpMessage='The object id of the user the incident is assigned to.)')] [string] $objectId, [parameter(mandatory=$False,HelpMessage='The user principal name of the user the incident is assigned to.)')] [string] $userPrincipalName, [parameter(mandatory=$False,HelpMessage='The email of the user the incident is assigned to.)')] [string] ) process { return $([IncidentOwnerInfo]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsIncident { [Alias('azure_native_securityinsights_incident')] param ( [parameter(mandatory=$False,HelpMessage='The title of the incident)')] [string] $title, [parameter(mandatory=$False,HelpMessage='The time of the last activity in the incident)')] [string] $lastActivityTimeUtc, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Describes the reason the incident was closed)')] [string] $classificationComment, [parameter(mandatory=$False,HelpMessage='The severity of the incident)')] [string] [ValidateSet('High', 'Medium', 'Low', 'Informational')] $severity, [parameter(mandatory=$False,HelpMessage='The time of the first activity in the incident)')] [string] $firstActivityTimeUtc, [parameter(mandatory=$False,HelpMessage='The reason the incident was closed)')] [string] [ValidateSet('Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive')] $classification, [parameter(mandatory=$False,HelpMessage='The description of the incident)')] [string] $description, [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='The status of the incident)')] [string] [ValidateSet('New', 'Active', 'Closed')] $status, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The classification reason the incident was closed with)')] [string] [ValidateSet('SuspiciousActivity', 'SuspiciousButExpected', 'IncorrectAlertLogic', 'InaccurateData')] $classificationReason, [parameter(mandatory=$False,HelpMessage='Describes a user that the incident is assigned to)')] [IncidentOwnerInfo] $owner, [parameter(mandatory=$False,HelpMessage='List of labels relevant to this incident)')] $labels, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Incident") $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["severity"] = $severity $resource.properties["status"] = $status $resource.properties["title"] = $title $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'lastActivityTimeUtc') { $resource.properties["lastActivityTimeUtc"] = $lastActivityTimeUtc } if($PSBoundParameters.Keys -icontains 'classificationComment') { $resource.properties["classificationComment"] = $classificationComment } if($PSBoundParameters.Keys -icontains 'firstActivityTimeUtc') { $resource.properties["firstActivityTimeUtc"] = $firstActivityTimeUtc } if($PSBoundParameters.Keys -icontains 'classification') { $resource.properties["classification"] = $classification } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'incidentId') { $resource.properties["incidentId"] = $incidentId } if($PSBoundParameters.Keys -icontains 'classificationReason') { $resource.properties["classificationReason"] = $classificationReason } if($PSBoundParameters.Keys -icontains 'owner') { $resource.properties["owner"] = $owner } if($PSBoundParameters.Keys -icontains 'labels') { $resource.properties["labels"] = $labels } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsAADDataConnector { [Alias('azure_native_securityinsights_aaddataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''AzureActiveDirectory''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [AlertsDataTypeOfDataConnector] $dataTypes, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AADDataConnector") $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsFusionAlertRule { [Alias('azure_native_securityinsights_fusionalertrule')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The kind of the alert rule Expected value is ''Fusion''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The Name of the alert rule template used to create this rule.)')] [string] $alertRuleTemplateName, [parameter(mandatory=$False,HelpMessage='Determines whether this alert rule is enabled or disabled.)')] [bool] $enabled, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:FusionAlertRule") $resource.properties["alertRuleTemplateName"] = $alertRuleTemplateName $resource.properties["enabled"] = $enabled $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'ruleId') { $resource.properties["ruleId"] = $ruleId } $global:pulumiresources += $resource return $resource } } class MCASDataConnectorDataTypes { [DataConnectorDataTypeCommon] $discoveryLogs [DataConnectorDataTypeCommon] $alerts } function New-AzureNativeTypeSecurityinsightsMCASDataConnectorDataTypes { param ( [parameter(mandatory=$False,HelpMessage='Discovery log data type connection.)')] [DataConnectorDataTypeCommon] $discoveryLogs, [parameter(mandatory=$False,HelpMessage='Alerts data type connection.)')] [DataConnectorDataTypeCommon] $alerts ) process { return $([MCASDataConnectorDataTypes]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsMCASDataConnector { [Alias('azure_native_securityinsights_mcasdataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''MicrosoftCloudAppSecurity''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [MCASDataConnectorDataTypes] $dataTypes, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:MCASDataConnector") $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } $global:pulumiresources += $resource return $resource } } |