pspulumiyaml.azurenative.securityinsights.psm1
|
using module pspulumiyaml function Invoke-AzureNativeFunctionSecurityinsightsGetEntityInsights { param ( [parameter(mandatory=$False,HelpMessage='entity ID)')] [string] $entityId, [parameter(mandatory=$False,HelpMessage='The end timeline date, so the results returned are before this date.)')] [string] $endTime, [parameter(mandatory=$False,HelpMessage='List of Insights Query Id. If empty, default value is all insights of this entity)')] [string[]] $insightQueryIds, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Indicates if query time range should be extended with default time range of the query. Default value is false)')] [bool] $addDefaultExtendedTimeRange, [parameter(mandatory=$False,HelpMessage='The start timeline date, so the results returned are after this date.)')] [string] $startTime ) process { $arguments = @{} $arguments["endTime"] = $endTime $arguments["entityId"] = $entityId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["startTime"] = $startTime $arguments["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'insightQueryIds') { $arguments["insightQueryIds"] = $insightQueryIds } if($PSBoundParameters.Keys -icontains 'addDefaultExtendedTimeRange') { $arguments["addDefaultExtendedTimeRange"] = $addDefaultExtendedTimeRange } $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getEntityInsights -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetIncident { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["incidentId"] = $incidentId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getIncident -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetEntityQuery { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='entity query ID)')] [string] $entityQueryId, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["entityQueryId"] = $entityQueryId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getEntityQuery -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetActivityCustomEntityQuery { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='entity query ID)')] [string] $entityQueryId, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["entityQueryId"] = $entityQueryId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getActivityCustomEntityQuery -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAATPDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAATPDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetThreatIntelligenceIndicator { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Threat intelligence indicator name field.)')] [string] $name, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["name"] = $name $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getThreatIntelligenceIndicator -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAwsCloudTrailDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAwsCloudTrailDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetTIDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getTIDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetMicrosoftSecurityIncidentCreationAlertRule { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["ruleId"] = $ruleId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getMicrosoftSecurityIncidentCreationAlertRule -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetEyesOn { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsName"] = $settingsName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getEyesOn -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetBookmark { param ( [parameter(mandatory=$False,HelpMessage='Bookmark ID)')] [string] $bookmarkId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["bookmarkId"] = $bookmarkId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getBookmark -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetASCDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getASCDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetMCASDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getMCASDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetSentinelOnboardingState { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The Sentinel onboarding state name. Supports - default)')] [string] $sentinelOnboardingStateName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["sentinelOnboardingStateName"] = $sentinelOnboardingStateName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getSentinelOnboardingState -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetEntitiesGetTimeline { param ( [parameter(mandatory=$False,HelpMessage='entity ID)')] [string] $entityId, [parameter(mandatory=$False,HelpMessage='Array of timeline Item kinds.)')] $kinds, [parameter(mandatory=$False,HelpMessage='The end timeline date, so the results returned are before this date.)')] [string] $endTime, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The number of bucket for timeline queries aggregation.)')] [int] $numberOfBucket, [parameter(mandatory=$False,HelpMessage='The start timeline date, so the results returned are after this date.)')] [string] $startTime ) process { $arguments = @{} $arguments["endTime"] = $endTime $arguments["entityId"] = $entityId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["startTime"] = $startTime $arguments["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'kinds') { $arguments["kinds"] = $kinds } if($PSBoundParameters.Keys -icontains 'numberOfBucket') { $arguments["numberOfBucket"] = $numberOfBucket } $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getEntitiesGetTimeline -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetBookmarkRelation { param ( [parameter(mandatory=$False,HelpMessage='Bookmark ID)')] [string] $bookmarkId, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Relation Name)')] [string] $relationName ) process { $arguments = @{} $arguments["bookmarkId"] = $bookmarkId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["relationName"] = $relationName $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getBookmarkRelation -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAlertRule { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["ruleId"] = $ruleId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAlertRule -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetUeba { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsName"] = $settingsName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getUeba -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsListSourceControlRepositories { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:listSourceControlRepositories -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetIncidentComment { param ( [parameter(mandatory=$False,HelpMessage='Incident comment ID)')] [string] $incidentCommentId, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["incidentCommentId"] = $incidentCommentId $arguments["incidentId"] = $incidentId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getIncidentComment -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetScheduledAlertRule { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["ruleId"] = $ruleId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getScheduledAlertRule -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetWatchlistItem { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='Watchlist Item Id (GUID))')] [string] $watchlistItemId, [parameter(mandatory=$False,HelpMessage='Watchlist Alias)')] [string] $watchlistAlias, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["watchlistAlias"] = $watchlistAlias $arguments["watchlistItemId"] = $watchlistItemId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getWatchlistItem -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAnomalySecurityMLAnalyticsSettings { param ( [parameter(mandatory=$False,HelpMessage='Security ML Analytics Settings resource name)')] [string] $settingsResourceName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsResourceName"] = $settingsResourceName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAnomalySecurityMLAnalyticsSettings -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetSourceControl { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Source control Id)')] [string] $sourceControlId, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["sourceControlId"] = $sourceControlId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getSourceControl -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetOfficeDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getOfficeDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetMDATPDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getMDATPDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetSecurityMLAnalyticsSetting { param ( [parameter(mandatory=$False,HelpMessage='Security ML Analytics Settings resource name)')] [string] $settingsResourceName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsResourceName"] = $settingsResourceName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getSecurityMLAnalyticsSetting -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAnomalies { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsName"] = $settingsName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAnomalies -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetMetadata { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The Metadata name.)')] [string] $metadataName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["metadataName"] = $metadataName $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getMetadata -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAction { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Action ID)')] [string] $actionId ) process { $arguments = @{} $arguments["actionId"] = $actionId $arguments["resourceGroupName"] = $resourceGroupName $arguments["ruleId"] = $ruleId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAction -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetFusionAlertRule { param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["resourceGroupName"] = $resourceGroupName $arguments["ruleId"] = $ruleId $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getFusionAlertRule -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetEntityAnalytics { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsName"] = $settingsName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getEntityAnalytics -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAADDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAADDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetIncidentRelation { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='Relation Name)')] [string] $relationName ) process { $arguments = @{} $arguments["incidentId"] = $incidentId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["relationName"] = $relationName $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getIncidentRelation -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["dataConnectorId"] = $dataConnectorId $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getDataConnector -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetAutomationRule { param ( [parameter(mandatory=$False,HelpMessage='Automation rule ID)')] [string] $automationRuleId, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["automationRuleId"] = $automationRuleId $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getAutomationRule -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetWatchlist { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Watchlist Alias)')] [string] $watchlistAlias, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["watchlistAlias"] = $watchlistAlias $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getWatchlist -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } function Invoke-AzureNativeFunctionSecurityinsightsGetProductSetting { param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName ) process { $arguments = @{} $arguments["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $arguments["resourceGroupName"] = $resourceGroupName $arguments["settingsName"] = $settingsName $arguments["workspaceName"] = $workspaceName $functionObject = Invoke-PulumiFunction -Name azure-native:securityinsights:getProductSetting -variableName $([guid]::NewGuid().Guid) -Arguments $arguments return $functionObject } } class IncidentOwnerInfo { [string] $userPrincipalName [string] $email [string] $objectId [string] $assignedTo } function New-AzureNativeTypeSecurityinsightsIncidentOwnerInfo { param ( [parameter(mandatory=$False,HelpMessage='The user principal name of the user the incident is assigned to.)')] [string] $userPrincipalName, [parameter(mandatory=$False,HelpMessage='The email of the user the incident is assigned to.)')] [string] $email, [parameter(mandatory=$False,HelpMessage='The object id of the user the incident is assigned to.)')] [string] $objectId, [parameter(mandatory=$False,HelpMessage='The name of the user the incident is assigned to.)')] [string] $assignedTo ) process { return $([IncidentOwnerInfo]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsIncident { [Alias('azure_native_securityinsights_incident')] param ( [parameter(mandatory=$False,HelpMessage='List of labels relevant to this incident)')] $labels, [parameter(mandatory=$False,HelpMessage='The severity of the incident)')] [string] [ValidateSet('High', 'Medium', 'Low', 'Informational')] $severity, [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='The description of the incident)')] [string] $description, [parameter(mandatory=$False,HelpMessage='The title of the incident)')] [string] $title, [parameter(mandatory=$False,HelpMessage='The time of the last activity in the incident)')] [string] $lastActivityTimeUtc, [parameter(mandatory=$False,HelpMessage='Describes the reason the incident was closed)')] [string] $classificationComment, [parameter(mandatory=$False,HelpMessage='Describes a user that the incident is assigned to)')] [IncidentOwnerInfo] $owner, [parameter(mandatory=$False,HelpMessage='The status of the incident)')] [string] [ValidateSet('New', 'Active', 'Closed')] $status, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The reason the incident was closed)')] [string] [ValidateSet('Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive')] $classification, [parameter(mandatory=$False,HelpMessage='The classification reason the incident was closed with)')] [string] [ValidateSet('SuspiciousActivity', 'SuspiciousButExpected', 'IncorrectAlertLogic', 'InaccurateData')] $classificationReason, [parameter(mandatory=$False,HelpMessage='The time of the first activity in the incident)')] [string] $firstActivityTimeUtc, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Incident") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["severity"] = $severity $resource.properties["status"] = $status $resource.properties["title"] = $title $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'labels') { $resource.properties["labels"] = $labels } if($PSBoundParameters.Keys -icontains 'incidentId') { $resource.properties["incidentId"] = $incidentId } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'lastActivityTimeUtc') { $resource.properties["lastActivityTimeUtc"] = $lastActivityTimeUtc } if($PSBoundParameters.Keys -icontains 'classificationComment') { $resource.properties["classificationComment"] = $classificationComment } if($PSBoundParameters.Keys -icontains 'owner') { $resource.properties["owner"] = $owner } if($PSBoundParameters.Keys -icontains 'classification') { $resource.properties["classification"] = $classification } if($PSBoundParameters.Keys -icontains 'classificationReason') { $resource.properties["classificationReason"] = $classificationReason } if($PSBoundParameters.Keys -icontains 'firstActivityTimeUtc') { $resource.properties["firstActivityTimeUtc"] = $firstActivityTimeUtc } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsAction { [Alias('azure_native_securityinsights_action')] param ( [parameter(mandatory=$False,HelpMessage='Action ID)')] [string] $actionId, [parameter(mandatory=$False,HelpMessage='Logic App Callback URL for this specific workflow.)')] [string] $triggerUri, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.)')] [string] $logicAppResourceId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Action") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["logicAppResourceId"] = $logicAppResourceId $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["ruleId"] = $ruleId $resource.properties["triggerUri"] = $triggerUri $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'actionId') { $resource.properties["actionId"] = $actionId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsBookmarkRelation { [Alias('azure_native_securityinsights_bookmarkrelation')] param ( [parameter(mandatory=$False,HelpMessage='The resource ID of the related resource)')] [string] $relatedResourceId, [parameter(mandatory=$False,HelpMessage='Bookmark ID)')] [string] $bookmarkId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Relation Name)')] [string] $relationName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:BookmarkRelation") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["bookmarkId"] = $bookmarkId $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["relatedResourceId"] = $relatedResourceId $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'relationName') { $resource.properties["relationName"] = $relationName } $global:pulumiresources += $resource return $resource } } class DataConnectorDataTypeCommon { [ArgumentCompletions('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsDataConnectorDataTypeCommon { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([DataConnectorDataTypeCommon]$PSBoundParameters) } } class MCASDataConnectorDataTypes { [DataConnectorDataTypeCommon] $discoveryLogs [DataConnectorDataTypeCommon] $alerts } function New-AzureNativeTypeSecurityinsightsMCASDataConnectorDataTypes { param ( [parameter(mandatory=$False,HelpMessage='Discovery log data type connection.)')] [DataConnectorDataTypeCommon] $discoveryLogs, [parameter(mandatory=$False,HelpMessage='Alerts data type connection.)')] [DataConnectorDataTypeCommon] $alerts ) process { return $([MCASDataConnectorDataTypes]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsMCASDataConnector { [Alias('azure_native_securityinsights_mcasdataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''MicrosoftCloudAppSecurity''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [MCASDataConnectorDataTypes] $dataTypes, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:MCASDataConnector") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsSecurityMLAnalyticsSetting { [Alias('azure_native_securityinsights_securitymlanalyticssetting')] param ( [parameter(mandatory=$False,HelpMessage='Security ML Analytics Settings resource name)')] [string] $settingsResourceName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The kind of security ML Analytics Settings)')] [string] [ValidateSet('Anomaly')] $kind, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:SecurityMLAnalyticsSetting") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'settingsResourceName') { $resource.properties["settingsResourceName"] = $settingsResourceName } $global:pulumiresources += $resource return $resource } } class WatchlistUserInfo { [string] $objectId } function New-AzureNativeTypeSecurityinsightsWatchlistUserInfo { param ( [parameter(mandatory=$False,HelpMessage='The object id of the user.)')] [string] $objectId ) process { return $([WatchlistUserInfo]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsWatchlist { [Alias('azure_native_securityinsights_watchlist')] param ( [parameter(mandatory=$False,HelpMessage='The id (a Guid) of the watchlist)')] [string] $watchlistId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The provider of the watchlist)')] [string] $provider, [parameter(mandatory=$False,HelpMessage='List of labels relevant to this watchlist)')] [string[]] $labels, [parameter(mandatory=$False,HelpMessage='The content type of the raw content. Example : text/csv or text/tsv )')] [string] $contentType, [parameter(mandatory=$False,HelpMessage='The source of the watchlist)')] [string] [ValidateSet('Local file', 'Remote storage')] $source, [parameter(mandatory=$False,HelpMessage='The display name of the watchlist)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='The tenantId where the watchlist belongs to)')] [string] $tenantId, [parameter(mandatory=$False,HelpMessage='The time the watchlist was created)')] [string] $created, [parameter(mandatory=$False,HelpMessage='The type of the watchlist)')] [string] $watchlistType, [parameter(mandatory=$False,HelpMessage='The number of Watchlist Items in the Watchlist)')] [int] $watchlistItemsCount, [parameter(mandatory=$False,HelpMessage='A description of the watchlist)')] [string] $description, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The number of lines in a csv/tsv content to skip before the header)')] [int] $numberOfLinesToSkip, [parameter(mandatory=$False,HelpMessage='Describes a user that updated the watchlist)')] [WatchlistUserInfo] $updatedBy, [parameter(mandatory=$False,HelpMessage='The raw content that represents to watchlist items to create. In case of csv/tsv content type, it''s the content of the file that will parsed by the endpoint)')] [string] $rawContent, [parameter(mandatory=$False,HelpMessage='Describes a user that created the watchlist)')] [WatchlistUserInfo] $createdBy, [parameter(mandatory=$False,HelpMessage='The last time the watchlist was updated)')] [string] $updated, [parameter(mandatory=$False,HelpMessage='The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.)')] [string] $itemsSearchKey, [parameter(mandatory=$False,HelpMessage='A flag that indicates if the watchlist is deleted or not)')] [bool] $isDeleted, [parameter(mandatory=$False,HelpMessage='The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted)')] [string] $uploadStatus, [parameter(mandatory=$False,HelpMessage='The default duration of a watchlist (in ISO 8601 duration format))')] [string] $defaultDuration, [parameter(mandatory=$False,HelpMessage='The alias of the watchlist)')] [string] $watchlistAlias, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Watchlist") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["displayName"] = $displayName $resource.properties["itemsSearchKey"] = $itemsSearchKey $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["provider"] = $provider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["source"] = $source $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'watchlistId') { $resource.properties["watchlistId"] = $watchlistId } if($PSBoundParameters.Keys -icontains 'labels') { $resource.properties["labels"] = $labels } if($PSBoundParameters.Keys -icontains 'contentType') { $resource.properties["contentType"] = $contentType } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } if($PSBoundParameters.Keys -icontains 'created') { $resource.properties["created"] = $created } if($PSBoundParameters.Keys -icontains 'watchlistType') { $resource.properties["watchlistType"] = $watchlistType } if($PSBoundParameters.Keys -icontains 'watchlistItemsCount') { $resource.properties["watchlistItemsCount"] = $watchlistItemsCount } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'numberOfLinesToSkip') { $resource.properties["numberOfLinesToSkip"] = $numberOfLinesToSkip } if($PSBoundParameters.Keys -icontains 'updatedBy') { $resource.properties["updatedBy"] = $updatedBy } if($PSBoundParameters.Keys -icontains 'rawContent') { $resource.properties["rawContent"] = $rawContent } if($PSBoundParameters.Keys -icontains 'createdBy') { $resource.properties["createdBy"] = $createdBy } if($PSBoundParameters.Keys -icontains 'updated') { $resource.properties["updated"] = $updated } if($PSBoundParameters.Keys -icontains 'isDeleted') { $resource.properties["isDeleted"] = $isDeleted } if($PSBoundParameters.Keys -icontains 'uploadStatus') { $resource.properties["uploadStatus"] = $uploadStatus } if($PSBoundParameters.Keys -icontains 'defaultDuration') { $resource.properties["defaultDuration"] = $defaultDuration } if($PSBoundParameters.Keys -icontains 'watchlistAlias') { $resource.properties["watchlistAlias"] = $watchlistAlias } $global:pulumiresources += $resource return $resource } } class AlertsDataTypeOfDataConnector { [DataConnectorDataTypeCommon] $alerts } function New-AzureNativeTypeSecurityinsightsAlertsDataTypeOfDataConnector { param ( [parameter(mandatory=$False,HelpMessage='Alerts data type connection.)')] [DataConnectorDataTypeCommon] $alerts ) process { return $([AlertsDataTypeOfDataConnector]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsAATPDataConnector { [Alias('azure_native_securityinsights_aatpdataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''AzureAdvancedThreatProtection''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [AlertsDataTypeOfDataConnector] $dataTypes, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AATPDataConnector") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } $global:pulumiresources += $resource return $resource } } class UserInfo { [string] $objectId } function New-AzureNativeTypeSecurityinsightsUserInfo { param ( [parameter(mandatory=$False,HelpMessage='The object id of the user.)')] [string] $objectId ) process { return $([UserInfo]$PSBoundParameters) } } class IncidentInfo { [string] $title [ArgumentCompletions('High', 'Medium', 'Low', 'Informational')] [string] $severity [string] $incidentId [string] $relationName } function New-AzureNativeTypeSecurityinsightsIncidentInfo { param ( [parameter(mandatory=$False,HelpMessage='The title of the incident)')] [string] $title, [parameter(mandatory=$False,HelpMessage='The severity of the incident)')] [string] [ValidateSet('High', 'Medium', 'Low', 'Informational')] $severity, [parameter(mandatory=$False,HelpMessage='Incident Id)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='Relation Name)')] [string] $relationName ) process { return $([IncidentInfo]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsBookmark { [Alias('azure_native_securityinsights_bookmark')] param ( [parameter(mandatory=$False,HelpMessage='List of labels relevant to this bookmark)')] [string[]] $labels, [parameter(mandatory=$False,HelpMessage='The display name of the bookmark)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='Bookmark ID)')] [string] $bookmarkId, [parameter(mandatory=$False,HelpMessage='The bookmark event time)')] [string] $eventTime, [parameter(mandatory=$False,HelpMessage='The end time for the query)')] [string] $queryEndTime, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Describes a user that updated the bookmark)')] [UserInfo] $updatedBy, [parameter(mandatory=$False,HelpMessage='The start time for the query)')] [string] $queryStartTime, [parameter(mandatory=$False,HelpMessage='The notes of the bookmark)')] [string] $notes, [parameter(mandatory=$False,HelpMessage='The query result of the bookmark.)')] [string] $queryResult, [parameter(mandatory=$False,HelpMessage='The last time the bookmark was updated)')] [string] $updated, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Describes a user that created the bookmark)')] [UserInfo] $createdBy, [parameter(mandatory=$False,HelpMessage='The query of the bookmark.)')] [string] $query, [parameter(mandatory=$False,HelpMessage='Describes an incident that relates to bookmark)')] [IncidentInfo] $incidentInfo, [parameter(mandatory=$False,HelpMessage='The time the bookmark was created)')] [string] $created, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Bookmark") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["displayName"] = $displayName $resource.properties["query"] = $query $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'labels') { $resource.properties["labels"] = $labels } if($PSBoundParameters.Keys -icontains 'bookmarkId') { $resource.properties["bookmarkId"] = $bookmarkId } if($PSBoundParameters.Keys -icontains 'eventTime') { $resource.properties["eventTime"] = $eventTime } if($PSBoundParameters.Keys -icontains 'queryEndTime') { $resource.properties["queryEndTime"] = $queryEndTime } if($PSBoundParameters.Keys -icontains 'updatedBy') { $resource.properties["updatedBy"] = $updatedBy } if($PSBoundParameters.Keys -icontains 'queryStartTime') { $resource.properties["queryStartTime"] = $queryStartTime } if($PSBoundParameters.Keys -icontains 'notes') { $resource.properties["notes"] = $notes } if($PSBoundParameters.Keys -icontains 'queryResult') { $resource.properties["queryResult"] = $queryResult } if($PSBoundParameters.Keys -icontains 'updated') { $resource.properties["updated"] = $updated } if($PSBoundParameters.Keys -icontains 'createdBy') { $resource.properties["createdBy"] = $createdBy } if($PSBoundParameters.Keys -icontains 'incidentInfo') { $resource.properties["incidentInfo"] = $incidentInfo } if($PSBoundParameters.Keys -icontains 'created') { $resource.properties["created"] = $created } $global:pulumiresources += $resource return $resource } } class AwsCloudTrailDataConnectorDataTypesLogs { [ArgumentCompletions('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsAwsCloudTrailDataConnectorDataTypesLogs { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([AwsCloudTrailDataConnectorDataTypesLogs]$PSBoundParameters) } } class AwsCloudTrailDataConnectorDataTypes { [AwsCloudTrailDataConnectorDataTypesLogs] $logs } function New-AzureNativeTypeSecurityinsightsAwsCloudTrailDataConnectorDataTypes { param ( [parameter(mandatory=$False,HelpMessage='Logs data type.)')] [AwsCloudTrailDataConnectorDataTypesLogs] $logs ) process { return $([AwsCloudTrailDataConnectorDataTypes]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsAwsCloudTrailDataConnector { [Alias('azure_native_securityinsights_awscloudtraildataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''AmazonWebServicesCloudTrail''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [AwsCloudTrailDataConnectorDataTypes] $dataTypes, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.)')] [string] $awsRoleArn, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AwsCloudTrailDataConnector") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } if($PSBoundParameters.Keys -icontains 'awsRoleArn') { $resource.properties["awsRoleArn"] = $awsRoleArn } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsEyesOn { [Alias('azure_native_securityinsights_eyeson')] param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The kind of the setting Expected value is ''EyesOn''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:EyesOn") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'settingsName') { $resource.properties["settingsName"] = $settingsName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsIncidentComment { [Alias('azure_native_securityinsights_incidentcomment')] param ( [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='Incident comment ID)')] [string] $incidentCommentId, [parameter(mandatory=$False,HelpMessage='The comment message)')] [string] $message, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:IncidentComment") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["incidentId"] = $incidentId $resource.properties["message"] = $message $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'incidentCommentId') { $resource.properties["incidentCommentId"] = $incidentCommentId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsWatchlistItem { [Alias('azure_native_securityinsights_watchlistitem')] param ( [parameter(mandatory=$False,HelpMessage='A flag that indicates if the watchlist item is deleted or not)')] [bool] $isDeleted, [parameter(mandatory=$False,HelpMessage='The type of the watchlist item)')] [string] $watchlistItemType, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='key-value pairs for a watchlist item entity mapping)')] $entityMapping, [parameter(mandatory=$False,HelpMessage='The tenantId to which the watchlist item belongs to)')] [string] $tenantId, [parameter(mandatory=$False,HelpMessage='key-value pairs for a watchlist item)')] $itemsKeyValue, [parameter(mandatory=$False,HelpMessage='The id (a Guid) of the watchlist item)')] [string] $watchlistItemId, [parameter(mandatory=$False,HelpMessage='Describes a user that updated the watchlist item)')] [WatchlistUserInfo] $updatedBy, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The last time the watchlist item was updated)')] [string] $updated, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Describes a user that created the watchlist item)')] [WatchlistUserInfo] $createdBy, [parameter(mandatory=$False,HelpMessage='Watchlist Alias)')] [string] $watchlistAlias, [parameter(mandatory=$False,HelpMessage='The time the watchlist item was created)')] [string] $created, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:WatchlistItem") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["itemsKeyValue"] = $itemsKeyValue $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["watchlistAlias"] = $watchlistAlias $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'isDeleted') { $resource.properties["isDeleted"] = $isDeleted } if($PSBoundParameters.Keys -icontains 'watchlistItemType') { $resource.properties["watchlistItemType"] = $watchlistItemType } if($PSBoundParameters.Keys -icontains 'entityMapping') { $resource.properties["entityMapping"] = $entityMapping } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } if($PSBoundParameters.Keys -icontains 'watchlistItemId') { $resource.properties["watchlistItemId"] = $watchlistItemId } if($PSBoundParameters.Keys -icontains 'updatedBy') { $resource.properties["updatedBy"] = $updatedBy } if($PSBoundParameters.Keys -icontains 'updated') { $resource.properties["updated"] = $updated } if($PSBoundParameters.Keys -icontains 'createdBy') { $resource.properties["createdBy"] = $createdBy } if($PSBoundParameters.Keys -icontains 'created') { $resource.properties["created"] = $created } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsAnomalies { [Alias('azure_native_securityinsights_anomalies')] param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The kind of the setting Expected value is ''Anomalies''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Anomalies") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'settingsName') { $resource.properties["settingsName"] = $settingsName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsMicrosoftSecurityIncidentCreationAlertRule { [Alias('azure_native_securityinsights_microsoftsecurityincidentcreationalertrule')] param ( [parameter(mandatory=$False,HelpMessage='The Name of the alert rule template used to create this rule.)')] [string] $alertRuleTemplateName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='the alerts'' displayNames on which the cases will not be generated)')] [string[]] $displayNamesExcludeFilter, [parameter(mandatory=$False,HelpMessage='The alerts'' productName on which the cases will be generated)')] [string] [ValidateSet('Microsoft Cloud App Security', 'Azure Security Center', 'Azure Advanced Threat Protection', 'Azure Active Directory Identity Protection', 'Azure Security Center for IoT')] $productFilter, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Determines whether this alert rule is enabled or disabled.)')] [bool] $enabled, [parameter(mandatory=$False,HelpMessage='the alerts'' displayNames on which the cases will be generated)')] [string[]] $displayNamesFilter, [parameter(mandatory=$False,HelpMessage='The display name for alerts created by this alert rule.)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The description of the alert rule.)')] [string] $description, [parameter(mandatory=$False,HelpMessage='the alerts'' severities on which the cases will be generated)')] $severitiesFilter, [parameter(mandatory=$False,HelpMessage='The kind of the alert rule Expected value is ''MicrosoftSecurityIncidentCreation''.)')] [string] $kind, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:MicrosoftSecurityIncidentCreationAlertRule") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["displayName"] = $displayName $resource.properties["enabled"] = $enabled $resource.properties["kind"] = $kind $resource.properties["productFilter"] = $productFilter $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'alertRuleTemplateName') { $resource.properties["alertRuleTemplateName"] = $alertRuleTemplateName } if($PSBoundParameters.Keys -icontains 'displayNamesExcludeFilter') { $resource.properties["displayNamesExcludeFilter"] = $displayNamesExcludeFilter } if($PSBoundParameters.Keys -icontains 'displayNamesFilter') { $resource.properties["displayNamesFilter"] = $displayNamesFilter } if($PSBoundParameters.Keys -icontains 'ruleId') { $resource.properties["ruleId"] = $ruleId } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'severitiesFilter') { $resource.properties["severitiesFilter"] = $severitiesFilter } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsSentinelOnboardingState { [Alias('azure_native_securityinsights_sentinelonboardingstate')] param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The Sentinel onboarding state name. Supports - default)')] [string] $sentinelOnboardingStateName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Flag that indicates the status of the CMK setting)')] [bool] $customerManagedKey, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:SentinelOnboardingState") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'sentinelOnboardingStateName') { $resource.properties["sentinelOnboardingStateName"] = $sentinelOnboardingStateName } if($PSBoundParameters.Keys -icontains 'customerManagedKey') { $resource.properties["customerManagedKey"] = $customerManagedKey } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsAnomalySecurityMLAnalyticsSettings { [Alias('azure_native_securityinsights_anomalysecuritymlanalyticssettings')] param ( [parameter(mandatory=$False,HelpMessage='The techniques of the SecurityMLAnalyticsSettings)')] [string[]] $techniques, [parameter(mandatory=$False,HelpMessage='Determines whether this settings is enabled or disabled.)')] [bool] $enabled, [parameter(mandatory=$False,HelpMessage='The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.)')] [int] $anomalySettingsVersion, [parameter(mandatory=$False,HelpMessage='Security ML Analytics Settings resource name)')] [string] $settingsResourceName, [parameter(mandatory=$False,HelpMessage='The kind of security ML analytics settings Expected value is ''Anomaly''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The customizable observations of the AnomalySecurityMLAnalyticsSettings.)')] $customizableObservations, [parameter(mandatory=$False,HelpMessage='The display name for settings created by this SecurityMLAnalyticsSettings.)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='The anomaly SecurityMLAnalyticsSettings status)')] [string] [ValidateSet('Production', 'Flighting')] $settingsStatus, [parameter(mandatory=$False,HelpMessage='The anomaly version of the AnomalySecurityMLAnalyticsSettings.)')] [string] $anomalyVersion, [parameter(mandatory=$False,HelpMessage='The required data sources for this SecurityMLAnalyticsSettings)')] $requiredDataConnectors, [parameter(mandatory=$False,HelpMessage='The frequency that this SecurityMLAnalyticsSettings will be run.)')] [string] $frequency, [parameter(mandatory=$False,HelpMessage='The tactics of the SecurityMLAnalyticsSettings)')] $tactics, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The description of the SecurityMLAnalyticsSettings.)')] [string] $description, [parameter(mandatory=$False,HelpMessage='The anomaly settings definition Id)')] [string] $settingsDefinitionId, [parameter(mandatory=$False,HelpMessage='Determines whether this anomaly security ml analytics settings is a default settings)')] [bool] $isDefaultSettings, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["anomalyVersion"] = $anomalyVersion $resource.properties["displayName"] = $displayName $resource.properties["enabled"] = $enabled $resource.properties["frequency"] = $frequency $resource.properties["isDefaultSettings"] = $isDefaultSettings $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["settingsStatus"] = $settingsStatus $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'techniques') { $resource.properties["techniques"] = $techniques } if($PSBoundParameters.Keys -icontains 'anomalySettingsVersion') { $resource.properties["anomalySettingsVersion"] = $anomalySettingsVersion } if($PSBoundParameters.Keys -icontains 'settingsResourceName') { $resource.properties["settingsResourceName"] = $settingsResourceName } if($PSBoundParameters.Keys -icontains 'customizableObservations') { $resource.properties["customizableObservations"] = $customizableObservations } if($PSBoundParameters.Keys -icontains 'requiredDataConnectors') { $resource.properties["requiredDataConnectors"] = $requiredDataConnectors } if($PSBoundParameters.Keys -icontains 'tactics') { $resource.properties["tactics"] = $tactics } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'settingsDefinitionId') { $resource.properties["settingsDefinitionId"] = $settingsDefinitionId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsIncidentRelation { [Alias('azure_native_securityinsights_incidentrelation')] param ( [parameter(mandatory=$False,HelpMessage='Incident ID)')] [string] $incidentId, [parameter(mandatory=$False,HelpMessage='The resource ID of the related resource)')] [string] $relatedResourceId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Relation Name)')] [string] $relationName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:IncidentRelation") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["incidentId"] = $incidentId $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["relatedResourceId"] = $relatedResourceId $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'relationName') { $resource.properties["relationName"] = $relationName } $global:pulumiresources += $resource return $resource } } class OfficeDataConnectorDataTypesSharePoint { [ArgumentCompletions('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsOfficeDataConnectorDataTypesSharePoint { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([OfficeDataConnectorDataTypesSharePoint]$PSBoundParameters) } } class OfficeDataConnectorDataTypesTeams { [ArgumentCompletions('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsOfficeDataConnectorDataTypesTeams { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([OfficeDataConnectorDataTypesTeams]$PSBoundParameters) } } class OfficeDataConnectorDataTypesExchange { [ArgumentCompletions('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsOfficeDataConnectorDataTypesExchange { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([OfficeDataConnectorDataTypesExchange]$PSBoundParameters) } } class OfficeDataConnectorDataTypes { [OfficeDataConnectorDataTypesSharePoint] $sharePoint [OfficeDataConnectorDataTypesTeams] $teams [OfficeDataConnectorDataTypesExchange] $exchange } function New-AzureNativeTypeSecurityinsightsOfficeDataConnectorDataTypes { param ( [parameter(mandatory=$False,HelpMessage='SharePoint data type connection.)')] [OfficeDataConnectorDataTypesSharePoint] $sharePoint, [parameter(mandatory=$False,HelpMessage='Teams data type connection.)')] [OfficeDataConnectorDataTypesTeams] $teams, [parameter(mandatory=$False,HelpMessage='Exchange data type connection.)')] [OfficeDataConnectorDataTypesExchange] $exchange ) process { return $([OfficeDataConnectorDataTypes]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsOfficeDataConnector { [Alias('azure_native_securityinsights_officedataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''Office365''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [OfficeDataConnectorDataTypes] $dataTypes, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:OfficeDataConnector") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } $global:pulumiresources += $resource return $resource } } class ActivityEntityQueriesPropertiesQueryDefinitions { [string] $query } function New-AzureNativeTypeSecurityinsightsActivityEntityQueriesPropertiesQueryDefinitions { param ( [parameter(mandatory=$False,HelpMessage='The Activity query to run on a given entity)')] [string] $query ) process { return $([ActivityEntityQueriesPropertiesQueryDefinitions]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsActivityCustomEntityQuery { [Alias('azure_native_securityinsights_activitycustomentityquery')] param ( [parameter(mandatory=$False,HelpMessage='The Activity query definitions)')] [ActivityEntityQueriesPropertiesQueryDefinitions] $queryDefinitions, [parameter(mandatory=$False,HelpMessage='The kind of the entity query that supports put request. Expected value is ''Activity''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The entity query description)')] [string] $description, [parameter(mandatory=$False,HelpMessage='The entity query title)')] [string] $title, [parameter(mandatory=$False,HelpMessage='List of the fields of the source entity that are required to run the query)')] [array[]] $requiredInputFieldsSets, [parameter(mandatory=$False,HelpMessage='The type of the query''s source entity)')] [string] [ValidateSet('Account', 'Host', 'File', 'AzureResource', 'CloudApplication', 'DNS', 'FileHash', 'IP', 'Malware', 'Process', 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'URL', 'IoTDevice', 'SecurityAlert', 'HuntingBookmark', 'MailCluster', 'MailMessage', 'Mailbox', 'SubmissionMail')] $inputEntityType, [parameter(mandatory=$False,HelpMessage='entity query ID)')] [string] $entityQueryId, [parameter(mandatory=$False,HelpMessage='Determines whether this activity is enabled or disabled.)')] [bool] $enabled, [parameter(mandatory=$False,HelpMessage='The query applied only to entities matching to all filters)')] [object] $entitiesFilter, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The entity query content to display in timeline)')] [string] $content, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The template id this activity was created from)')] [string] $templateName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:ActivityCustomEntityQuery") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'queryDefinitions') { $resource.properties["queryDefinitions"] = $queryDefinitions } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'title') { $resource.properties["title"] = $title } if($PSBoundParameters.Keys -icontains 'requiredInputFieldsSets') { $resource.properties["requiredInputFieldsSets"] = $requiredInputFieldsSets } if($PSBoundParameters.Keys -icontains 'inputEntityType') { $resource.properties["inputEntityType"] = $inputEntityType } if($PSBoundParameters.Keys -icontains 'entityQueryId') { $resource.properties["entityQueryId"] = $entityQueryId } if($PSBoundParameters.Keys -icontains 'enabled') { $resource.properties["enabled"] = $enabled } if($PSBoundParameters.Keys -icontains 'entitiesFilter') { $resource.properties["entitiesFilter"] = $entitiesFilter } if($PSBoundParameters.Keys -icontains 'content') { $resource.properties["content"] = $content } if($PSBoundParameters.Keys -icontains 'templateName') { $resource.properties["templateName"] = $templateName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsAlertRule { [Alias('azure_native_securityinsights_alertrule')] param ( [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The alert rule kind)')] [string] [ValidateSet('Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion')] $kind, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AlertRule") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'ruleId') { $resource.properties["ruleId"] = $ruleId } $global:pulumiresources += $resource return $resource } } class MetadataCategories { [string[]] $domains [string[]] $verticals } function New-AzureNativeTypeSecurityinsightsMetadataCategories { param ( [parameter(mandatory=$False,HelpMessage='domain for the solution content item)')] [string[]] $domains, [parameter(mandatory=$False,HelpMessage='Industry verticals for the solution content item)')] [string[]] $verticals ) process { return $([MetadataCategories]$PSBoundParameters) } } class MetadataDependencies { [string] $contentId [ArgumentCompletions('DataConnector', 'DataType', 'Workbook', 'WorkbookTemplate', 'Playbook', 'PlaybookTemplate', 'AnalyticsRuleTemplate', 'AnalyticsRule', 'HuntingQuery', 'InvestigationQuery', 'Parser', 'Watchlist', 'WatchlistTemplate', 'Solution')] [string] $kind [MetadataDependencies[]] $criteria [string] $name [string] $version [ArgumentCompletions('AND', 'OR')] [string] $operator } function New-AzureNativeTypeSecurityinsightsMetadataDependencies { param ( [parameter(mandatory=$False,HelpMessage='Id of the content item we depend on)')] [string] $contentId, [parameter(mandatory=$False,HelpMessage='Type of the content item we depend on)')] [string] [ValidateSet('DataConnector', 'DataType', 'Workbook', 'WorkbookTemplate', 'Playbook', 'PlaybookTemplate', 'AnalyticsRuleTemplate', 'AnalyticsRule', 'HuntingQuery', 'InvestigationQuery', 'Parser', 'Watchlist', 'WatchlistTemplate', 'Solution')] $kind, [parameter(mandatory=$False,HelpMessage='This is the list of dependencies we must fulfill, according to the AND/OR operator)')] $criteria, [parameter(mandatory=$False,HelpMessage='Name of the content item)')] [string] $name, [parameter(mandatory=$False,HelpMessage='Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.)')] [string] $version, [parameter(mandatory=$False,HelpMessage='Operator used for list of dependencies in criteria array.)')] [string] [ValidateSet('AND', 'OR')] $operator ) process { return $([MetadataDependencies]$PSBoundParameters) } } class MetadataSource { [string] $sourceId [ArgumentCompletions('LocalWorkspace', 'Community', 'Solution', 'SourceRepository')] [string] $kind [string] $name } function New-AzureNativeTypeSecurityinsightsMetadataSource { param ( [parameter(mandatory=$False,HelpMessage='ID of the content source. The solution ID, workspace ID, etc)')] [string] $sourceId, [parameter(mandatory=$False,HelpMessage='Source type of the content)')] [string] [ValidateSet('LocalWorkspace', 'Community', 'Solution', 'SourceRepository')] $kind, [parameter(mandatory=$False,HelpMessage='Name of the content source. The repo name, solution name, LA workspace name etc.)')] [string] $name ) process { return $([MetadataSource]$PSBoundParameters) } } class MetadataAuthor { [string] $link [string] $email [string] $name } function New-AzureNativeTypeSecurityinsightsMetadataAuthor { param ( [parameter(mandatory=$False,HelpMessage='Link for author/vendor page)')] [string] $link, [parameter(mandatory=$False,HelpMessage='Email of author contact)')] [string] $email, [parameter(mandatory=$False,HelpMessage='Name of the author. Company or person.)')] [string] $name ) process { return $([MetadataAuthor]$PSBoundParameters) } } class MetadataSupport { [string] $link [string] $email [string] $name [ArgumentCompletions('Microsoft', 'Partner', 'Community')] [string] $tier } function New-AzureNativeTypeSecurityinsightsMetadataSupport { param ( [parameter(mandatory=$False,HelpMessage='Link for support help, like to support page to open a ticket etc.)')] [string] $link, [parameter(mandatory=$False,HelpMessage='Email of support contact)')] [string] $email, [parameter(mandatory=$False,HelpMessage='Name of the support contact. Company or person.)')] [string] $name, [parameter(mandatory=$False,HelpMessage='Type of support for content item)')] [string] [ValidateSet('Microsoft', 'Partner', 'Community')] $tier ) process { return $([MetadataSupport]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsMetadata { [Alias('azure_native_securityinsights_metadata')] param ( [parameter(mandatory=$False,HelpMessage='Categories for the solution content item)')] [MetadataCategories] $categories, [parameter(mandatory=$False,HelpMessage='last publish date for the solution content item)')] [string] $lastPublishDate, [parameter(mandatory=$False,HelpMessage='Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name)')] [string] $contentId, [parameter(mandatory=$False,HelpMessage='Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.)')] [MetadataDependencies] $dependencies, [parameter(mandatory=$False,HelpMessage='Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group))')] [string] $parentId, [parameter(mandatory=$False,HelpMessage='first publish date solution content item)')] [string] $firstPublishDate, [parameter(mandatory=$False,HelpMessage='Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks)')] [string] $version, [parameter(mandatory=$False,HelpMessage='Source of the content. This is where/how it was created.)')] [MetadataSource] $source, [parameter(mandatory=$False,HelpMessage='The creator of the content item.)')] [MetadataAuthor] $author, [parameter(mandatory=$False,HelpMessage='The Metadata name.)')] [string] $metadataName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='Support information for the metadata - type, name, contact information)')] [MetadataSupport] $support, [parameter(mandatory=$False,HelpMessage='The kind of content the metadata is for.)')] [string] [ValidateSet('DataConnector', 'DataType', 'Workbook', 'WorkbookTemplate', 'Playbook', 'PlaybookTemplate', 'AnalyticsRuleTemplate', 'AnalyticsRule', 'HuntingQuery', 'InvestigationQuery', 'Parser', 'Watchlist', 'WatchlistTemplate', 'Solution')] $kind, [parameter(mandatory=$False,HelpMessage='Providers for the solution content item)')] [string[]] $providers, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Metadata") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["parentId"] = $parentId $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'categories') { $resource.properties["categories"] = $categories } if($PSBoundParameters.Keys -icontains 'lastPublishDate') { $resource.properties["lastPublishDate"] = $lastPublishDate } if($PSBoundParameters.Keys -icontains 'contentId') { $resource.properties["contentId"] = $contentId } if($PSBoundParameters.Keys -icontains 'dependencies') { $resource.properties["dependencies"] = $dependencies } if($PSBoundParameters.Keys -icontains 'firstPublishDate') { $resource.properties["firstPublishDate"] = $firstPublishDate } if($PSBoundParameters.Keys -icontains 'version') { $resource.properties["version"] = $version } if($PSBoundParameters.Keys -icontains 'source') { $resource.properties["source"] = $source } if($PSBoundParameters.Keys -icontains 'author') { $resource.properties["author"] = $author } if($PSBoundParameters.Keys -icontains 'metadataName') { $resource.properties["metadataName"] = $metadataName } if($PSBoundParameters.Keys -icontains 'support') { $resource.properties["support"] = $support } if($PSBoundParameters.Keys -icontains 'providers') { $resource.properties["providers"] = $providers } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsFusionAlertRule { [Alias('azure_native_securityinsights_fusionalertrule')] param ( [parameter(mandatory=$False,HelpMessage='The Name of the alert rule template used to create this rule.)')] [string] $alertRuleTemplateName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Determines whether this alert rule is enabled or disabled.)')] [bool] $enabled, [parameter(mandatory=$False,HelpMessage='The kind of the alert rule Expected value is ''Fusion''.)')] [string] $kind, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:FusionAlertRule") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["alertRuleTemplateName"] = $alertRuleTemplateName $resource.properties["enabled"] = $enabled $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'ruleId') { $resource.properties["ruleId"] = $ruleId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsProductSetting { [Alias('azure_native_securityinsights_productsetting')] param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The kind of the setting)')] [string] [ValidateSet('Anomalies', 'EyesOn', 'EntityAnalytics', 'Ueba')] $kind, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:ProductSetting") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'settingsName') { $resource.properties["settingsName"] = $settingsName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsScheduledAlertRule { [Alias('azure_native_securityinsights_scheduledalertrule')] param ( [parameter(mandatory=$False,HelpMessage='Determines whether this alert rule is enabled or disabled.)')] [bool] $enabled, [parameter(mandatory=$False,HelpMessage='Alert rule ID)')] [string] $ruleId, [parameter(mandatory=$False,HelpMessage='The period (in ISO 8601 duration format) that this alert rule looks at.)')] [string] $queryPeriod, [parameter(mandatory=$False,HelpMessage='The threshold triggers this alert rule.)')] [int] $triggerThreshold, [parameter(mandatory=$False,HelpMessage='The kind of the alert rule Expected value is ''Scheduled''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The display name for alerts created by this alert rule.)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='The query that creates alerts for this rule.)')] [string] $query, [parameter(mandatory=$False,HelpMessage='The Name of the alert rule template used to create this rule.)')] [string] $alertRuleTemplateName, [parameter(mandatory=$False,HelpMessage='The frequency (in ISO 8601 duration format) for this alert rule to run.)')] [string] $queryFrequency, [parameter(mandatory=$False,HelpMessage='The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.)')] [string] $suppressionDuration, [parameter(mandatory=$False,HelpMessage='The tactics of the alert rule)')] $tactics, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Determines whether the suppression for this alert rule is enabled or disabled.)')] [bool] $suppressionEnabled, [parameter(mandatory=$False,HelpMessage='The description of the alert rule.)')] [string] $description, [parameter(mandatory=$False,HelpMessage='The operation against the threshold that triggers alert rule.)')] $triggerOperator, [parameter(mandatory=$False,HelpMessage='The severity for alerts created by this alert rule.)')] [string] [ValidateSet('High', 'Medium', 'Low', 'Informational')] $severity, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:ScheduledAlertRule") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["displayName"] = $displayName $resource.properties["enabled"] = $enabled $resource.properties["kind"] = $kind $resource.properties["query"] = $query $resource.properties["queryFrequency"] = $queryFrequency $resource.properties["queryPeriod"] = $queryPeriod $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["severity"] = $severity $resource.properties["suppressionDuration"] = $suppressionDuration $resource.properties["suppressionEnabled"] = $suppressionEnabled $resource.properties["triggerOperator"] = $triggerOperator $resource.properties["triggerThreshold"] = $triggerThreshold $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'ruleId') { $resource.properties["ruleId"] = $ruleId } if($PSBoundParameters.Keys -icontains 'alertRuleTemplateName') { $resource.properties["alertRuleTemplateName"] = $alertRuleTemplateName } if($PSBoundParameters.Keys -icontains 'tactics') { $resource.properties["tactics"] = $tactics } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } $global:pulumiresources += $resource return $resource } } class TIDataConnectorDataTypesIndicators { [ArgumentCompletions('Enabled', 'Disabled')] [string] $state } function New-AzureNativeTypeSecurityinsightsTIDataConnectorDataTypesIndicators { param ( [parameter(mandatory=$False,HelpMessage='Describe whether this data type connection is enabled or not.)')] [string] [ValidateSet('Enabled', 'Disabled')] $state ) process { return $([TIDataConnectorDataTypesIndicators]$PSBoundParameters) } } class TIDataConnectorDataTypes { [TIDataConnectorDataTypesIndicators] $indicators } function New-AzureNativeTypeSecurityinsightsTIDataConnectorDataTypes { param ( [parameter(mandatory=$False,HelpMessage='Data type for indicators connection.)')] [TIDataConnectorDataTypesIndicators] $indicators ) process { return $([TIDataConnectorDataTypes]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsTIDataConnector { [Alias('azure_native_securityinsights_tidataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''ThreatIntelligence''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [TIDataConnectorDataTypes] $dataTypes, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The lookback period for the feed to be imported.)')] [string] $tipLookbackPeriod, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:TIDataConnector") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } if($PSBoundParameters.Keys -icontains 'tipLookbackPeriod') { $resource.properties["tipLookbackPeriod"] = $tipLookbackPeriod } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsUeba { [Alias('azure_native_securityinsights_ueba')] param ( [parameter(mandatory=$False,HelpMessage='The kind of the setting Expected value is ''Ueba''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The relevant data sources that enriched by ueba)')] $dataSources, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:Ueba") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataSources') { $resource.properties["dataSources"] = $dataSources } if($PSBoundParameters.Keys -icontains 'settingsName') { $resource.properties["settingsName"] = $settingsName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsAADDataConnector { [Alias('azure_native_securityinsights_aaddataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''AzureActiveDirectory''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [AlertsDataTypeOfDataConnector] $dataTypes, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AADDataConnector") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsThreatIntelligenceIndicator { [Alias('azure_native_securityinsights_threatintelligenceindicator')] param ( [parameter(mandatory=$False,HelpMessage='External References)')] $externalReferences, [parameter(mandatory=$False,HelpMessage='Pattern type of a threat intelligence entity)')] [string] $patternType, [parameter(mandatory=$False,HelpMessage='Last updated time in UTC)')] [string] $lastUpdatedTimeUtc, [parameter(mandatory=$False,HelpMessage='Source of a threat intelligence entity)')] [string] $source, [parameter(mandatory=$False,HelpMessage='Threat intelligence indicator name field.)')] [string] $name, [parameter(mandatory=$False,HelpMessage='Pattern of a threat intelligence entity)')] [string] $pattern, [parameter(mandatory=$False,HelpMessage='Confidence of threat intelligence entity)')] [int] $confidence, [parameter(mandatory=$False,HelpMessage='Threat intelligence entity object marking references)')] [string[]] $objectMarkingRefs, [parameter(mandatory=$False,HelpMessage='The kind of the entity.)')] [string] [ValidateSet('indicator')] $kind, [parameter(mandatory=$False,HelpMessage='Extensions map)')] $extensions, [parameter(mandatory=$False,HelpMessage='Is threat intelligence entity revoked)')] [bool] $revoked, [parameter(mandatory=$False,HelpMessage='Created by)')] [string] $created, [parameter(mandatory=$False,HelpMessage='Language of threat intelligence entity)')] [string] $language, [parameter(mandatory=$False,HelpMessage='Display name of a threat intelligence entity)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='Indicator types of threat intelligence entities)')] [string[]] $indicatorTypes, [parameter(mandatory=$False,HelpMessage='Valid from)')] [string] $validFrom, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Threat types)')] [string[]] $threatTypes, [parameter(mandatory=$False,HelpMessage='List of tags)')] [string[]] $threatIntelligenceTags, [parameter(mandatory=$False,HelpMessage='Created by reference of threat intelligence entity)')] [string] $createdByRef, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='Labels of threat intelligence entity)')] [string[]] $labels, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='Granular Markings)')] $granularMarkings, [parameter(mandatory=$False,HelpMessage='Description of a threat intelligence entity)')] [string] $description, [parameter(mandatory=$False,HelpMessage='Parsed patterns)')] $parsedPattern, [parameter(mandatory=$False,HelpMessage='Modified by)')] [string] $modified, [parameter(mandatory=$False,HelpMessage='Pattern version of a threat intelligence entity)')] [string] $patternVersion, [parameter(mandatory=$False,HelpMessage='External ID of threat intelligence entity)')] [string] $externalId, [parameter(mandatory=$False,HelpMessage='Is threat intelligence entity defanged)')] [bool] $defanged, [parameter(mandatory=$False,HelpMessage='External last updated time in UTC)')] [string] $externalLastUpdatedTimeUtc, [parameter(mandatory=$False,HelpMessage='Kill chain phases)')] $killChainPhases, [parameter(mandatory=$False,HelpMessage='Valid until)')] [string] $validUntil, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:ThreatIntelligenceIndicator") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'externalReferences') { $resource.properties["externalReferences"] = $externalReferences } if($PSBoundParameters.Keys -icontains 'patternType') { $resource.properties["patternType"] = $patternType } if($PSBoundParameters.Keys -icontains 'lastUpdatedTimeUtc') { $resource.properties["lastUpdatedTimeUtc"] = $lastUpdatedTimeUtc } if($PSBoundParameters.Keys -icontains 'source') { $resource.properties["source"] = $source } if($PSBoundParameters.Keys -icontains 'name') { $resource.properties["name"] = $name } if($PSBoundParameters.Keys -icontains 'pattern') { $resource.properties["pattern"] = $pattern } if($PSBoundParameters.Keys -icontains 'confidence') { $resource.properties["confidence"] = $confidence } if($PSBoundParameters.Keys -icontains 'objectMarkingRefs') { $resource.properties["objectMarkingRefs"] = $objectMarkingRefs } if($PSBoundParameters.Keys -icontains 'extensions') { $resource.properties["extensions"] = $extensions } if($PSBoundParameters.Keys -icontains 'revoked') { $resource.properties["revoked"] = $revoked } if($PSBoundParameters.Keys -icontains 'created') { $resource.properties["created"] = $created } if($PSBoundParameters.Keys -icontains 'language') { $resource.properties["language"] = $language } if($PSBoundParameters.Keys -icontains 'displayName') { $resource.properties["displayName"] = $displayName } if($PSBoundParameters.Keys -icontains 'indicatorTypes') { $resource.properties["indicatorTypes"] = $indicatorTypes } if($PSBoundParameters.Keys -icontains 'validFrom') { $resource.properties["validFrom"] = $validFrom } if($PSBoundParameters.Keys -icontains 'threatTypes') { $resource.properties["threatTypes"] = $threatTypes } if($PSBoundParameters.Keys -icontains 'threatIntelligenceTags') { $resource.properties["threatIntelligenceTags"] = $threatIntelligenceTags } if($PSBoundParameters.Keys -icontains 'createdByRef') { $resource.properties["createdByRef"] = $createdByRef } if($PSBoundParameters.Keys -icontains 'labels') { $resource.properties["labels"] = $labels } if($PSBoundParameters.Keys -icontains 'granularMarkings') { $resource.properties["granularMarkings"] = $granularMarkings } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'parsedPattern') { $resource.properties["parsedPattern"] = $parsedPattern } if($PSBoundParameters.Keys -icontains 'modified') { $resource.properties["modified"] = $modified } if($PSBoundParameters.Keys -icontains 'patternVersion') { $resource.properties["patternVersion"] = $patternVersion } if($PSBoundParameters.Keys -icontains 'externalId') { $resource.properties["externalId"] = $externalId } if($PSBoundParameters.Keys -icontains 'defanged') { $resource.properties["defanged"] = $defanged } if($PSBoundParameters.Keys -icontains 'externalLastUpdatedTimeUtc') { $resource.properties["externalLastUpdatedTimeUtc"] = $externalLastUpdatedTimeUtc } if($PSBoundParameters.Keys -icontains 'killChainPhases') { $resource.properties["killChainPhases"] = $killChainPhases } if($PSBoundParameters.Keys -icontains 'validUntil') { $resource.properties["validUntil"] = $validUntil } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsDataConnector { [Alias('azure_native_securityinsights_dataconnector')] param ( [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The data connector kind)')] [string] [ValidateSet('AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSecurity', 'ThreatIntelligence', 'Office365', 'AmazonWebServicesCloudTrail', 'AzureAdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection')] $kind, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:DataConnector") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } $global:pulumiresources += $resource return $resource } } class ContentPathMap { [ArgumentCompletions('AnalyticRule', 'Workbook')] [string] $contentType [string] $path } function New-AzureNativeTypeSecurityinsightsContentPathMap { param ( [parameter(mandatory=$False,HelpMessage='Content type.)')] [string] [ValidateSet('AnalyticRule', 'Workbook')] $contentType, [parameter(mandatory=$False,HelpMessage='The path to the content.)')] [string] $path ) process { return $([ContentPathMap]$PSBoundParameters) } } class Repository { [string] $branch [string] $deploymentLogsUrl [ContentPathMap[]] $pathMapping [string] $url [string] $displayUrl } function New-AzureNativeTypeSecurityinsightsRepository { param ( [parameter(mandatory=$False,HelpMessage='Branch name of repository.)')] [string] $branch, [parameter(mandatory=$False,HelpMessage='Url to access repository action logs.)')] [string] $deploymentLogsUrl, [parameter(mandatory=$False,HelpMessage='Dictionary of source control content type and path mapping.)')] $pathMapping, [parameter(mandatory=$False,HelpMessage='Url of repository.)')] [string] $url, [parameter(mandatory=$False,HelpMessage='Display url of repository.)')] [string] $displayUrl ) process { return $([Repository]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsSourceControl { [Alias('azure_native_securityinsights_sourcecontrol')] param ( [parameter(mandatory=$False,HelpMessage='The display name of the source control)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='The id (a Guid) of the source control)')] [string] $id, [parameter(mandatory=$False,HelpMessage='A description of the source control)')] [string] $description, [parameter(mandatory=$False,HelpMessage='Repository metadata.)')] [Repository] $repository, [parameter(mandatory=$False,HelpMessage='The identity that last modified the resource.)')] [string] $lastModifiedBy, [parameter(mandatory=$False,HelpMessage='The timestamp of resource creation (UTC).)')] [string] $createdAt, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The type of identity that last modified the resource.)')] [string] [ValidateSet('User', 'Application', 'ManagedIdentity', 'Key')] $lastModifiedByType, [parameter(mandatory=$False,HelpMessage='The type of identity that created the resource.)')] [string] [ValidateSet('User', 'Application', 'ManagedIdentity', 'Key')] $createdByType, [parameter(mandatory=$False,HelpMessage='Source control Id)')] [string] $sourceControlId, [parameter(mandatory=$False,HelpMessage='The repository type of the source control)')] [string] [ValidateSet('Github', 'DevOps')] $repoType, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The timestamp of resource last modification (UTC))')] [string] $lastModifiedAt, [parameter(mandatory=$False,HelpMessage='The identity that created the resource.)')] [string] $createdBy, [parameter(mandatory=$False,HelpMessage='Array of source control content types.)')] $contentTypes, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:SourceControl") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["contentTypes"] = $contentTypes $resource.properties["displayName"] = $displayName $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["repoType"] = $repoType $resource.properties["repository"] = $repository $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'id') { $resource.properties["id"] = $id } if($PSBoundParameters.Keys -icontains 'description') { $resource.properties["description"] = $description } if($PSBoundParameters.Keys -icontains 'lastModifiedBy') { $resource.properties["lastModifiedBy"] = $lastModifiedBy } if($PSBoundParameters.Keys -icontains 'createdAt') { $resource.properties["createdAt"] = $createdAt } if($PSBoundParameters.Keys -icontains 'lastModifiedByType') { $resource.properties["lastModifiedByType"] = $lastModifiedByType } if($PSBoundParameters.Keys -icontains 'createdByType') { $resource.properties["createdByType"] = $createdByType } if($PSBoundParameters.Keys -icontains 'sourceControlId') { $resource.properties["sourceControlId"] = $sourceControlId } if($PSBoundParameters.Keys -icontains 'lastModifiedAt') { $resource.properties["lastModifiedAt"] = $lastModifiedAt } if($PSBoundParameters.Keys -icontains 'createdBy') { $resource.properties["createdBy"] = $createdBy } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsEntityAnalytics { [Alias('azure_native_securityinsights_entityanalytics')] param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The kind of the setting Expected value is ''EntityAnalytics''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba)')] [string] $settingsName, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:EntityAnalytics") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'settingsName') { $resource.properties["settingsName"] = $settingsName } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsASCDataConnector { [Alias('azure_native_securityinsights_ascdataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''AzureSecurityCenter''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [AlertsDataTypeOfDataConnector] $dataTypes, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The subscription id to connect to, and get the data from.)')] [string] $subscriptionId, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:ASCDataConnector") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } if($PSBoundParameters.Keys -icontains 'subscriptionId') { $resource.properties["subscriptionId"] = $subscriptionId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsMDATPDataConnector { [Alias('azure_native_securityinsights_mdatpdataconnector')] param ( [parameter(mandatory=$False,HelpMessage='The kind of the data connector Expected value is ''MicrosoftDefenderAdvancedThreatProtection''.)')] [string] $kind, [parameter(mandatory=$False,HelpMessage='The available data types for the connector.)')] [AlertsDataTypeOfDataConnector] $dataTypes, [parameter(mandatory=$False,HelpMessage='The tenant id to connect to, and get the data from.)')] [string] $tenantId, [parameter(mandatory=$False,HelpMessage='Connector ID)')] [string] $dataConnectorId, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:MDATPDataConnector") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'dataTypes') { $resource.properties["dataTypes"] = $dataTypes } if($PSBoundParameters.Keys -icontains 'tenantId') { $resource.properties["tenantId"] = $tenantId } if($PSBoundParameters.Keys -icontains 'dataConnectorId') { $resource.properties["dataConnectorId"] = $dataConnectorId } $global:pulumiresources += $resource return $resource } } class AutomationRulePropertyValuesConditionConditionProperties { [ArgumentCompletions('Equals', 'NotEquals', 'Contains', 'NotContains', 'StartsWith', 'NotStartsWith', 'EndsWith', 'NotEndsWith')] [string] $operator [string[]] $propertyValues [ArgumentCompletions('IncidentTitle', 'IncidentDescription', 'IncidentSeverity', 'IncidentStatus', 'IncidentTactics', 'IncidentRelatedAnalyticRuleIds', 'IncidentProviderName', 'AccountAadTenantId', 'AccountAadUserId', 'AccountName', 'AccountNTDomain', 'AccountPUID', 'AccountSid', 'AccountObjectGuid', 'AccountUPNSuffix', 'AzureResourceResourceId', 'AzureResourceSubscriptionId', 'CloudApplicationAppId', 'CloudApplicationAppName', 'DNSDomainName', 'FileDirectory', 'FileName', 'FileHashValue', 'HostAzureID', 'HostName', 'HostNetBiosName', 'HostNTDomain', 'HostOSVersion', 'IoTDeviceId', 'IoTDeviceName', 'IoTDeviceType', 'IoTDeviceVendor', 'IoTDeviceModel', 'IoTDeviceOperatingSystem', 'IPAddress', 'MailboxDisplayName', 'MailboxPrimaryAddress', 'MailboxUPN', 'MailMessageDeliveryAction', 'MailMessageDeliveryLocation', 'MailMessageRecipient', 'MailMessageSenderIP', 'MailMessageSubject', 'MailMessageP1Sender', 'MailMessageP2Sender', 'MalwareCategory', 'MalwareName', 'ProcessCommandLine', 'ProcessId', 'RegistryKey', 'RegistryValueData', 'Url')] [string] $propertyName } function New-AzureNativeTypeSecurityinsightsAutomationRulePropertyValuesConditionConditionProperties { param ( [parameter(mandatory=$False,HelpMessage='The operator to use for evaluation the condition)')] [string] [ValidateSet('Equals', 'NotEquals', 'Contains', 'NotContains', 'StartsWith', 'NotStartsWith', 'EndsWith', 'NotEndsWith')] $operator, [parameter(mandatory=$False,HelpMessage='The values to use for evaluating the condition)')] [string[]] $propertyValues, [parameter(mandatory=$False,HelpMessage='The property to evaluate)')] [string] [ValidateSet('IncidentTitle', 'IncidentDescription', 'IncidentSeverity', 'IncidentStatus', 'IncidentTactics', 'IncidentRelatedAnalyticRuleIds', 'IncidentProviderName', 'AccountAadTenantId', 'AccountAadUserId', 'AccountName', 'AccountNTDomain', 'AccountPUID', 'AccountSid', 'AccountObjectGuid', 'AccountUPNSuffix', 'AzureResourceResourceId', 'AzureResourceSubscriptionId', 'CloudApplicationAppId', 'CloudApplicationAppName', 'DNSDomainName', 'FileDirectory', 'FileName', 'FileHashValue', 'HostAzureID', 'HostName', 'HostNetBiosName', 'HostNTDomain', 'HostOSVersion', 'IoTDeviceId', 'IoTDeviceName', 'IoTDeviceType', 'IoTDeviceVendor', 'IoTDeviceModel', 'IoTDeviceOperatingSystem', 'IPAddress', 'MailboxDisplayName', 'MailboxPrimaryAddress', 'MailboxUPN', 'MailMessageDeliveryAction', 'MailMessageDeliveryLocation', 'MailMessageRecipient', 'MailMessageSenderIP', 'MailMessageSubject', 'MailMessageP1Sender', 'MailMessageP2Sender', 'MalwareCategory', 'MalwareName', 'ProcessCommandLine', 'ProcessId', 'RegistryKey', 'RegistryValueData', 'Url')] $propertyName ) process { return $([AutomationRulePropertyValuesConditionConditionProperties]$PSBoundParameters) } } class AutomationRulePropertyValuesCondition { [AutomationRulePropertyValuesConditionConditionProperties] $conditionProperties [string] $conditionType } function New-AzureNativeTypeSecurityinsightsAutomationRulePropertyValuesCondition { param ( [parameter(mandatory=$False,HelpMessage='The configuration of the automation rule condition)')] [AutomationRulePropertyValuesConditionConditionProperties] $conditionProperties, [parameter(mandatory=$False,HelpMessage='The type of the automation rule condition Expected value is ''Property''.)')] [string] $conditionType ) process { return $([AutomationRulePropertyValuesCondition]$PSBoundParameters) } } class AutomationRuleTriggeringLogic { [ArgumentCompletions('Incidents')] [string] $triggersOn [string] $expirationTimeUtc [AutomationRulePropertyValuesCondition[]] $conditions [ArgumentCompletions('Created')] [string] $triggersWhen [bool] $isEnabled } function New-AzureNativeTypeSecurityinsightsAutomationRuleTriggeringLogic { param ( [parameter(mandatory=$False,HelpMessage='The type of object the automation rule triggers on)')] [string] [ValidateSet('Incidents')] $triggersOn, [parameter(mandatory=$False,HelpMessage='Determines when the automation rule should automatically expire and be disabled.)')] [string] $expirationTimeUtc, [parameter(mandatory=$False,HelpMessage='The conditions to evaluate to determine if the automation rule should be triggered on a given object)')] $conditions, [parameter(mandatory=$False,HelpMessage='The type of event the automation rule triggers on)')] [string] [ValidateSet('Created')] $triggersWhen, [parameter(mandatory=$False,HelpMessage='Determines whether the automation rule is enabled or disabled.)')] [bool] $isEnabled ) process { return $([AutomationRuleTriggeringLogic]$PSBoundParameters) } } function New-AzureNativeSecurityinsightsAutomationRule { [Alias('azure_native_securityinsights_automationrule')] param ( [parameter(mandatory=$False,HelpMessage='The actions to execute when the automation rule is triggered)')] $actions, [parameter(mandatory=$False,HelpMessage='The display name of the automation rule)')] [string] $displayName, [parameter(mandatory=$False,HelpMessage='Automation rule ID)')] [string] $automationRuleId, [parameter(mandatory=$False,HelpMessage='The triggering logic of the automation rule)')] [AutomationRuleTriggeringLogic] $triggeringLogic, [parameter(mandatory=$False,HelpMessage='The order of execution of the automation rule)')] [int] $order, [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='The name of the resource group within the user''s subscription. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:AutomationRule") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["actions"] = $actions $resource.properties["displayName"] = $displayName $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["order"] = $order $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["triggeringLogic"] = $triggeringLogic $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'automationRuleId') { $resource.properties["automationRuleId"] = $automationRuleId } $global:pulumiresources += $resource return $resource } } function New-AzureNativeSecurityinsightsEntityQuery { [Alias('azure_native_securityinsights_entityquery')] param ( [parameter(mandatory=$False,HelpMessage='The namespace of workspaces resource provider- Microsoft.OperationalInsights.)')] [string] $operationalInsightsResourceProvider, [parameter(mandatory=$False,HelpMessage='The name of the workspace.)')] [string] $workspaceName, [parameter(mandatory=$False,HelpMessage='the entity query kind)')] [string] [ValidateSet('Activity')] $kind, [parameter(mandatory=$False,HelpMessage='entity query ID)')] [string] $entityQueryId, [parameter(mandatory=$False,HelpMessage='The name of the resource group. The name is case insensitive.)')] [string] $resourceGroupName, [parameter(mandatory,HelpMessage='The reference to call when you want to make a dependency to another resource')] [string] $pulumiid, [parameter(mandatory,HelpMessage='Pass in the resources you make to make this resource dependant on')] [object] $DependsOn ) process { $resource = [pulumiresource]::new($pulumiid, "azure-native:securityinsights:EntityQuery") foreach($Dependency in $DependsOn) { if($Dependency -is [pulumiresource]) { $resource.dependson += $Dependency.Reference() } else { $resource.dependson += $Dependency } } $resource.properties["kind"] = $kind $resource.properties["operationalInsightsResourceProvider"] = $operationalInsightsResourceProvider $resource.properties["resourceGroupName"] = $resourceGroupName $resource.properties["workspaceName"] = $workspaceName if($PSBoundParameters.Keys -icontains 'entityQueryId') { $resource.properties["entityQueryId"] = $entityQueryId } $global:pulumiresources += $resource return $resource } } |