Microsoft.SecurityInsights securityMLAnalyticsSettings 2022-06-01-preview
Bicep resource definition
The securityMLAnalyticsSettings resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SecurityInsights/securityMLAnalyticsSettings resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.SecurityInsights/securityMLAnalyticsSettings@2022-06-01-preview' = {
name: 'string'
kind: 'string'
scope: resourceSymbolicName
etag: 'string'
// For remaining properties, see securityMLAnalyticsSettings objects
}
securityMLAnalyticsSettings objects
Set the kind property to specify the type of object.
For Anomaly, use:
kind: 'Anomaly'
properties: {
anomalySettingsVersion: int
anomalyVersion: 'string'
customizableObservations: any()
description: 'string'
displayName: 'string'
enabled: bool
frequency: 'string'
isDefaultSettings: bool
requiredDataConnectors: [
{
connectorId: 'string'
dataTypes: [
'string'
]
}
]
settingsDefinitionId: 'string'
settingsStatus: 'string'
tactics: [
'string'
]
techniques: [
'string'
]
}
Property values
securityMLAnalyticsSettings
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| kind | Set the object type | Anomaly (required) |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource. |
| etag | Etag of the azure resource | string |
AnomalySecurityMLAnalyticsSettings
| Name | Description | Value |
|---|---|---|
| kind | The kind of security ML Analytics Settings | 'Anomaly' (required) |
| properties | Anomaly Security ML Analytics Settings properties | AnomalySecurityMLAnalyticsSettingsProperties |
AnomalySecurityMLAnalyticsSettingsProperties
| Name | Description | Value |
|---|---|---|
| anomalySettingsVersion | The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not. | int |
| anomalyVersion | The anomaly version of the AnomalySecurityMLAnalyticsSettings. | string (required) |
| customizableObservations | The customizable observations of the AnomalySecurityMLAnalyticsSettings. | For Bicep, you can use the any() function. |
| description | The description of the SecurityMLAnalyticsSettings. | string |
| displayName | The display name for settings created by this SecurityMLAnalyticsSettings. | string (required) |
| enabled | Determines whether this settings is enabled or disabled. | bool (required) |
| frequency | The frequency that this SecurityMLAnalyticsSettings will be run. | string (required) |
| isDefaultSettings | Determines whether this anomaly security ml analytics settings is a default settings | bool (required) |
| requiredDataConnectors | The required data sources for this SecurityMLAnalyticsSettings | SecurityMLAnalyticsSettingsDataSource[] |
| settingsDefinitionId | The anomaly settings definition Id | string |
| settingsStatus | The anomaly SecurityMLAnalyticsSettings status | 'Flighting' 'Production' (required) |
| tactics | The tactics of the SecurityMLAnalyticsSettings | String array containing any of: 'Collection' 'CommandAndControl' 'CredentialAccess' 'DefenseEvasion' 'Discovery' 'Execution' 'Exfiltration' 'Impact' 'ImpairProcessControl' 'InhibitResponseFunction' 'InitialAccess' 'LateralMovement' 'Persistence' 'PreAttack' 'PrivilegeEscalation' 'Reconnaissance' 'ResourceDevelopment' |
| techniques | The techniques of the SecurityMLAnalyticsSettings | string[] |
SecurityMLAnalyticsSettingsDataSource
| Name | Description | Value |
|---|---|---|
| connectorId | The connector id that provides the following data types | string |
| dataTypes | The data types used by the security ml analytics settings | string[] |
ARM template resource definition
The securityMLAnalyticsSettings resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SecurityInsights/securityMLAnalyticsSettings resource, add the following JSON to your template.
{
"type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings",
"apiVersion": "2022-06-01-preview",
"name": "string",
"kind": "string",
"scope": "string",
"etag": "string",
// For remaining properties, see securityMLAnalyticsSettings objects
}
securityMLAnalyticsSettings objects
Set the kind property to specify the type of object.
For Anomaly, use:
"kind": "Anomaly",
"properties": {
"anomalySettingsVersion": "int",
"anomalyVersion": "string",
"customizableObservations": {},
"description": "string",
"displayName": "string",
"enabled": "bool",
"frequency": "string",
"isDefaultSettings": "bool",
"requiredDataConnectors": [
{
"connectorId": "string",
"dataTypes": [ "string" ]
}
],
"settingsDefinitionId": "string",
"settingsStatus": "string",
"tactics": [ "string" ],
"techniques": [ "string" ]
}
Property values
securityMLAnalyticsSettings
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.SecurityInsights/securityMLAnalyticsSettings' |
| apiVersion | The resource api version | '2022-06-01-preview' |
| name | The resource name | string (required) |
| kind | Set the object type | Anomaly (required) |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
| etag | Etag of the azure resource | string |
AnomalySecurityMLAnalyticsSettings
| Name | Description | Value |
|---|---|---|
| kind | The kind of security ML Analytics Settings | 'Anomaly' (required) |
| properties | Anomaly Security ML Analytics Settings properties | AnomalySecurityMLAnalyticsSettingsProperties |
AnomalySecurityMLAnalyticsSettingsProperties
| Name | Description | Value |
|---|---|---|
| anomalySettingsVersion | The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not. | int |
| anomalyVersion | The anomaly version of the AnomalySecurityMLAnalyticsSettings. | string (required) |
| customizableObservations | The customizable observations of the AnomalySecurityMLAnalyticsSettings. | |
| description | The description of the SecurityMLAnalyticsSettings. | string |
| displayName | The display name for settings created by this SecurityMLAnalyticsSettings. | string (required) |
| enabled | Determines whether this settings is enabled or disabled. | bool (required) |
| frequency | The frequency that this SecurityMLAnalyticsSettings will be run. | string (required) |
| isDefaultSettings | Determines whether this anomaly security ml analytics settings is a default settings | bool (required) |
| requiredDataConnectors | The required data sources for this SecurityMLAnalyticsSettings | SecurityMLAnalyticsSettingsDataSource[] |
| settingsDefinitionId | The anomaly settings definition Id | string |
| settingsStatus | The anomaly SecurityMLAnalyticsSettings status | 'Flighting' 'Production' (required) |
| tactics | The tactics of the SecurityMLAnalyticsSettings | String array containing any of: 'Collection' 'CommandAndControl' 'CredentialAccess' 'DefenseEvasion' 'Discovery' 'Execution' 'Exfiltration' 'Impact' 'ImpairProcessControl' 'InhibitResponseFunction' 'InitialAccess' 'LateralMovement' 'Persistence' 'PreAttack' 'PrivilegeEscalation' 'Reconnaissance' 'ResourceDevelopment' |
| techniques | The techniques of the SecurityMLAnalyticsSettings | string[] |
SecurityMLAnalyticsSettingsDataSource
| Name | Description | Value |
|---|---|---|
| connectorId | The connector id that provides the following data types | string |
| dataTypes | The data types used by the security ml analytics settings | string[] |
Terraform (AzAPI provider) resource definition
The securityMLAnalyticsSettings resource type is an extension resource, which means you can apply it to another resource.
Use the parent_id property on this resource to set the scope for this resource.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SecurityInsights/securityMLAnalyticsSettings resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.SecurityInsights/securityMLAnalyticsSettings@2022-06-01-preview"
name = "string"
parent_id = "string"
// For remaining properties, see securityMLAnalyticsSettings objects
body = jsonencode({
kind = "string"
etag = "string"
})
}
securityMLAnalyticsSettings objects
Set the kind property to specify the type of object.
For Anomaly, use:
kind = "Anomaly"
properties = {
anomalySettingsVersion = int
anomalyVersion = "string"
description = "string"
displayName = "string"
enabled = bool
frequency = "string"
isDefaultSettings = bool
requiredDataConnectors = [
{
connectorId = "string"
dataTypes = [
"string"
]
}
]
settingsDefinitionId = "string"
settingsStatus = "string"
tactics = [
"string"
]
techniques = [
"string"
]
}
Property values
securityMLAnalyticsSettings
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.SecurityInsights/securityMLAnalyticsSettings@2022-06-01-preview" |
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| kind | Set the object type | Anomaly (required) |
| etag | Etag of the azure resource | string |
AnomalySecurityMLAnalyticsSettings
| Name | Description | Value |
|---|---|---|
| kind | The kind of security ML Analytics Settings | "Anomaly" (required) |
| properties | Anomaly Security ML Analytics Settings properties | AnomalySecurityMLAnalyticsSettingsProperties |
AnomalySecurityMLAnalyticsSettingsProperties
| Name | Description | Value |
|---|---|---|
| anomalySettingsVersion | The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not. | int |
| anomalyVersion | The anomaly version of the AnomalySecurityMLAnalyticsSettings. | string (required) |
| customizableObservations | The customizable observations of the AnomalySecurityMLAnalyticsSettings. | |
| description | The description of the SecurityMLAnalyticsSettings. | string |
| displayName | The display name for settings created by this SecurityMLAnalyticsSettings. | string (required) |
| enabled | Determines whether this settings is enabled or disabled. | bool (required) |
| frequency | The frequency that this SecurityMLAnalyticsSettings will be run. | string (required) |
| isDefaultSettings | Determines whether this anomaly security ml analytics settings is a default settings | bool (required) |
| requiredDataConnectors | The required data sources for this SecurityMLAnalyticsSettings | SecurityMLAnalyticsSettingsDataSource[] |
| settingsDefinitionId | The anomaly settings definition Id | string |
| settingsStatus | The anomaly SecurityMLAnalyticsSettings status | "Flighting" "Production" (required) |
| tactics | The tactics of the SecurityMLAnalyticsSettings | String array containing any of: "Collection" "CommandAndControl" "CredentialAccess" "DefenseEvasion" "Discovery" "Execution" "Exfiltration" "Impact" "ImpairProcessControl" "InhibitResponseFunction" "InitialAccess" "LateralMovement" "Persistence" "PreAttack" "PrivilegeEscalation" "Reconnaissance" "ResourceDevelopment" |
| techniques | The techniques of the SecurityMLAnalyticsSettings | string[] |
SecurityMLAnalyticsSettingsDataSource
| Name | Description | Value |
|---|---|---|
| connectorId | The connector id that provides the following data types | string |
| dataTypes | The data types used by the security ml analytics settings | string[] |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for