Microsoft.SecurityInsights settings 2022-11-01-preview
Bicep resource definition
The settings resource type is an extension resource, which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SecurityInsights/settings resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.SecurityInsights/settings@2022-11-01-preview' = {
name: 'string'
kind: 'string'
scope: resourceSymbolicName
etag: 'string'
// For remaining properties, see settings objects
}
settings objects
Set the kind property to specify the type of object.
For Anomalies, use:
kind: 'Anomalies'
properties: {}
For EntityAnalytics, use:
kind: 'EntityAnalytics'
properties: {
entityProviders: [
'string'
]
}
For EyesOn, use:
kind: 'EyesOn'
properties: {}
For Ueba, use:
kind: 'Ueba'
properties: {
dataSources: [
'string'
]
}
Property values
settings
Name | Description | Value |
---|---|---|
name | The resource name | string (required) |
kind | Set the object type | Anomalies EntityAnalytics EyesOn Ueba (required) |
scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource. |
etag | Etag of the azure resource | string |
Anomalies
Name | Description | Value |
---|---|---|
kind | The kind of the setting | 'Anomalies' (required) |
properties | Anomalies properties | AnomaliesSettingsProperties |
AnomaliesSettingsProperties
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
EntityAnalytics
Name | Description | Value |
---|---|---|
kind | The kind of the setting | 'EntityAnalytics' (required) |
properties | EntityAnalytics properties | EntityAnalyticsProperties |
EntityAnalyticsProperties
Name | Description | Value |
---|---|---|
entityProviders | The relevant entity providers that are synced | String array containing any of: 'ActiveDirectory' 'AzureActiveDirectory' |
EyesOn
Name | Description | Value |
---|---|---|
kind | The kind of the setting | 'EyesOn' (required) |
properties | EyesOn properties | EyesOnSettingsProperties |
EyesOnSettingsProperties
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Ueba
Name | Description | Value |
---|---|---|
kind | The kind of the setting | 'Ueba' (required) |
properties | Ueba properties | UebaProperties |
UebaProperties
Name | Description | Value |
---|---|---|
dataSources | The relevant data sources that enriched by ueba | String array containing any of: 'AuditLogs' 'AzureActivity' 'SecurityEvent' 'SigninLogs' |
ARM template resource definition
The settings resource type is an extension resource, which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SecurityInsights/settings resource, add the following JSON to your template.
{
"type": "Microsoft.SecurityInsights/settings",
"apiVersion": "2022-11-01-preview",
"name": "string",
"kind": "string",
"scope": "string",
"etag": "string",
// For remaining properties, see settings objects
}
settings objects
Set the kind property to specify the type of object.
For Anomalies, use:
"kind": "Anomalies",
"properties": {}
For EntityAnalytics, use:
"kind": "EntityAnalytics",
"properties": {
"entityProviders": [ "string" ]
}
For EyesOn, use:
"kind": "EyesOn",
"properties": {}
For Ueba, use:
"kind": "Ueba",
"properties": {
"dataSources": [ "string" ]
}
Property values
settings
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.SecurityInsights/settings' |
apiVersion | The resource api version | '2022-11-01-preview' |
name | The resource name | string (required) |
kind | Set the object type | Anomalies EntityAnalytics EyesOn Ueba (required) |
scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
etag | Etag of the azure resource | string |
Anomalies
Name | Description | Value |
---|---|---|
kind | The kind of the setting | 'Anomalies' (required) |
properties | Anomalies properties | AnomaliesSettingsProperties |
AnomaliesSettingsProperties
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
EntityAnalytics
Name | Description | Value |
---|---|---|
kind | The kind of the setting | 'EntityAnalytics' (required) |
properties | EntityAnalytics properties | EntityAnalyticsProperties |
EntityAnalyticsProperties
Name | Description | Value |
---|---|---|
entityProviders | The relevant entity providers that are synced | String array containing any of: 'ActiveDirectory' 'AzureActiveDirectory' |
EyesOn
Name | Description | Value |
---|---|---|
kind | The kind of the setting | 'EyesOn' (required) |
properties | EyesOn properties | EyesOnSettingsProperties |
EyesOnSettingsProperties
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Ueba
Name | Description | Value |
---|---|---|
kind | The kind of the setting | 'Ueba' (required) |
properties | Ueba properties | UebaProperties |
UebaProperties
Name | Description | Value |
---|---|---|
dataSources | The relevant data sources that enriched by ueba | String array containing any of: 'AuditLogs' 'AzureActivity' 'SecurityEvent' 'SigninLogs' |
Terraform (AzAPI provider) resource definition
The settings resource type is an extension resource, which means you can apply it to another resource.
Use the parent_id
property on this resource to set the scope for this resource.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SecurityInsights/settings resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.SecurityInsights/settings@2022-11-01-preview"
name = "string"
parent_id = "string"
// For remaining properties, see settings objects
body = jsonencode({
kind = "string"
etag = "string"
})
}
settings objects
Set the kind property to specify the type of object.
For Anomalies, use:
kind = "Anomalies"
properties = {}
For EntityAnalytics, use:
kind = "EntityAnalytics"
properties = {
entityProviders = [
"string"
]
}
For EyesOn, use:
kind = "EyesOn"
properties = {}
For Ueba, use:
kind = "Ueba"
properties = {
dataSources = [
"string"
]
}
Property values
settings
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.SecurityInsights/settings@2022-11-01-preview" |
name | The resource name | string (required) |
parent_id | The ID of the resource to apply this extension resource to. | string (required) |
kind | Set the object type | Anomalies EntityAnalytics EyesOn Ueba (required) |
etag | Etag of the azure resource | string |
Anomalies
Name | Description | Value |
---|---|---|
kind | The kind of the setting | "Anomalies" (required) |
properties | Anomalies properties | AnomaliesSettingsProperties |
AnomaliesSettingsProperties
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
EntityAnalytics
Name | Description | Value |
---|---|---|
kind | The kind of the setting | "EntityAnalytics" (required) |
properties | EntityAnalytics properties | EntityAnalyticsProperties |
EntityAnalyticsProperties
Name | Description | Value |
---|---|---|
entityProviders | The relevant entity providers that are synced | String array containing any of: "ActiveDirectory" "AzureActiveDirectory" |
EyesOn
Name | Description | Value |
---|---|---|
kind | The kind of the setting | "EyesOn" (required) |
properties | EyesOn properties | EyesOnSettingsProperties |
EyesOnSettingsProperties
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Ueba
Name | Description | Value |
---|---|---|
kind | The kind of the setting | "Ueba" (required) |
properties | Ueba properties | UebaProperties |
UebaProperties
Name | Description | Value |
---|---|---|
dataSources | The relevant data sources that enriched by ueba | String array containing any of: "AuditLogs" "AzureActivity" "SecurityEvent" "SigninLogs" |
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for