pulumi-azure-native 2.66.0a1728396986__py3-none-any.whl → 2.66.0a1728463590__py3-none-any.whl

pulumi_azure_native/elastic/v20241001preview/tag_rule.py

@@ -0,0 +1,221 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from ... import _utilities
+from . import outputs
+from ._enums import *
+from ._inputs import *
+
+__all__ = ['TagRuleArgs', 'TagRule']
+
+@pulumi.input_type
+class TagRuleArgs:
+    def __init__(__self__, *,
+                 monitor_name: pulumi.Input[str],
+                 resource_group_name: pulumi.Input[str],
+                 properties: Optional[pulumi.Input['MonitoringTagRulesPropertiesArgs']] = None,
+                 rule_set_name: Optional[pulumi.Input[str]] = None):
+        """
+        The set of arguments for constructing a TagRule resource.
+        :param pulumi.Input[str] monitor_name: Monitor resource name
+        :param pulumi.Input[str] resource_group_name: The name of the resource group. The name is case insensitive.
+        :param pulumi.Input['MonitoringTagRulesPropertiesArgs'] properties: Properties of the monitoring tag rules.
+        :param pulumi.Input[str] rule_set_name: Tag Rule Set resource name
+        """
+        pulumi.set(__self__, "monitor_name", monitor_name)
+        pulumi.set(__self__, "resource_group_name", resource_group_name)
+        if properties is not None:
+            pulumi.set(__self__, "properties", properties)
+        if rule_set_name is not None:
+            pulumi.set(__self__, "rule_set_name", rule_set_name)
+
+    @property
+    @pulumi.getter(name="monitorName")
+    def monitor_name(self) -> pulumi.Input[str]:
+        """
+        Monitor resource name
+        """
+        return pulumi.get(self, "monitor_name")
+
+    @monitor_name.setter
+    def monitor_name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "monitor_name", value)
+
+    @property
+    @pulumi.getter(name="resourceGroupName")
+    def resource_group_name(self) -> pulumi.Input[str]:
+        """
+        The name of the resource group. The name is case insensitive.
+        """
+        return pulumi.get(self, "resource_group_name")
+
+    @resource_group_name.setter
+    def resource_group_name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "resource_group_name", value)
+
+    @property
+    @pulumi.getter
+    def properties(self) -> Optional[pulumi.Input['MonitoringTagRulesPropertiesArgs']]:
+        """
+        Properties of the monitoring tag rules.
+        """
+        return pulumi.get(self, "properties")
+
+    @properties.setter
+    def properties(self, value: Optional[pulumi.Input['MonitoringTagRulesPropertiesArgs']]):
+        pulumi.set(self, "properties", value)
+
+    @property
+    @pulumi.getter(name="ruleSetName")
+    def rule_set_name(self) -> Optional[pulumi.Input[str]]:
+        """
+        Tag Rule Set resource name
+        """
+        return pulumi.get(self, "rule_set_name")
+
+    @rule_set_name.setter
+    def rule_set_name(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "rule_set_name", value)
+
+
+class TagRule(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 monitor_name: Optional[pulumi.Input[str]] = None,
+                 properties: Optional[pulumi.Input[Union['MonitoringTagRulesPropertiesArgs', 'MonitoringTagRulesPropertiesArgsDict']]] = None,
+                 resource_group_name: Optional[pulumi.Input[str]] = None,
+                 rule_set_name: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        """
+        Capture logs and metrics of Azure resources based on ARM tags.
+
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[str] monitor_name: Monitor resource name
+        :param pulumi.Input[Union['MonitoringTagRulesPropertiesArgs', 'MonitoringTagRulesPropertiesArgsDict']] properties: Properties of the monitoring tag rules.
+        :param pulumi.Input[str] resource_group_name: The name of the resource group. The name is case insensitive.
+        :param pulumi.Input[str] rule_set_name: Tag Rule Set resource name
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: TagRuleArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Capture logs and metrics of Azure resources based on ARM tags.
+
+        :param str resource_name: The name of the resource.
+        :param TagRuleArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(TagRuleArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 monitor_name: Optional[pulumi.Input[str]] = None,
+                 properties: Optional[pulumi.Input[Union['MonitoringTagRulesPropertiesArgs', 'MonitoringTagRulesPropertiesArgsDict']]] = None,
+                 resource_group_name: Optional[pulumi.Input[str]] = None,
+                 rule_set_name: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = TagRuleArgs.__new__(TagRuleArgs)
+
+            if monitor_name is None and not opts.urn:
+                raise TypeError("Missing required property 'monitor_name'")
+            __props__.__dict__["monitor_name"] = monitor_name
+            __props__.__dict__["properties"] = properties
+            if resource_group_name is None and not opts.urn:
+                raise TypeError("Missing required property 'resource_group_name'")
+            __props__.__dict__["resource_group_name"] = resource_group_name
+            __props__.__dict__["rule_set_name"] = rule_set_name
+            __props__.__dict__["name"] = None
+            __props__.__dict__["system_data"] = None
+            __props__.__dict__["type"] = None
+        alias_opts = pulumi.ResourceOptions(aliases=[pulumi.Alias(type_="azure-native:elastic:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20200701:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20200701preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20210901preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20211001preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20220505preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20220701preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20220901preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20230201preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20230501preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20230601:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20230615preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20230701preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20231001preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20231101preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20240101preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20240301:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20240501preview:TagRule"), pulumi.Alias(type_="azure-native:elastic/v20240615preview:TagRule")])
+        opts = pulumi.ResourceOptions.merge(opts, alias_opts)
+        super(TagRule, __self__).__init__(
+            'azure-native:elastic/v20241001preview:TagRule',
+            resource_name,
+            __props__,
+            opts)
+
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None) -> 'TagRule':
+        """
+        Get an existing TagRule resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+        __props__ = TagRuleArgs.__new__(TagRuleArgs)
+
+        __props__.__dict__["name"] = None
+        __props__.__dict__["properties"] = None
+        __props__.__dict__["system_data"] = None
+        __props__.__dict__["type"] = None
+        return TagRule(resource_name, opts=opts, __props__=__props__)
+
+    @property
+    @pulumi.getter
+    def name(self) -> pulumi.Output[str]:
+        """
+        Name of the rule set.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter
+    def properties(self) -> pulumi.Output['outputs.MonitoringTagRulesPropertiesResponse']:
+        """
+        Properties of the monitoring tag rules.
+        """
+        return pulumi.get(self, "properties")
+
+    @property
+    @pulumi.getter(name="systemData")
+    def system_data(self) -> pulumi.Output['outputs.SystemDataResponse']:
+        """
+        The system metadata relating to this resource
+        """
+        return pulumi.get(self, "system_data")
+
+    @property
+    @pulumi.getter
+    def type(self) -> pulumi.Output[str]:
+        """
+        The type of the rule set.
+        """
+        return pulumi.get(self, "type")
+

pulumi_azure_native/hybridconnectivity/outputs.py

@@ -32,8 +32,12 @@ class AwsCloudProfileResponse(dict):
     @staticmethod
     def __key_warning(key: str):
         suggest = None
-        if key == "excludedAccounts":
+        if key == "accountId":
+            suggest = "account_id"
+        elif key == "excludedAccounts":
             suggest = "excluded_accounts"
+        elif key == "isOrganizationalAccount":
+            suggest = "is_organizational_account"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in AwsCloudProfileResponse. Access the value via the '{suggest}' property getter instead.")
@@ -47,13 +51,30 @@ class AwsCloudProfileResponse(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 excluded_accounts: Optional[Sequence[str]] = None):
+                 account_id: str,
+                 excluded_accounts: Optional[Sequence[str]] = None,
+                 is_organizational_account: Optional[bool] = None):
         """
         cloud profile for AWS.
+        :param str account_id: Account id for the AWS account.
         :param Sequence[str] excluded_accounts: List of AWS accounts which need to be excluded.
+        :param bool is_organizational_account: Boolean value that indicates whether the account is organizational or not. True represents organization account, whereas false represents a single account.
         """
+        pulumi.set(__self__, "account_id", account_id)
         if excluded_accounts is not None:
             pulumi.set(__self__, "excluded_accounts", excluded_accounts)
+        if is_organizational_account is None:
+            is_organizational_account = False
+        if is_organizational_account is not None:
+            pulumi.set(__self__, "is_organizational_account", is_organizational_account)
+
+    @property
+    @pulumi.getter(name="accountId")
+    def account_id(self) -> str:
+        """
+        Account id for the AWS account.
+        """
+        return pulumi.get(self, "account_id")
 
     @property
     @pulumi.getter(name="excludedAccounts")
@@ -63,6 +84,14 @@ class AwsCloudProfileResponse(dict):
         """
         return pulumi.get(self, "excluded_accounts")
 
+    @property
+    @pulumi.getter(name="isOrganizationalAccount")
+    def is_organizational_account(self) -> Optional[bool]:
+        """
+        Boolean value that indicates whether the account is organizational or not. True represents organization account, whereas false represents a single account.
+        """
+        return pulumi.get(self, "is_organizational_account")
+
 
 @pulumi.output_type
 class EndpointPropertiesResponse(dict):
@@ -140,6 +169,8 @@ class PublicCloudConnectorPropertiesResponse(dict):
             suggest = "aws_cloud_profile"
         elif key == "connectorPrimaryIdentifier":
             suggest = "connector_primary_identifier"
+        elif key == "hostType":
+            suggest = "host_type"
         elif key == "provisioningState":
             suggest = "provisioning_state"
 
@@ -157,15 +188,18 @@ class PublicCloudConnectorPropertiesResponse(dict):
     def __init__(__self__, *,
                  aws_cloud_profile: 'outputs.AwsCloudProfileResponse',
                  connector_primary_identifier: str,
+                 host_type: str,
                  provisioning_state: str):
         """
         Properties of public cloud connectors.
         :param 'AwsCloudProfileResponse' aws_cloud_profile: Cloud profile for AWS.
         :param str connector_primary_identifier: Connector primary identifier.
+        :param str host_type: Host cloud the public cloud connector.
         :param str provisioning_state: The resource provisioning state.
         """
         pulumi.set(__self__, "aws_cloud_profile", aws_cloud_profile)
         pulumi.set(__self__, "connector_primary_identifier", connector_primary_identifier)
+        pulumi.set(__self__, "host_type", host_type)
         pulumi.set(__self__, "provisioning_state", provisioning_state)
 
     @property
@@ -184,6 +218,14 @@ class PublicCloudConnectorPropertiesResponse(dict):
         """
         return pulumi.get(self, "connector_primary_identifier")
 
+    @property
+    @pulumi.getter(name="hostType")
+    def host_type(self) -> str:
+        """
+        Host cloud the public cloud connector.
+        """
+        return pulumi.get(self, "host_type")
+
     @property
     @pulumi.getter(name="provisioningState")
     def provisioning_state(self) -> str:

pulumi_azure_native/hybridconnectivity/v20241201/outputs.py

@@ -32,8 +32,12 @@ class AwsCloudProfileResponse(dict):
     @staticmethod
     def __key_warning(key: str):
         suggest = None
-        if key == "excludedAccounts":
+        if key == "accountId":
+            suggest = "account_id"
+        elif key == "excludedAccounts":
             suggest = "excluded_accounts"
+        elif key == "isOrganizationalAccount":
+            suggest = "is_organizational_account"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in AwsCloudProfileResponse. Access the value via the '{suggest}' property getter instead.")
@@ -47,13 +51,30 @@ class AwsCloudProfileResponse(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 excluded_accounts: Optional[Sequence[str]] = None):
+                 account_id: str,
+                 excluded_accounts: Optional[Sequence[str]] = None,
+                 is_organizational_account: Optional[bool] = None):
         """
         cloud profile for AWS.
+        :param str account_id: Account id for the AWS account.
         :param Sequence[str] excluded_accounts: List of AWS accounts which need to be excluded.
+        :param bool is_organizational_account: Boolean value that indicates whether the account is organizational or not. True represents organization account, whereas false represents a single account.
         """
+        pulumi.set(__self__, "account_id", account_id)
         if excluded_accounts is not None:
             pulumi.set(__self__, "excluded_accounts", excluded_accounts)
+        if is_organizational_account is None:
+            is_organizational_account = False
+        if is_organizational_account is not None:
+            pulumi.set(__self__, "is_organizational_account", is_organizational_account)
+
+    @property
+    @pulumi.getter(name="accountId")
+    def account_id(self) -> str:
+        """
+        Account id for the AWS account.
+        """
+        return pulumi.get(self, "account_id")
 
     @property
     @pulumi.getter(name="excludedAccounts")
@@ -63,6 +84,14 @@ class AwsCloudProfileResponse(dict):
         """
         return pulumi.get(self, "excluded_accounts")
 
+    @property
+    @pulumi.getter(name="isOrganizationalAccount")
+    def is_organizational_account(self) -> Optional[bool]:
+        """
+        Boolean value that indicates whether the account is organizational or not. True represents organization account, whereas false represents a single account.
+        """
+        return pulumi.get(self, "is_organizational_account")
+
 
 @pulumi.output_type
 class EndpointPropertiesResponse(dict):
@@ -140,6 +169,8 @@ class PublicCloudConnectorPropertiesResponse(dict):
             suggest = "aws_cloud_profile"
         elif key == "connectorPrimaryIdentifier":
             suggest = "connector_primary_identifier"
+        elif key == "hostType":
+            suggest = "host_type"
         elif key == "provisioningState":
             suggest = "provisioning_state"
 
@@ -157,15 +188,18 @@ class PublicCloudConnectorPropertiesResponse(dict):
     def __init__(__self__, *,
                  aws_cloud_profile: 'outputs.AwsCloudProfileResponse',
                  connector_primary_identifier: str,
+                 host_type: str,
                  provisioning_state: str):
         """
         Properties of public cloud connectors.
         :param 'AwsCloudProfileResponse' aws_cloud_profile: Cloud profile for AWS.
         :param str connector_primary_identifier: Connector primary identifier.
+        :param str host_type: Host cloud the public cloud connector.
         :param str provisioning_state: The resource provisioning state.
         """
         pulumi.set(__self__, "aws_cloud_profile", aws_cloud_profile)
         pulumi.set(__self__, "connector_primary_identifier", connector_primary_identifier)
+        pulumi.set(__self__, "host_type", host_type)
         pulumi.set(__self__, "provisioning_state", provisioning_state)
 
     @property
@@ -184,6 +218,14 @@ class PublicCloudConnectorPropertiesResponse(dict):
         """
         return pulumi.get(self, "connector_primary_identifier")
 
+    @property
+    @pulumi.getter(name="hostType")
+    def host_type(self) -> str:
+        """
+        Host cloud the public cloud connector.
+        """
+        return pulumi.get(self, "host_type")
+
     @property
     @pulumi.getter(name="provisioningState")
     def provisioning_state(self) -> str:

pulumi_azure_native/pulumi-plugin.json

@@ -1,5 +1,5 @@
 {
   "resource": true,
   "name": "azure-native",
-  "version": "2.66.0-alpha.1728396986"
+  "version": "2.66.0-alpha.1728463590"
 }

pulumi_azure_native/security/_inputs.py

@@ -5508,11 +5508,7 @@ if not MYPY:
         """
         name: pulumi.Input[str]
         """
-        The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, attack path analysis and risk hunting as part of the cloud security explorer.
-        Available for CloudPosture plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
-        Available for StorageAccounts plan.<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
-        Available for StorageAccounts and CloudPosture plans.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.
-        Available for CloudPosture and Containers plans.
+        The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to  Kubernetes environments and workloads.<br>Available for CloudPosture plan and Containers plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plans).<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.<br>Available for CloudPosture plan and Containers plan.<br><br>**MdeDesignatedSubscription** - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure<br>Available for VirtualMachines plan (P1 and P2 sub plans).<br><br>**AgentlessVmScanning** - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.<br>Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.<br><br>**EntraPermissionsManagement** - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.<br>Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.<br>Available for CloudPosture plan. <br><br>**FileIntegrityMonitoring** - File integrity monitoring (FIM), examines operating system files.<br>Windows registries, Linux system files, in real time, for changes that might indicate an attack.<br>Available for VirtualMachines plan (P2 sub plan). <br><br>**ContainerSensor** - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.<br>Available for Containers plan. <br><br>**AIPromptEvidence** - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.<br>Available for AI plan. <br><br>
         """
         additional_extension_properties: NotRequired[Any]
         """
@@ -5530,11 +5526,7 @@ class ExtensionArgs:
         """
         A plan's extension properties
         :param pulumi.Input[Union[str, 'IsEnabled']] is_enabled: Indicates whether the extension is enabled.
-        :param pulumi.Input[str] name: The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, attack path analysis and risk hunting as part of the cloud security explorer.
-               Available for CloudPosture plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
-               Available for StorageAccounts plan.<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
-               Available for StorageAccounts and CloudPosture plans.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.
-               Available for CloudPosture and Containers plans.
+        :param pulumi.Input[str] name: The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to  Kubernetes environments and workloads.<br>Available for CloudPosture plan and Containers plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plans).<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.<br>Available for CloudPosture plan and Containers plan.<br><br>**MdeDesignatedSubscription** - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure<br>Available for VirtualMachines plan (P1 and P2 sub plans).<br><br>**AgentlessVmScanning** - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.<br>Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.<br><br>**EntraPermissionsManagement** - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.<br>Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.<br>Available for CloudPosture plan. <br><br>**FileIntegrityMonitoring** - File integrity monitoring (FIM), examines operating system files.<br>Windows registries, Linux system files, in real time, for changes that might indicate an attack.<br>Available for VirtualMachines plan (P2 sub plan). <br><br>**ContainerSensor** - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.<br>Available for Containers plan. <br><br>**AIPromptEvidence** - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.<br>Available for AI plan. <br><br>
         :param Any additional_extension_properties: Property values associated with the extension.
         """
         pulumi.set(__self__, "is_enabled", is_enabled)
@@ -5558,11 +5550,7 @@ class ExtensionArgs:
     @pulumi.getter
     def name(self) -> pulumi.Input[str]:
         """
-        The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, attack path analysis and risk hunting as part of the cloud security explorer.
-        Available for CloudPosture plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
-        Available for StorageAccounts plan.<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
-        Available for StorageAccounts and CloudPosture plans.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.
-        Available for CloudPosture and Containers plans.
+        The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to  Kubernetes environments and workloads.<br>Available for CloudPosture plan and Containers plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plans).<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.<br>Available for CloudPosture plan and Containers plan.<br><br>**MdeDesignatedSubscription** - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure<br>Available for VirtualMachines plan (P1 and P2 sub plans).<br><br>**AgentlessVmScanning** - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.<br>Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.<br><br>**EntraPermissionsManagement** - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.<br>Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.<br>Available for CloudPosture plan. <br><br>**FileIntegrityMonitoring** - File integrity monitoring (FIM), examines operating system files.<br>Windows registries, Linux system files, in real time, for changes that might indicate an attack.<br>Available for VirtualMachines plan (P2 sub plan). <br><br>**ContainerSensor** - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.<br>Available for Containers plan. <br><br>**AIPromptEvidence** - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.<br>Available for AI plan. <br><br>
         """
         return pulumi.get(self, "name")
 

pulumi_azure_native/security/outputs.py

@@ -5485,11 +5485,7 @@ class ExtensionResponse(dict):
         """
         A plan's extension properties
         :param str is_enabled: Indicates whether the extension is enabled.
-        :param str name: The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, attack path analysis and risk hunting as part of the cloud security explorer.
-               Available for CloudPosture plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
-               Available for StorageAccounts plan.<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
-               Available for StorageAccounts and CloudPosture plans.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.
-               Available for CloudPosture and Containers plans.
+        :param str name: The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to  Kubernetes environments and workloads.<br>Available for CloudPosture plan and Containers plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plans).<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.<br>Available for CloudPosture plan and Containers plan.<br><br>**MdeDesignatedSubscription** - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure<br>Available for VirtualMachines plan (P1 and P2 sub plans).<br><br>**AgentlessVmScanning** - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.<br>Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.<br><br>**EntraPermissionsManagement** - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.<br>Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.<br>Available for CloudPosture plan. <br><br>**FileIntegrityMonitoring** - File integrity monitoring (FIM), examines operating system files.<br>Windows registries, Linux system files, in real time, for changes that might indicate an attack.<br>Available for VirtualMachines plan (P2 sub plan). <br><br>**ContainerSensor** - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.<br>Available for Containers plan. <br><br>**AIPromptEvidence** - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.<br>Available for AI plan. <br><br>
         :param 'OperationStatusResponse' operation_status: Optional. A status describing the success/failure of the extension's enablement/disablement operation.
         :param Any additional_extension_properties: Property values associated with the extension.
         """
@@ -5511,11 +5507,7 @@ class ExtensionResponse(dict):
     @pulumi.getter
     def name(self) -> str:
         """
-        The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, attack path analysis and risk hunting as part of the cloud security explorer.
-        Available for CloudPosture plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
-        Available for StorageAccounts plan.<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
-        Available for StorageAccounts and CloudPosture plans.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.
-        Available for CloudPosture and Containers plans.
+        The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to  Kubernetes environments and workloads.<br>Available for CloudPosture plan and Containers plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plans).<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.<br>Available for CloudPosture plan and Containers plan.<br><br>**MdeDesignatedSubscription** - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure<br>Available for VirtualMachines plan (P1 and P2 sub plans).<br><br>**AgentlessVmScanning** - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.<br>Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.<br><br>**EntraPermissionsManagement** - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.<br>Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.<br>Available for CloudPosture plan. <br><br>**FileIntegrityMonitoring** - File integrity monitoring (FIM), examines operating system files.<br>Windows registries, Linux system files, in real time, for changes that might indicate an attack.<br>Available for VirtualMachines plan (P2 sub plan). <br><br>**ContainerSensor** - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.<br>Available for Containers plan. <br><br>**AIPromptEvidence** - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.<br>Available for AI plan. <br><br>
         """
         return pulumi.get(self, "name")
 

pulumi_azure_native/security/v20240101/_inputs.py

@@ -33,11 +33,7 @@ if not MYPY:
         """
         name: pulumi.Input[str]
         """
-        The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, attack path analysis and risk hunting as part of the cloud security explorer.
-        Available for CloudPosture plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
-        Available for StorageAccounts plan.<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
-        Available for StorageAccounts and CloudPosture plans.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.
-        Available for CloudPosture and Containers plans.
+        The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to  Kubernetes environments and workloads.<br>Available for CloudPosture plan and Containers plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plans).<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.<br>Available for CloudPosture plan and Containers plan.<br><br>**MdeDesignatedSubscription** - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure<br>Available for VirtualMachines plan (P1 and P2 sub plans).<br><br>**AgentlessVmScanning** - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.<br>Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.<br><br>**EntraPermissionsManagement** - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.<br>Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.<br>Available for CloudPosture plan. <br><br>**FileIntegrityMonitoring** - File integrity monitoring (FIM), examines operating system files.<br>Windows registries, Linux system files, in real time, for changes that might indicate an attack.<br>Available for VirtualMachines plan (P2 sub plan). <br><br>**ContainerSensor** - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.<br>Available for Containers plan. <br><br>**AIPromptEvidence** - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.<br>Available for AI plan. <br><br>
         """
         additional_extension_properties: NotRequired[Any]
         """
@@ -55,11 +51,7 @@ class ExtensionArgs:
         """
         A plan's extension properties
         :param pulumi.Input[Union[str, 'IsEnabled']] is_enabled: Indicates whether the extension is enabled.
-        :param pulumi.Input[str] name: The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, attack path analysis and risk hunting as part of the cloud security explorer.
-               Available for CloudPosture plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
-               Available for StorageAccounts plan.<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
-               Available for StorageAccounts and CloudPosture plans.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.
-               Available for CloudPosture and Containers plans.
+        :param pulumi.Input[str] name: The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to  Kubernetes environments and workloads.<br>Available for CloudPosture plan and Containers plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plans).<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.<br>Available for CloudPosture plan and Containers plan.<br><br>**MdeDesignatedSubscription** - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure<br>Available for VirtualMachines plan (P1 and P2 sub plans).<br><br>**AgentlessVmScanning** - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.<br>Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.<br><br>**EntraPermissionsManagement** - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.<br>Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.<br>Available for CloudPosture plan. <br><br>**FileIntegrityMonitoring** - File integrity monitoring (FIM), examines operating system files.<br>Windows registries, Linux system files, in real time, for changes that might indicate an attack.<br>Available for VirtualMachines plan (P2 sub plan). <br><br>**ContainerSensor** - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.<br>Available for Containers plan. <br><br>**AIPromptEvidence** - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.<br>Available for AI plan. <br><br>
         :param Any additional_extension_properties: Property values associated with the extension.
         """
         pulumi.set(__self__, "is_enabled", is_enabled)
@@ -83,11 +75,7 @@ class ExtensionArgs:
     @pulumi.getter
     def name(self) -> pulumi.Input[str]:
         """
-        The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, attack path analysis and risk hunting as part of the cloud security explorer.
-        Available for CloudPosture plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
-        Available for StorageAccounts plan.<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
-        Available for StorageAccounts and CloudPosture plans.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.
-        Available for CloudPosture and Containers plans.
+        The extension name. Supported values are: <br><br>**AgentlessDiscoveryForKubernetes** - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to  Kubernetes environments and workloads.<br>Available for CloudPosture plan and Containers plan.<br><br>**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plans).<br><br>**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.<br>Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.<br><br>**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.<br>Available for CloudPosture plan and Containers plan.<br><br>**MdeDesignatedSubscription** - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure<br>Available for VirtualMachines plan (P1 and P2 sub plans).<br><br>**AgentlessVmScanning** - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.<br>Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.<br><br>**EntraPermissionsManagement** - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.<br>Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.<br>Available for CloudPosture plan. <br><br>**FileIntegrityMonitoring** - File integrity monitoring (FIM), examines operating system files.<br>Windows registries, Linux system files, in real time, for changes that might indicate an attack.<br>Available for VirtualMachines plan (P2 sub plan). <br><br>**ContainerSensor** - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.<br>Available for Containers plan. <br><br>**AIPromptEvidence** - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.<br>Available for AI plan. <br><br>
         """
         return pulumi.get(self, "name")