[Feature Request] Support new anomaly rule type

[pemontto]

Summary of the new feature/enhancement

Sentinel now has an anomaly rule type in preview - https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-built-in#anomaly Anomaly rules can be duplicated from the inbuilt templates to allow tuning parameters.

A sample of one of the inbuilt anomaly rules from Get-AzSentinelAlertRule:

{
  "alertRuleTemplateName": "XXX",
  "displayName": "(Preview) Attempted computer bruteforce",
  "description": "This algorithm detects an unusually high volume of failed login attempts to each computer. The model is trained on the previous 21 days of security event ID 4625 on a computer. It indicates anomalous high volume of failed login attempts in the last day.",
  "anomalyVersion": "1.2.2",
  "techniques": ["T1001"],
  "severity": "Informational",
  "customizableObservations": {
    "multiSelectObservations": null,
    "singleSelectObservations": null,
    "prioritizeExcludeObservations": null,
    "thresholdObservations": [
      "@{minimum=0; maximum=1; value=0.4; name=Score; description=Generate an anomaly when score is greater than the chosen value; sequenceNumber=1; rerun=NotRequired}"
    ],
    "singleValueObservations": null
  },
  "frequency": "P1D",
  "ruleStatus": "Production",
  "isDefaultRule": true,
  "anomalyRuleVersion": 0,
  "enabled": true,
  "tactics": ["InitialAccess"],
  "lastModifiedUtc": "2021-05-24T01:53:45.8957492Z",
  "name": "XXX",
  "etag": "XXX",
  "id": "/subscriptions/XXX/resourceGroups/XXX/providers/Microsoft.OperationalInsights/workspaces/XXX/providers/Microsoft.SecurityInsights/alertRules/XXX",
  "kind": "Anomaly",
  "playbookName": ""
}