1. Packages
  2. Azure Native v1
  3. API Docs
  4. securityinsights
  5. ThreatIntelligenceIndicator
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi

azure-native.securityinsights.ThreatIntelligenceIndicator

Explore with Pulumi AI

azure-native-v1 logo
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi

    Threat intelligence information object. API Version: 2019-01-01-preview.

    Example Usage

    Update a threat Intelligence indicator

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var threatIntelligenceIndicator = new AzureNative.SecurityInsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator", new()
        {
            Confidence = 78,
            CreatedByRef = "contoso@contoso.com",
            Description = "debugging indicators",
            DisplayName = "new schema",
            ExternalReferences = new[] {},
            GranularMarkings = new[] {},
            KillChainPhases = new[] {},
            Kind = "indicator",
            Labels = new[] {},
            Modified = "",
            Name = "d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
            OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
            Pattern = "[url:value = 'https://www.contoso.com']",
            PatternType = "url",
            ResourceGroupName = "myRg",
            Revoked = false,
            Source = "Azure Sentinel",
            ThreatIntelligenceTags = new[]
            {
                "new schema",
            },
            ThreatTypes = new[]
            {
                "compromised",
            },
            ValidFrom = "2020-04-15T17:44:00.114052Z",
            ValidUntil = "",
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicator", &securityinsights.ThreatIntelligenceIndicatorArgs{
    			Confidence:                          pulumi.Int(78),
    			CreatedByRef:                        pulumi.String("contoso@contoso.com"),
    			Description:                         pulumi.String("debugging indicators"),
    			DisplayName:                         pulumi.String("new schema"),
    			ExternalReferences:                  securityinsights.ThreatIntelligenceExternalReferenceArray{},
    			GranularMarkings:                    securityinsights.ThreatIntelligenceGranularMarkingModelArray{},
    			KillChainPhases:                     securityinsights.ThreatIntelligenceKillChainPhaseArray{},
    			Kind:                                pulumi.String("indicator"),
    			Labels:                              pulumi.StringArray{},
    			Modified:                            pulumi.String(""),
    			Name:                                pulumi.String("d9cd6f0b-96b9-3984-17cd-a779d1e15a93"),
    			OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
    			Pattern:                             pulumi.String("[url:value = 'https://www.contoso.com']"),
    			PatternType:                         pulumi.String("url"),
    			ResourceGroupName:                   pulumi.String("myRg"),
    			Revoked:                             pulumi.Bool(false),
    			Source:                              pulumi.String("Azure Sentinel"),
    			ThreatIntelligenceTags: pulumi.StringArray{
    				pulumi.String("new schema"),
    			},
    			ThreatTypes: pulumi.StringArray{
    				pulumi.String("compromised"),
    			},
    			ValidFrom:     pulumi.String("2020-04-15T17:44:00.114052Z"),
    			ValidUntil:    pulumi.String(""),
    			WorkspaceName: pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicator;
    import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicatorArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var threatIntelligenceIndicator = new ThreatIntelligenceIndicator("threatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()        
                .confidence(78)
                .createdByRef("contoso@contoso.com")
                .description("debugging indicators")
                .displayName("new schema")
                .externalReferences()
                .granularMarkings()
                .killChainPhases()
                .kind("indicator")
                .labels()
                .modified("")
                .name("d9cd6f0b-96b9-3984-17cd-a779d1e15a93")
                .operationalInsightsResourceProvider("Microsoft.OperationalInsights")
                .pattern("[url:value = 'https://www.contoso.com']")
                .patternType("url")
                .resourceGroupName("myRg")
                .revoked(false)
                .source("Azure Sentinel")
                .threatIntelligenceTags("new schema")
                .threatTypes("compromised")
                .validFrom("2020-04-15T17:44:00.114052Z")
                .validUntil("")
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    threat_intelligence_indicator = azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator",
        confidence=78,
        created_by_ref="contoso@contoso.com",
        description="debugging indicators",
        display_name="new schema",
        external_references=[],
        granular_markings=[],
        kill_chain_phases=[],
        kind="indicator",
        labels=[],
        modified="",
        name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
        operational_insights_resource_provider="Microsoft.OperationalInsights",
        pattern="[url:value = 'https://www.contoso.com']",
        pattern_type="url",
        resource_group_name="myRg",
        revoked=False,
        source="Azure Sentinel",
        threat_intelligence_tags=["new schema"],
        threat_types=["compromised"],
        valid_from="2020-04-15T17:44:00.114052Z",
        valid_until="",
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const threatIntelligenceIndicator = new azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator", {
        confidence: 78,
        createdByRef: "contoso@contoso.com",
        description: "debugging indicators",
        displayName: "new schema",
        externalReferences: [],
        granularMarkings: [],
        killChainPhases: [],
        kind: "indicator",
        labels: [],
        modified: "",
        name: "d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
        operationalInsightsResourceProvider: "Microsoft.OperationalInsights",
        pattern: "[url:value = 'https://www.contoso.com']",
        patternType: "url",
        resourceGroupName: "myRg",
        revoked: false,
        source: "Azure Sentinel",
        threatIntelligenceTags: ["new schema"],
        threatTypes: ["compromised"],
        validFrom: "2020-04-15T17:44:00.114052Z",
        validUntil: "",
        workspaceName: "myWorkspace",
    });
    
    resources:
      threatIntelligenceIndicator:
        type: azure-native:securityinsights:ThreatIntelligenceIndicator
        properties:
          confidence: 78
          createdByRef: contoso@contoso.com
          description: debugging indicators
          displayName: new schema
          externalReferences: []
          granularMarkings: []
          killChainPhases: []
          kind: indicator
          labels: []
          modified:
          name: d9cd6f0b-96b9-3984-17cd-a779d1e15a93
          operationalInsightsResourceProvider: Microsoft.OperationalInsights
          pattern: '[url:value = ''https://www.contoso.com'']'
          patternType: url
          resourceGroupName: myRg
          revoked: false
          source: Azure Sentinel
          threatIntelligenceTags:
            - new schema
          threatTypes:
            - compromised
          validFrom: 2020-04-15T17:44:00.114052Z
          validUntil:
          workspaceName: myWorkspace
    

    Create ThreatIntelligenceIndicator Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ThreatIntelligenceIndicator(name: string, args: ThreatIntelligenceIndicatorArgs, opts?: CustomResourceOptions);
    @overload
    def ThreatIntelligenceIndicator(resource_name: str,
                                    args: ThreatIntelligenceIndicatorArgs,
                                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def ThreatIntelligenceIndicator(resource_name: str,
                                    opts: Optional[ResourceOptions] = None,
                                    kind: Optional[Union[str, ThreatIntelligenceResourceKind]] = None,
                                    workspace_name: Optional[str] = None,
                                    resource_group_name: Optional[str] = None,
                                    operational_insights_resource_provider: Optional[str] = None,
                                    last_updated_time_utc: Optional[str] = None,
                                    object_marking_refs: Optional[Sequence[str]] = None,
                                    extensions: Optional[Any] = None,
                                    external_id: Optional[str] = None,
                                    external_last_updated_time_utc: Optional[str] = None,
                                    external_references: Optional[Sequence[ThreatIntelligenceExternalReferenceArgs]] = None,
                                    granular_markings: Optional[Sequence[ThreatIntelligenceGranularMarkingModelArgs]] = None,
                                    indicator_types: Optional[Sequence[str]] = None,
                                    kill_chain_phases: Optional[Sequence[ThreatIntelligenceKillChainPhaseArgs]] = None,
                                    description: Optional[str] = None,
                                    labels: Optional[Sequence[str]] = None,
                                    language: Optional[str] = None,
                                    confidence: Optional[int] = None,
                                    modified: Optional[str] = None,
                                    name: Optional[str] = None,
                                    display_name: Optional[str] = None,
                                    defanged: Optional[bool] = None,
                                    parsed_pattern: Optional[Sequence[ThreatIntelligenceParsedPatternArgs]] = None,
                                    pattern: Optional[str] = None,
                                    pattern_type: Optional[str] = None,
                                    pattern_version: Optional[str] = None,
                                    created_by_ref: Optional[str] = None,
                                    revoked: Optional[bool] = None,
                                    source: Optional[str] = None,
                                    threat_intelligence_tags: Optional[Sequence[str]] = None,
                                    threat_types: Optional[Sequence[str]] = None,
                                    valid_from: Optional[str] = None,
                                    valid_until: Optional[str] = None,
                                    created: Optional[str] = None)
    func NewThreatIntelligenceIndicator(ctx *Context, name string, args ThreatIntelligenceIndicatorArgs, opts ...ResourceOption) (*ThreatIntelligenceIndicator, error)
    public ThreatIntelligenceIndicator(string name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions? opts = null)
    public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args)
    public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions options)
    
    type: azure-native:securityinsights:ThreatIntelligenceIndicator
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var threatIntelligenceIndicatorResource = new AzureNative.Securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", new()
    {
        Kind = "string",
        WorkspaceName = "string",
        ResourceGroupName = "string",
        OperationalInsightsResourceProvider = "string",
        LastUpdatedTimeUtc = "string",
        ObjectMarkingRefs = new[]
        {
            "string",
        },
        Extensions = "any",
        ExternalId = "string",
        ExternalLastUpdatedTimeUtc = "string",
        ExternalReferences = new[]
        {
            
            {
                { "description", "string" },
                { "externalId", "string" },
                { "hashes", 
                {
                    { "string", "string" },
                } },
                { "sourceName", "string" },
                { "url", "string" },
            },
        },
        GranularMarkings = new[]
        {
            
            {
                { "language", "string" },
                { "markingRef", 0 },
                { "selectors", new[]
                {
                    "string",
                } },
            },
        },
        IndicatorTypes = new[]
        {
            "string",
        },
        KillChainPhases = new[]
        {
            
            {
                { "killChainName", "string" },
                { "phaseName", "string" },
            },
        },
        Description = "string",
        Labels = new[]
        {
            "string",
        },
        Language = "string",
        Confidence = 0,
        Modified = "string",
        Name = "string",
        DisplayName = "string",
        Defanged = false,
        ParsedPattern = new[]
        {
            
            {
                { "patternTypeKey", "string" },
                { "patternTypeValues", new[]
                {
                    
                    {
                        { "value", "string" },
                        { "valueType", "string" },
                    },
                } },
            },
        },
        Pattern = "string",
        PatternType = "string",
        PatternVersion = "string",
        CreatedByRef = "string",
        Revoked = false,
        Source = "string",
        ThreatIntelligenceTags = new[]
        {
            "string",
        },
        ThreatTypes = new[]
        {
            "string",
        },
        ValidFrom = "string",
        ValidUntil = "string",
        Created = "string",
    });
    
    example, err := securityinsights.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicatorResource", &securityinsights.ThreatIntelligenceIndicatorArgs{
    	Kind:                                "string",
    	WorkspaceName:                       "string",
    	ResourceGroupName:                   "string",
    	OperationalInsightsResourceProvider: "string",
    	LastUpdatedTimeUtc:                  "string",
    	ObjectMarkingRefs: []string{
    		"string",
    	},
    	Extensions:                 "any",
    	ExternalId:                 "string",
    	ExternalLastUpdatedTimeUtc: "string",
    	ExternalReferences: []map[string]interface{}{
    		map[string]interface{}{
    			"description": "string",
    			"externalId":  "string",
    			"hashes": map[string]interface{}{
    				"string": "string",
    			},
    			"sourceName": "string",
    			"url":        "string",
    		},
    	},
    	GranularMarkings: []map[string]interface{}{
    		map[string]interface{}{
    			"language":   "string",
    			"markingRef": 0,
    			"selectors": []string{
    				"string",
    			},
    		},
    	},
    	IndicatorTypes: []string{
    		"string",
    	},
    	KillChainPhases: []map[string]interface{}{
    		map[string]interface{}{
    			"killChainName": "string",
    			"phaseName":     "string",
    		},
    	},
    	Description: "string",
    	Labels: []string{
    		"string",
    	},
    	Language:    "string",
    	Confidence:  0,
    	Modified:    "string",
    	Name:        "string",
    	DisplayName: "string",
    	Defanged:    false,
    	ParsedPattern: []map[string]interface{}{
    		map[string]interface{}{
    			"patternTypeKey": "string",
    			"patternTypeValues": []map[string]interface{}{
    				map[string]interface{}{
    					"value":     "string",
    					"valueType": "string",
    				},
    			},
    		},
    	},
    	Pattern:        "string",
    	PatternType:    "string",
    	PatternVersion: "string",
    	CreatedByRef:   "string",
    	Revoked:        false,
    	Source:         "string",
    	ThreatIntelligenceTags: []string{
    		"string",
    	},
    	ThreatTypes: []string{
    		"string",
    	},
    	ValidFrom:  "string",
    	ValidUntil: "string",
    	Created:    "string",
    })
    
    var threatIntelligenceIndicatorResource = new ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", ThreatIntelligenceIndicatorArgs.builder()
        .kind("string")
        .workspaceName("string")
        .resourceGroupName("string")
        .operationalInsightsResourceProvider("string")
        .lastUpdatedTimeUtc("string")
        .objectMarkingRefs("string")
        .extensions("any")
        .externalId("string")
        .externalLastUpdatedTimeUtc("string")
        .externalReferences(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
        .granularMarkings(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
        .indicatorTypes("string")
        .killChainPhases(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
        .description("string")
        .labels("string")
        .language("string")
        .confidence(0)
        .modified("string")
        .name("string")
        .displayName("string")
        .defanged(false)
        .parsedPattern(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
        .pattern("string")
        .patternType("string")
        .patternVersion("string")
        .createdByRef("string")
        .revoked(false)
        .source("string")
        .threatIntelligenceTags("string")
        .threatTypes("string")
        .validFrom("string")
        .validUntil("string")
        .created("string")
        .build());
    
    threat_intelligence_indicator_resource = azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource",
        kind=string,
        workspace_name=string,
        resource_group_name=string,
        operational_insights_resource_provider=string,
        last_updated_time_utc=string,
        object_marking_refs=[string],
        extensions=any,
        external_id=string,
        external_last_updated_time_utc=string,
        external_references=[{
            description: string,
            externalId: string,
            hashes: {
                string: string,
            },
            sourceName: string,
            url: string,
        }],
        granular_markings=[{
            language: string,
            markingRef: 0,
            selectors: [string],
        }],
        indicator_types=[string],
        kill_chain_phases=[{
            killChainName: string,
            phaseName: string,
        }],
        description=string,
        labels=[string],
        language=string,
        confidence=0,
        modified=string,
        name=string,
        display_name=string,
        defanged=False,
        parsed_pattern=[{
            patternTypeKey: string,
            patternTypeValues: [{
                value: string,
                valueType: string,
            }],
        }],
        pattern=string,
        pattern_type=string,
        pattern_version=string,
        created_by_ref=string,
        revoked=False,
        source=string,
        threat_intelligence_tags=[string],
        threat_types=[string],
        valid_from=string,
        valid_until=string,
        created=string)
    
    const threatIntelligenceIndicatorResource = new azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", {
        kind: "string",
        workspaceName: "string",
        resourceGroupName: "string",
        operationalInsightsResourceProvider: "string",
        lastUpdatedTimeUtc: "string",
        objectMarkingRefs: ["string"],
        extensions: "any",
        externalId: "string",
        externalLastUpdatedTimeUtc: "string",
        externalReferences: [{
            description: "string",
            externalId: "string",
            hashes: {
                string: "string",
            },
            sourceName: "string",
            url: "string",
        }],
        granularMarkings: [{
            language: "string",
            markingRef: 0,
            selectors: ["string"],
        }],
        indicatorTypes: ["string"],
        killChainPhases: [{
            killChainName: "string",
            phaseName: "string",
        }],
        description: "string",
        labels: ["string"],
        language: "string",
        confidence: 0,
        modified: "string",
        name: "string",
        displayName: "string",
        defanged: false,
        parsedPattern: [{
            patternTypeKey: "string",
            patternTypeValues: [{
                value: "string",
                valueType: "string",
            }],
        }],
        pattern: "string",
        patternType: "string",
        patternVersion: "string",
        createdByRef: "string",
        revoked: false,
        source: "string",
        threatIntelligenceTags: ["string"],
        threatTypes: ["string"],
        validFrom: "string",
        validUntil: "string",
        created: "string",
    });
    
    type: azure-native:securityinsights:ThreatIntelligenceIndicator
    properties:
        confidence: 0
        created: string
        createdByRef: string
        defanged: false
        description: string
        displayName: string
        extensions: any
        externalId: string
        externalLastUpdatedTimeUtc: string
        externalReferences:
            - description: string
              externalId: string
              hashes:
                string: string
              sourceName: string
              url: string
        granularMarkings:
            - language: string
              markingRef: 0
              selectors:
                - string
        indicatorTypes:
            - string
        killChainPhases:
            - killChainName: string
              phaseName: string
        kind: string
        labels:
            - string
        language: string
        lastUpdatedTimeUtc: string
        modified: string
        name: string
        objectMarkingRefs:
            - string
        operationalInsightsResourceProvider: string
        parsedPattern:
            - patternTypeKey: string
              patternTypeValues:
                - value: string
                  valueType: string
        pattern: string
        patternType: string
        patternVersion: string
        resourceGroupName: string
        revoked: false
        source: string
        threatIntelligenceTags:
            - string
        threatTypes:
            - string
        validFrom: string
        validUntil: string
        workspaceName: string
    

    ThreatIntelligenceIndicator Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ThreatIntelligenceIndicator resource accepts the following input properties:

    Kind string | Pulumi.AzureNative.SecurityInsights.ThreatIntelligenceResourceKind
    The kind of the entity.
    OperationalInsightsResourceProvider string
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    ResourceGroupName string
    The name of the resource group within the user's subscription. The name is case insensitive.
    WorkspaceName string
    The name of the workspace.
    Confidence int
    Confidence of threat intelligence entity
    Created string
    Created by
    CreatedByRef string
    Created by reference of threat intelligence entity
    Defanged bool
    Is threat intelligence entity defanged
    Description string
    Description of a threat intelligence entity
    DisplayName string
    Display name of a threat intelligence entity
    Extensions object
    Extensions map
    ExternalId string
    External ID of threat intelligence entity
    ExternalLastUpdatedTimeUtc string
    External last updated time in UTC
    ExternalReferences List<Pulumi.AzureNative.SecurityInsights.Inputs.ThreatIntelligenceExternalReference>
    External References
    GranularMarkings List<Pulumi.AzureNative.SecurityInsights.Inputs.ThreatIntelligenceGranularMarkingModel>
    Granular Markings
    IndicatorTypes List<string>
    Indicator types of threat intelligence entities
    KillChainPhases List<Pulumi.AzureNative.SecurityInsights.Inputs.ThreatIntelligenceKillChainPhase>
    Kill chain phases
    Labels List<string>
    Labels of threat intelligence entity
    Language string
    Language of threat intelligence entity
    LastUpdatedTimeUtc string
    Last updated time in UTC
    Modified string
    Modified by
    Name string
    Threat intelligence indicator name field.
    ObjectMarkingRefs List<string>
    Threat intelligence entity object marking references
    ParsedPattern List<Pulumi.AzureNative.SecurityInsights.Inputs.ThreatIntelligenceParsedPattern>
    Parsed patterns
    Pattern string
    Pattern of a threat intelligence entity
    PatternType string
    Pattern type of a threat intelligence entity
    PatternVersion string
    Pattern version of a threat intelligence entity
    Revoked bool
    Is threat intelligence entity revoked
    Source string
    Source of a threat intelligence entity
    ThreatIntelligenceTags List<string>
    List of tags
    ThreatTypes List<string>
    Threat types
    ValidFrom string
    Valid from
    ValidUntil string
    Valid until
    Kind string | ThreatIntelligenceResourceKind
    The kind of the entity.
    OperationalInsightsResourceProvider string
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    ResourceGroupName string
    The name of the resource group within the user's subscription. The name is case insensitive.
    WorkspaceName string
    The name of the workspace.
    Confidence int
    Confidence of threat intelligence entity
    Created string
    Created by
    CreatedByRef string
    Created by reference of threat intelligence entity
    Defanged bool
    Is threat intelligence entity defanged
    Description string
    Description of a threat intelligence entity
    DisplayName string
    Display name of a threat intelligence entity
    Extensions interface{}
    Extensions map
    ExternalId string
    External ID of threat intelligence entity
    ExternalLastUpdatedTimeUtc string
    External last updated time in UTC
    ExternalReferences []ThreatIntelligenceExternalReferenceArgs
    External References
    GranularMarkings []ThreatIntelligenceGranularMarkingModelArgs
    Granular Markings
    IndicatorTypes []string
    Indicator types of threat intelligence entities
    KillChainPhases []ThreatIntelligenceKillChainPhaseArgs
    Kill chain phases
    Labels []string
    Labels of threat intelligence entity
    Language string
    Language of threat intelligence entity
    LastUpdatedTimeUtc string
    Last updated time in UTC
    Modified string
    Modified by
    Name string
    Threat intelligence indicator name field.
    ObjectMarkingRefs []string
    Threat intelligence entity object marking references
    ParsedPattern []ThreatIntelligenceParsedPatternArgs
    Parsed patterns
    Pattern string
    Pattern of a threat intelligence entity
    PatternType string
    Pattern type of a threat intelligence entity
    PatternVersion string
    Pattern version of a threat intelligence entity
    Revoked bool
    Is threat intelligence entity revoked
    Source string
    Source of a threat intelligence entity
    ThreatIntelligenceTags []string
    List of tags
    ThreatTypes []string
    Threat types
    ValidFrom string
    Valid from
    ValidUntil string
    Valid until
    kind String | ThreatIntelligenceResourceKind
    The kind of the entity.
    operationalInsightsResourceProvider String
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    resourceGroupName String
    The name of the resource group within the user's subscription. The name is case insensitive.
    workspaceName String
    The name of the workspace.
    confidence Integer
    Confidence of threat intelligence entity
    created String
    Created by
    createdByRef String
    Created by reference of threat intelligence entity
    defanged Boolean
    Is threat intelligence entity defanged
    description String
    Description of a threat intelligence entity
    displayName String
    Display name of a threat intelligence entity
    extensions Object
    Extensions map
    externalId String
    External ID of threat intelligence entity
    externalLastUpdatedTimeUtc String
    External last updated time in UTC
    externalReferences List<ThreatIntelligenceExternalReference>
    External References
    granularMarkings List<ThreatIntelligenceGranularMarkingModel>
    Granular Markings
    indicatorTypes List<String>
    Indicator types of threat intelligence entities
    killChainPhases List<ThreatIntelligenceKillChainPhase>
    Kill chain phases
    labels List<String>
    Labels of threat intelligence entity
    language String
    Language of threat intelligence entity
    lastUpdatedTimeUtc String
    Last updated time in UTC
    modified String
    Modified by
    name String
    Threat intelligence indicator name field.
    objectMarkingRefs List<String>
    Threat intelligence entity object marking references
    parsedPattern List<ThreatIntelligenceParsedPattern>
    Parsed patterns
    pattern String
    Pattern of a threat intelligence entity
    patternType String
    Pattern type of a threat intelligence entity
    patternVersion String
    Pattern version of a threat intelligence entity
    revoked Boolean
    Is threat intelligence entity revoked
    source String
    Source of a threat intelligence entity
    threatIntelligenceTags List<String>
    List of tags
    threatTypes List<String>
    Threat types
    validFrom String
    Valid from
    validUntil String
    Valid until
    kind string | ThreatIntelligenceResourceKind
    The kind of the entity.
    operationalInsightsResourceProvider string
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    resourceGroupName string
    The name of the resource group within the user's subscription. The name is case insensitive.
    workspaceName string
    The name of the workspace.
    confidence number
    Confidence of threat intelligence entity
    created string
    Created by
    createdByRef string
    Created by reference of threat intelligence entity
    defanged boolean
    Is threat intelligence entity defanged
    description string
    Description of a threat intelligence entity
    displayName string
    Display name of a threat intelligence entity
    extensions any
    Extensions map
    externalId string
    External ID of threat intelligence entity
    externalLastUpdatedTimeUtc string
    External last updated time in UTC
    externalReferences ThreatIntelligenceExternalReference[]
    External References
    granularMarkings ThreatIntelligenceGranularMarkingModel[]
    Granular Markings
    indicatorTypes string[]
    Indicator types of threat intelligence entities
    killChainPhases ThreatIntelligenceKillChainPhase[]
    Kill chain phases
    labels string[]
    Labels of threat intelligence entity
    language string
    Language of threat intelligence entity
    lastUpdatedTimeUtc string
    Last updated time in UTC
    modified string
    Modified by
    name string
    Threat intelligence indicator name field.
    objectMarkingRefs string[]
    Threat intelligence entity object marking references
    parsedPattern ThreatIntelligenceParsedPattern[]
    Parsed patterns
    pattern string
    Pattern of a threat intelligence entity
    patternType string
    Pattern type of a threat intelligence entity
    patternVersion string
    Pattern version of a threat intelligence entity
    revoked boolean
    Is threat intelligence entity revoked
    source string
    Source of a threat intelligence entity
    threatIntelligenceTags string[]
    List of tags
    threatTypes string[]
    Threat types
    validFrom string
    Valid from
    validUntil string
    Valid until
    kind str | ThreatIntelligenceResourceKind
    The kind of the entity.
    operational_insights_resource_provider str
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    resource_group_name str
    The name of the resource group within the user's subscription. The name is case insensitive.
    workspace_name str
    The name of the workspace.
    confidence int
    Confidence of threat intelligence entity
    created str
    Created by
    created_by_ref str
    Created by reference of threat intelligence entity
    defanged bool
    Is threat intelligence entity defanged
    description str
    Description of a threat intelligence entity
    display_name str
    Display name of a threat intelligence entity
    extensions Any
    Extensions map
    external_id str
    External ID of threat intelligence entity
    external_last_updated_time_utc str
    External last updated time in UTC
    external_references Sequence[ThreatIntelligenceExternalReferenceArgs]
    External References
    granular_markings Sequence[ThreatIntelligenceGranularMarkingModelArgs]
    Granular Markings
    indicator_types Sequence[str]
    Indicator types of threat intelligence entities
    kill_chain_phases Sequence[ThreatIntelligenceKillChainPhaseArgs]
    Kill chain phases
    labels Sequence[str]
    Labels of threat intelligence entity
    language str
    Language of threat intelligence entity
    last_updated_time_utc str
    Last updated time in UTC
    modified str
    Modified by
    name str
    Threat intelligence indicator name field.
    object_marking_refs Sequence[str]
    Threat intelligence entity object marking references
    parsed_pattern Sequence[ThreatIntelligenceParsedPatternArgs]
    Parsed patterns
    pattern str
    Pattern of a threat intelligence entity
    pattern_type str
    Pattern type of a threat intelligence entity
    pattern_version str
    Pattern version of a threat intelligence entity
    revoked bool
    Is threat intelligence entity revoked
    source str
    Source of a threat intelligence entity
    threat_intelligence_tags Sequence[str]
    List of tags
    threat_types Sequence[str]
    Threat types
    valid_from str
    Valid from
    valid_until str
    Valid until
    kind String | "indicator"
    The kind of the entity.
    operationalInsightsResourceProvider String
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    resourceGroupName String
    The name of the resource group within the user's subscription. The name is case insensitive.
    workspaceName String
    The name of the workspace.
    confidence Number
    Confidence of threat intelligence entity
    created String
    Created by
    createdByRef String
    Created by reference of threat intelligence entity
    defanged Boolean
    Is threat intelligence entity defanged
    description String
    Description of a threat intelligence entity
    displayName String
    Display name of a threat intelligence entity
    extensions Any
    Extensions map
    externalId String
    External ID of threat intelligence entity
    externalLastUpdatedTimeUtc String
    External last updated time in UTC
    externalReferences List<Property Map>
    External References
    granularMarkings List<Property Map>
    Granular Markings
    indicatorTypes List<String>
    Indicator types of threat intelligence entities
    killChainPhases List<Property Map>
    Kill chain phases
    labels List<String>
    Labels of threat intelligence entity
    language String
    Language of threat intelligence entity
    lastUpdatedTimeUtc String
    Last updated time in UTC
    modified String
    Modified by
    name String
    Threat intelligence indicator name field.
    objectMarkingRefs List<String>
    Threat intelligence entity object marking references
    parsedPattern List<Property Map>
    Parsed patterns
    pattern String
    Pattern of a threat intelligence entity
    patternType String
    Pattern type of a threat intelligence entity
    patternVersion String
    Pattern version of a threat intelligence entity
    revoked Boolean
    Is threat intelligence entity revoked
    source String
    Source of a threat intelligence entity
    threatIntelligenceTags List<String>
    List of tags
    threatTypes List<String>
    Threat types
    validFrom String
    Valid from
    validUntil String
    Valid until

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ThreatIntelligenceIndicator resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Type string
    Azure resource type
    Etag string
    Etag of the azure resource
    Id string
    The provider-assigned unique ID for this managed resource.
    Type string
    Azure resource type
    Etag string
    Etag of the azure resource
    id String
    The provider-assigned unique ID for this managed resource.
    type String
    Azure resource type
    etag String
    Etag of the azure resource
    id string
    The provider-assigned unique ID for this managed resource.
    type string
    Azure resource type
    etag string
    Etag of the azure resource
    id str
    The provider-assigned unique ID for this managed resource.
    type str
    Azure resource type
    etag str
    Etag of the azure resource
    id String
    The provider-assigned unique ID for this managed resource.
    type String
    Azure resource type
    etag String
    Etag of the azure resource

    Supporting Types

    ThreatIntelligenceExternalReference, ThreatIntelligenceExternalReferenceArgs

    Description string
    External reference description
    ExternalId string
    External reference ID
    Hashes Dictionary<string, string>
    External reference hashes
    SourceName string
    External reference source name
    Url string
    External reference URL
    Description string
    External reference description
    ExternalId string
    External reference ID
    Hashes map[string]string
    External reference hashes
    SourceName string
    External reference source name
    Url string
    External reference URL
    description String
    External reference description
    externalId String
    External reference ID
    hashes Map<String,String>
    External reference hashes
    sourceName String
    External reference source name
    url String
    External reference URL
    description string
    External reference description
    externalId string
    External reference ID
    hashes {[key: string]: string}
    External reference hashes
    sourceName string
    External reference source name
    url string
    External reference URL
    description str
    External reference description
    external_id str
    External reference ID
    hashes Mapping[str, str]
    External reference hashes
    source_name str
    External reference source name
    url str
    External reference URL
    description String
    External reference description
    externalId String
    External reference ID
    hashes Map<String>
    External reference hashes
    sourceName String
    External reference source name
    url String
    External reference URL

    ThreatIntelligenceGranularMarkingModel, ThreatIntelligenceGranularMarkingModelArgs

    Language string
    Language granular marking model
    MarkingRef int
    marking reference granular marking model
    Selectors List<string>
    granular marking model selectors
    Language string
    Language granular marking model
    MarkingRef int
    marking reference granular marking model
    Selectors []string
    granular marking model selectors
    language String
    Language granular marking model
    markingRef Integer
    marking reference granular marking model
    selectors List<String>
    granular marking model selectors
    language string
    Language granular marking model
    markingRef number
    marking reference granular marking model
    selectors string[]
    granular marking model selectors
    language str
    Language granular marking model
    marking_ref int
    marking reference granular marking model
    selectors Sequence[str]
    granular marking model selectors
    language String
    Language granular marking model
    markingRef Number
    marking reference granular marking model
    selectors List<String>
    granular marking model selectors

    ThreatIntelligenceKillChainPhase, ThreatIntelligenceKillChainPhaseArgs

    KillChainName string
    Kill chainName name
    PhaseName string
    Phase name
    KillChainName string
    Kill chainName name
    PhaseName string
    Phase name
    killChainName String
    Kill chainName name
    phaseName String
    Phase name
    killChainName string
    Kill chainName name
    phaseName string
    Phase name
    kill_chain_name str
    Kill chainName name
    phase_name str
    Phase name
    killChainName String
    Kill chainName name
    phaseName String
    Phase name

    ThreatIntelligenceParsedPattern, ThreatIntelligenceParsedPatternArgs

    patternTypeKey String
    Pattern type key
    patternTypeValues List<Property Map>
    Pattern type keys

    ThreatIntelligenceParsedPatternTypeValue, ThreatIntelligenceParsedPatternTypeValueArgs

    Value string
    Value of parsed pattern
    ValueType string
    Type of the value
    Value string
    Value of parsed pattern
    ValueType string
    Type of the value
    value String
    Value of parsed pattern
    valueType String
    Type of the value
    value string
    Value of parsed pattern
    valueType string
    Type of the value
    value str
    Value of parsed pattern
    value_type str
    Type of the value
    value String
    Value of parsed pattern
    valueType String
    Type of the value

    ThreatIntelligenceResourceKind, ThreatIntelligenceResourceKindArgs

    Indicator
    indicatorEntity represents threat intelligence indicator in the system.
    ThreatIntelligenceResourceKindIndicator
    indicatorEntity represents threat intelligence indicator in the system.
    Indicator
    indicatorEntity represents threat intelligence indicator in the system.
    Indicator
    indicatorEntity represents threat intelligence indicator in the system.
    INDICATOR
    indicatorEntity represents threat intelligence indicator in the system.
    "indicator"
    indicatorEntity represents threat intelligence indicator in the system.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:securityinsights:ThreatIntelligenceIndicator 180105c7-a28d-b1a2-4a78-234f6ec80fd6 /subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    azure-native-v1 pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native-v1 logo
    These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
    Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi