azure-native.securityinsights.ThreatIntelligenceIndicator
Explore with Pulumi AI
Threat intelligence information object. API Version: 2019-01-01-preview.
Example Usage
Update a threat Intelligence indicator
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var threatIntelligenceIndicator = new AzureNative.SecurityInsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator", new()
{
Confidence = 78,
CreatedByRef = "contoso@contoso.com",
Description = "debugging indicators",
DisplayName = "new schema",
ExternalReferences = new[] {},
GranularMarkings = new[] {},
KillChainPhases = new[] {},
Kind = "indicator",
Labels = new[] {},
Modified = "",
Name = "d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
Pattern = "[url:value = 'https://www.contoso.com']",
PatternType = "url",
ResourceGroupName = "myRg",
Revoked = false,
Source = "Azure Sentinel",
ThreatIntelligenceTags = new[]
{
"new schema",
},
ThreatTypes = new[]
{
"compromised",
},
ValidFrom = "2020-04-15T17:44:00.114052Z",
ValidUntil = "",
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicator", &securityinsights.ThreatIntelligenceIndicatorArgs{
Confidence: pulumi.Int(78),
CreatedByRef: pulumi.String("contoso@contoso.com"),
Description: pulumi.String("debugging indicators"),
DisplayName: pulumi.String("new schema"),
ExternalReferences: securityinsights.ThreatIntelligenceExternalReferenceArray{},
GranularMarkings: securityinsights.ThreatIntelligenceGranularMarkingModelArray{},
KillChainPhases: securityinsights.ThreatIntelligenceKillChainPhaseArray{},
Kind: pulumi.String("indicator"),
Labels: pulumi.StringArray{},
Modified: pulumi.String(""),
Name: pulumi.String("d9cd6f0b-96b9-3984-17cd-a779d1e15a93"),
OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
Pattern: pulumi.String("[url:value = 'https://www.contoso.com']"),
PatternType: pulumi.String("url"),
ResourceGroupName: pulumi.String("myRg"),
Revoked: pulumi.Bool(false),
Source: pulumi.String("Azure Sentinel"),
ThreatIntelligenceTags: pulumi.StringArray{
pulumi.String("new schema"),
},
ThreatTypes: pulumi.StringArray{
pulumi.String("compromised"),
},
ValidFrom: pulumi.String("2020-04-15T17:44:00.114052Z"),
ValidUntil: pulumi.String(""),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicator;
import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicatorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var threatIntelligenceIndicator = new ThreatIntelligenceIndicator("threatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()
.confidence(78)
.createdByRef("contoso@contoso.com")
.description("debugging indicators")
.displayName("new schema")
.externalReferences()
.granularMarkings()
.killChainPhases()
.kind("indicator")
.labels()
.modified("")
.name("d9cd6f0b-96b9-3984-17cd-a779d1e15a93")
.operationalInsightsResourceProvider("Microsoft.OperationalInsights")
.pattern("[url:value = 'https://www.contoso.com']")
.patternType("url")
.resourceGroupName("myRg")
.revoked(false)
.source("Azure Sentinel")
.threatIntelligenceTags("new schema")
.threatTypes("compromised")
.validFrom("2020-04-15T17:44:00.114052Z")
.validUntil("")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
threat_intelligence_indicator = azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator",
confidence=78,
created_by_ref="contoso@contoso.com",
description="debugging indicators",
display_name="new schema",
external_references=[],
granular_markings=[],
kill_chain_phases=[],
kind="indicator",
labels=[],
modified="",
name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
operational_insights_resource_provider="Microsoft.OperationalInsights",
pattern="[url:value = 'https://www.contoso.com']",
pattern_type="url",
resource_group_name="myRg",
revoked=False,
source="Azure Sentinel",
threat_intelligence_tags=["new schema"],
threat_types=["compromised"],
valid_from="2020-04-15T17:44:00.114052Z",
valid_until="",
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const threatIntelligenceIndicator = new azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator", {
confidence: 78,
createdByRef: "contoso@contoso.com",
description: "debugging indicators",
displayName: "new schema",
externalReferences: [],
granularMarkings: [],
killChainPhases: [],
kind: "indicator",
labels: [],
modified: "",
name: "d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
operationalInsightsResourceProvider: "Microsoft.OperationalInsights",
pattern: "[url:value = 'https://www.contoso.com']",
patternType: "url",
resourceGroupName: "myRg",
revoked: false,
source: "Azure Sentinel",
threatIntelligenceTags: ["new schema"],
threatTypes: ["compromised"],
validFrom: "2020-04-15T17:44:00.114052Z",
validUntil: "",
workspaceName: "myWorkspace",
});
resources:
threatIntelligenceIndicator:
type: azure-native:securityinsights:ThreatIntelligenceIndicator
properties:
confidence: 78
createdByRef: contoso@contoso.com
description: debugging indicators
displayName: new schema
externalReferences: []
granularMarkings: []
killChainPhases: []
kind: indicator
labels: []
modified:
name: d9cd6f0b-96b9-3984-17cd-a779d1e15a93
operationalInsightsResourceProvider: Microsoft.OperationalInsights
pattern: '[url:value = ''https://www.contoso.com'']'
patternType: url
resourceGroupName: myRg
revoked: false
source: Azure Sentinel
threatIntelligenceTags:
- new schema
threatTypes:
- compromised
validFrom: 2020-04-15T17:44:00.114052Z
validUntil:
workspaceName: myWorkspace
Create ThreatIntelligenceIndicator Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ThreatIntelligenceIndicator(name: string, args: ThreatIntelligenceIndicatorArgs, opts?: CustomResourceOptions);
@overload
def ThreatIntelligenceIndicator(resource_name: str,
args: ThreatIntelligenceIndicatorArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ThreatIntelligenceIndicator(resource_name: str,
opts: Optional[ResourceOptions] = None,
kind: Optional[Union[str, ThreatIntelligenceResourceKind]] = None,
workspace_name: Optional[str] = None,
resource_group_name: Optional[str] = None,
operational_insights_resource_provider: Optional[str] = None,
last_updated_time_utc: Optional[str] = None,
object_marking_refs: Optional[Sequence[str]] = None,
extensions: Optional[Any] = None,
external_id: Optional[str] = None,
external_last_updated_time_utc: Optional[str] = None,
external_references: Optional[Sequence[ThreatIntelligenceExternalReferenceArgs]] = None,
granular_markings: Optional[Sequence[ThreatIntelligenceGranularMarkingModelArgs]] = None,
indicator_types: Optional[Sequence[str]] = None,
kill_chain_phases: Optional[Sequence[ThreatIntelligenceKillChainPhaseArgs]] = None,
description: Optional[str] = None,
labels: Optional[Sequence[str]] = None,
language: Optional[str] = None,
confidence: Optional[int] = None,
modified: Optional[str] = None,
name: Optional[str] = None,
display_name: Optional[str] = None,
defanged: Optional[bool] = None,
parsed_pattern: Optional[Sequence[ThreatIntelligenceParsedPatternArgs]] = None,
pattern: Optional[str] = None,
pattern_type: Optional[str] = None,
pattern_version: Optional[str] = None,
created_by_ref: Optional[str] = None,
revoked: Optional[bool] = None,
source: Optional[str] = None,
threat_intelligence_tags: Optional[Sequence[str]] = None,
threat_types: Optional[Sequence[str]] = None,
valid_from: Optional[str] = None,
valid_until: Optional[str] = None,
created: Optional[str] = None)
func NewThreatIntelligenceIndicator(ctx *Context, name string, args ThreatIntelligenceIndicatorArgs, opts ...ResourceOption) (*ThreatIntelligenceIndicator, error)
public ThreatIntelligenceIndicator(string name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions? opts = null)
public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args)
public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:ThreatIntelligenceIndicator
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var threatIntelligenceIndicatorResource = new AzureNative.Securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", new()
{
Kind = "string",
WorkspaceName = "string",
ResourceGroupName = "string",
OperationalInsightsResourceProvider = "string",
LastUpdatedTimeUtc = "string",
ObjectMarkingRefs = new[]
{
"string",
},
Extensions = "any",
ExternalId = "string",
ExternalLastUpdatedTimeUtc = "string",
ExternalReferences = new[]
{
{
{ "description", "string" },
{ "externalId", "string" },
{ "hashes",
{
{ "string", "string" },
} },
{ "sourceName", "string" },
{ "url", "string" },
},
},
GranularMarkings = new[]
{
{
{ "language", "string" },
{ "markingRef", 0 },
{ "selectors", new[]
{
"string",
} },
},
},
IndicatorTypes = new[]
{
"string",
},
KillChainPhases = new[]
{
{
{ "killChainName", "string" },
{ "phaseName", "string" },
},
},
Description = "string",
Labels = new[]
{
"string",
},
Language = "string",
Confidence = 0,
Modified = "string",
Name = "string",
DisplayName = "string",
Defanged = false,
ParsedPattern = new[]
{
{
{ "patternTypeKey", "string" },
{ "patternTypeValues", new[]
{
{
{ "value", "string" },
{ "valueType", "string" },
},
} },
},
},
Pattern = "string",
PatternType = "string",
PatternVersion = "string",
CreatedByRef = "string",
Revoked = false,
Source = "string",
ThreatIntelligenceTags = new[]
{
"string",
},
ThreatTypes = new[]
{
"string",
},
ValidFrom = "string",
ValidUntil = "string",
Created = "string",
});
example, err := securityinsights.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicatorResource", &securityinsights.ThreatIntelligenceIndicatorArgs{
Kind: "string",
WorkspaceName: "string",
ResourceGroupName: "string",
OperationalInsightsResourceProvider: "string",
LastUpdatedTimeUtc: "string",
ObjectMarkingRefs: []string{
"string",
},
Extensions: "any",
ExternalId: "string",
ExternalLastUpdatedTimeUtc: "string",
ExternalReferences: []map[string]interface{}{
map[string]interface{}{
"description": "string",
"externalId": "string",
"hashes": map[string]interface{}{
"string": "string",
},
"sourceName": "string",
"url": "string",
},
},
GranularMarkings: []map[string]interface{}{
map[string]interface{}{
"language": "string",
"markingRef": 0,
"selectors": []string{
"string",
},
},
},
IndicatorTypes: []string{
"string",
},
KillChainPhases: []map[string]interface{}{
map[string]interface{}{
"killChainName": "string",
"phaseName": "string",
},
},
Description: "string",
Labels: []string{
"string",
},
Language: "string",
Confidence: 0,
Modified: "string",
Name: "string",
DisplayName: "string",
Defanged: false,
ParsedPattern: []map[string]interface{}{
map[string]interface{}{
"patternTypeKey": "string",
"patternTypeValues": []map[string]interface{}{
map[string]interface{}{
"value": "string",
"valueType": "string",
},
},
},
},
Pattern: "string",
PatternType: "string",
PatternVersion: "string",
CreatedByRef: "string",
Revoked: false,
Source: "string",
ThreatIntelligenceTags: []string{
"string",
},
ThreatTypes: []string{
"string",
},
ValidFrom: "string",
ValidUntil: "string",
Created: "string",
})
var threatIntelligenceIndicatorResource = new ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", ThreatIntelligenceIndicatorArgs.builder()
.kind("string")
.workspaceName("string")
.resourceGroupName("string")
.operationalInsightsResourceProvider("string")
.lastUpdatedTimeUtc("string")
.objectMarkingRefs("string")
.extensions("any")
.externalId("string")
.externalLastUpdatedTimeUtc("string")
.externalReferences(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.granularMarkings(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.indicatorTypes("string")
.killChainPhases(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.description("string")
.labels("string")
.language("string")
.confidence(0)
.modified("string")
.name("string")
.displayName("string")
.defanged(false)
.parsedPattern(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.pattern("string")
.patternType("string")
.patternVersion("string")
.createdByRef("string")
.revoked(false)
.source("string")
.threatIntelligenceTags("string")
.threatTypes("string")
.validFrom("string")
.validUntil("string")
.created("string")
.build());
threat_intelligence_indicator_resource = azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource",
kind=string,
workspace_name=string,
resource_group_name=string,
operational_insights_resource_provider=string,
last_updated_time_utc=string,
object_marking_refs=[string],
extensions=any,
external_id=string,
external_last_updated_time_utc=string,
external_references=[{
description: string,
externalId: string,
hashes: {
string: string,
},
sourceName: string,
url: string,
}],
granular_markings=[{
language: string,
markingRef: 0,
selectors: [string],
}],
indicator_types=[string],
kill_chain_phases=[{
killChainName: string,
phaseName: string,
}],
description=string,
labels=[string],
language=string,
confidence=0,
modified=string,
name=string,
display_name=string,
defanged=False,
parsed_pattern=[{
patternTypeKey: string,
patternTypeValues: [{
value: string,
valueType: string,
}],
}],
pattern=string,
pattern_type=string,
pattern_version=string,
created_by_ref=string,
revoked=False,
source=string,
threat_intelligence_tags=[string],
threat_types=[string],
valid_from=string,
valid_until=string,
created=string)
const threatIntelligenceIndicatorResource = new azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", {
kind: "string",
workspaceName: "string",
resourceGroupName: "string",
operationalInsightsResourceProvider: "string",
lastUpdatedTimeUtc: "string",
objectMarkingRefs: ["string"],
extensions: "any",
externalId: "string",
externalLastUpdatedTimeUtc: "string",
externalReferences: [{
description: "string",
externalId: "string",
hashes: {
string: "string",
},
sourceName: "string",
url: "string",
}],
granularMarkings: [{
language: "string",
markingRef: 0,
selectors: ["string"],
}],
indicatorTypes: ["string"],
killChainPhases: [{
killChainName: "string",
phaseName: "string",
}],
description: "string",
labels: ["string"],
language: "string",
confidence: 0,
modified: "string",
name: "string",
displayName: "string",
defanged: false,
parsedPattern: [{
patternTypeKey: "string",
patternTypeValues: [{
value: "string",
valueType: "string",
}],
}],
pattern: "string",
patternType: "string",
patternVersion: "string",
createdByRef: "string",
revoked: false,
source: "string",
threatIntelligenceTags: ["string"],
threatTypes: ["string"],
validFrom: "string",
validUntil: "string",
created: "string",
});
type: azure-native:securityinsights:ThreatIntelligenceIndicator
properties:
confidence: 0
created: string
createdByRef: string
defanged: false
description: string
displayName: string
extensions: any
externalId: string
externalLastUpdatedTimeUtc: string
externalReferences:
- description: string
externalId: string
hashes:
string: string
sourceName: string
url: string
granularMarkings:
- language: string
markingRef: 0
selectors:
- string
indicatorTypes:
- string
killChainPhases:
- killChainName: string
phaseName: string
kind: string
labels:
- string
language: string
lastUpdatedTimeUtc: string
modified: string
name: string
objectMarkingRefs:
- string
operationalInsightsResourceProvider: string
parsedPattern:
- patternTypeKey: string
patternTypeValues:
- value: string
valueType: string
pattern: string
patternType: string
patternVersion: string
resourceGroupName: string
revoked: false
source: string
threatIntelligenceTags:
- string
threatTypes:
- string
validFrom: string
validUntil: string
workspaceName: string
ThreatIntelligenceIndicator Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ThreatIntelligenceIndicator resource accepts the following input properties:
- Kind
string | Pulumi.
Azure Native. Security Insights. Threat Intelligence Resource Kind - The kind of the entity.
- Operational
Insights stringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- Resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- Workspace
Name string - The name of the workspace.
- Confidence int
- Confidence of threat intelligence entity
- Created string
- Created by
- Created
By stringRef - Created by reference of threat intelligence entity
- Defanged bool
- Is threat intelligence entity defanged
- Description string
- Description of a threat intelligence entity
- Display
Name string - Display name of a threat intelligence entity
- Extensions object
- Extensions map
- External
Id string - External ID of threat intelligence entity
- External
Last stringUpdated Time Utc - External last updated time in UTC
- External
References List<Pulumi.Azure Native. Security Insights. Inputs. Threat Intelligence External Reference> - External References
- Granular
Markings List<Pulumi.Azure Native. Security Insights. Inputs. Threat Intelligence Granular Marking Model> - Granular Markings
- Indicator
Types List<string> - Indicator types of threat intelligence entities
- Kill
Chain List<Pulumi.Phases Azure Native. Security Insights. Inputs. Threat Intelligence Kill Chain Phase> - Kill chain phases
- Labels List<string>
- Labels of threat intelligence entity
- Language string
- Language of threat intelligence entity
- Last
Updated stringTime Utc - Last updated time in UTC
- Modified string
- Modified by
- Name string
- Threat intelligence indicator name field.
- Object
Marking List<string>Refs - Threat intelligence entity object marking references
- Parsed
Pattern List<Pulumi.Azure Native. Security Insights. Inputs. Threat Intelligence Parsed Pattern> - Parsed patterns
- Pattern string
- Pattern of a threat intelligence entity
- Pattern
Type string - Pattern type of a threat intelligence entity
- Pattern
Version string - Pattern version of a threat intelligence entity
- Revoked bool
- Is threat intelligence entity revoked
- Source string
- Source of a threat intelligence entity
- List<string>
- List of tags
- Threat
Types List<string> - Threat types
- Valid
From string - Valid from
- Valid
Until string - Valid until
- Kind
string | Threat
Intelligence Resource Kind - The kind of the entity.
- Operational
Insights stringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- Resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- Workspace
Name string - The name of the workspace.
- Confidence int
- Confidence of threat intelligence entity
- Created string
- Created by
- Created
By stringRef - Created by reference of threat intelligence entity
- Defanged bool
- Is threat intelligence entity defanged
- Description string
- Description of a threat intelligence entity
- Display
Name string - Display name of a threat intelligence entity
- Extensions interface{}
- Extensions map
- External
Id string - External ID of threat intelligence entity
- External
Last stringUpdated Time Utc - External last updated time in UTC
- External
References []ThreatIntelligence External Reference Args - External References
- Granular
Markings []ThreatIntelligence Granular Marking Model Args - Granular Markings
- Indicator
Types []string - Indicator types of threat intelligence entities
- Kill
Chain []ThreatPhases Intelligence Kill Chain Phase Args - Kill chain phases
- Labels []string
- Labels of threat intelligence entity
- Language string
- Language of threat intelligence entity
- Last
Updated stringTime Utc - Last updated time in UTC
- Modified string
- Modified by
- Name string
- Threat intelligence indicator name field.
- Object
Marking []stringRefs - Threat intelligence entity object marking references
- Parsed
Pattern []ThreatIntelligence Parsed Pattern Args - Parsed patterns
- Pattern string
- Pattern of a threat intelligence entity
- Pattern
Type string - Pattern type of a threat intelligence entity
- Pattern
Version string - Pattern version of a threat intelligence entity
- Revoked bool
- Is threat intelligence entity revoked
- Source string
- Source of a threat intelligence entity
- []string
- List of tags
- Threat
Types []string - Threat types
- Valid
From string - Valid from
- Valid
Until string - Valid until
- kind
String | Threat
Intelligence Resource Kind - The kind of the entity.
- operational
Insights StringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- resource
Group StringName - The name of the resource group within the user's subscription. The name is case insensitive.
- workspace
Name String - The name of the workspace.
- confidence Integer
- Confidence of threat intelligence entity
- created String
- Created by
- created
By StringRef - Created by reference of threat intelligence entity
- defanged Boolean
- Is threat intelligence entity defanged
- description String
- Description of a threat intelligence entity
- display
Name String - Display name of a threat intelligence entity
- extensions Object
- Extensions map
- external
Id String - External ID of threat intelligence entity
- external
Last StringUpdated Time Utc - External last updated time in UTC
- external
References List<ThreatIntelligence External Reference> - External References
- granular
Markings List<ThreatIntelligence Granular Marking Model> - Granular Markings
- indicator
Types List<String> - Indicator types of threat intelligence entities
- kill
Chain List<ThreatPhases Intelligence Kill Chain Phase> - Kill chain phases
- labels List<String>
- Labels of threat intelligence entity
- language String
- Language of threat intelligence entity
- last
Updated StringTime Utc - Last updated time in UTC
- modified String
- Modified by
- name String
- Threat intelligence indicator name field.
- object
Marking List<String>Refs - Threat intelligence entity object marking references
- parsed
Pattern List<ThreatIntelligence Parsed Pattern> - Parsed patterns
- pattern String
- Pattern of a threat intelligence entity
- pattern
Type String - Pattern type of a threat intelligence entity
- pattern
Version String - Pattern version of a threat intelligence entity
- revoked Boolean
- Is threat intelligence entity revoked
- source String
- Source of a threat intelligence entity
- List<String>
- List of tags
- threat
Types List<String> - Threat types
- valid
From String - Valid from
- valid
Until String - Valid until
- kind
string | Threat
Intelligence Resource Kind - The kind of the entity.
- operational
Insights stringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- workspace
Name string - The name of the workspace.
- confidence number
- Confidence of threat intelligence entity
- created string
- Created by
- created
By stringRef - Created by reference of threat intelligence entity
- defanged boolean
- Is threat intelligence entity defanged
- description string
- Description of a threat intelligence entity
- display
Name string - Display name of a threat intelligence entity
- extensions any
- Extensions map
- external
Id string - External ID of threat intelligence entity
- external
Last stringUpdated Time Utc - External last updated time in UTC
- external
References ThreatIntelligence External Reference[] - External References
- granular
Markings ThreatIntelligence Granular Marking Model[] - Granular Markings
- indicator
Types string[] - Indicator types of threat intelligence entities
- kill
Chain ThreatPhases Intelligence Kill Chain Phase[] - Kill chain phases
- labels string[]
- Labels of threat intelligence entity
- language string
- Language of threat intelligence entity
- last
Updated stringTime Utc - Last updated time in UTC
- modified string
- Modified by
- name string
- Threat intelligence indicator name field.
- object
Marking string[]Refs - Threat intelligence entity object marking references
- parsed
Pattern ThreatIntelligence Parsed Pattern[] - Parsed patterns
- pattern string
- Pattern of a threat intelligence entity
- pattern
Type string - Pattern type of a threat intelligence entity
- pattern
Version string - Pattern version of a threat intelligence entity
- revoked boolean
- Is threat intelligence entity revoked
- source string
- Source of a threat intelligence entity
- string[]
- List of tags
- threat
Types string[] - Threat types
- valid
From string - Valid from
- valid
Until string - Valid until
- kind
str | Threat
Intelligence Resource Kind - The kind of the entity.
- operational_
insights_ strresource_ provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- resource_
group_ strname - The name of the resource group within the user's subscription. The name is case insensitive.
- workspace_
name str - The name of the workspace.
- confidence int
- Confidence of threat intelligence entity
- created str
- Created by
- created_
by_ strref - Created by reference of threat intelligence entity
- defanged bool
- Is threat intelligence entity defanged
- description str
- Description of a threat intelligence entity
- display_
name str - Display name of a threat intelligence entity
- extensions Any
- Extensions map
- external_
id str - External ID of threat intelligence entity
- external_
last_ strupdated_ time_ utc - External last updated time in UTC
- external_
references Sequence[ThreatIntelligence External Reference Args] - External References
- granular_
markings Sequence[ThreatIntelligence Granular Marking Model Args] - Granular Markings
- indicator_
types Sequence[str] - Indicator types of threat intelligence entities
- kill_
chain_ Sequence[Threatphases Intelligence Kill Chain Phase Args] - Kill chain phases
- labels Sequence[str]
- Labels of threat intelligence entity
- language str
- Language of threat intelligence entity
- last_
updated_ strtime_ utc - Last updated time in UTC
- modified str
- Modified by
- name str
- Threat intelligence indicator name field.
- object_
marking_ Sequence[str]refs - Threat intelligence entity object marking references
- parsed_
pattern Sequence[ThreatIntelligence Parsed Pattern Args] - Parsed patterns
- pattern str
- Pattern of a threat intelligence entity
- pattern_
type str - Pattern type of a threat intelligence entity
- pattern_
version str - Pattern version of a threat intelligence entity
- revoked bool
- Is threat intelligence entity revoked
- source str
- Source of a threat intelligence entity
- Sequence[str]
- List of tags
- threat_
types Sequence[str] - Threat types
- valid_
from str - Valid from
- valid_
until str - Valid until
- kind String | "indicator"
- The kind of the entity.
- operational
Insights StringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- resource
Group StringName - The name of the resource group within the user's subscription. The name is case insensitive.
- workspace
Name String - The name of the workspace.
- confidence Number
- Confidence of threat intelligence entity
- created String
- Created by
- created
By StringRef - Created by reference of threat intelligence entity
- defanged Boolean
- Is threat intelligence entity defanged
- description String
- Description of a threat intelligence entity
- display
Name String - Display name of a threat intelligence entity
- extensions Any
- Extensions map
- external
Id String - External ID of threat intelligence entity
- external
Last StringUpdated Time Utc - External last updated time in UTC
- external
References List<Property Map> - External References
- granular
Markings List<Property Map> - Granular Markings
- indicator
Types List<String> - Indicator types of threat intelligence entities
- kill
Chain List<Property Map>Phases - Kill chain phases
- labels List<String>
- Labels of threat intelligence entity
- language String
- Language of threat intelligence entity
- last
Updated StringTime Utc - Last updated time in UTC
- modified String
- Modified by
- name String
- Threat intelligence indicator name field.
- object
Marking List<String>Refs - Threat intelligence entity object marking references
- parsed
Pattern List<Property Map> - Parsed patterns
- pattern String
- Pattern of a threat intelligence entity
- pattern
Type String - Pattern type of a threat intelligence entity
- pattern
Version String - Pattern version of a threat intelligence entity
- revoked Boolean
- Is threat intelligence entity revoked
- source String
- Source of a threat intelligence entity
- List<String>
- List of tags
- threat
Types List<String> - Threat types
- valid
From String - Valid from
- valid
Until String - Valid until
Outputs
All input properties are implicitly available as output properties. Additionally, the ThreatIntelligenceIndicator resource produces the following output properties:
Supporting Types
ThreatIntelligenceExternalReference, ThreatIntelligenceExternalReferenceArgs
- Description string
- External reference description
- External
Id string - External reference ID
- Hashes Dictionary<string, string>
- External reference hashes
- Source
Name string - External reference source name
- Url string
- External reference URL
- Description string
- External reference description
- External
Id string - External reference ID
- Hashes map[string]string
- External reference hashes
- Source
Name string - External reference source name
- Url string
- External reference URL
- description String
- External reference description
- external
Id String - External reference ID
- hashes Map<String,String>
- External reference hashes
- source
Name String - External reference source name
- url String
- External reference URL
- description string
- External reference description
- external
Id string - External reference ID
- hashes {[key: string]: string}
- External reference hashes
- source
Name string - External reference source name
- url string
- External reference URL
- description str
- External reference description
- external_
id str - External reference ID
- hashes Mapping[str, str]
- External reference hashes
- source_
name str - External reference source name
- url str
- External reference URL
- description String
- External reference description
- external
Id String - External reference ID
- hashes Map<String>
- External reference hashes
- source
Name String - External reference source name
- url String
- External reference URL
ThreatIntelligenceGranularMarkingModel, ThreatIntelligenceGranularMarkingModelArgs
- Language string
- Language granular marking model
- Marking
Ref int - marking reference granular marking model
- Selectors List<string>
- granular marking model selectors
- Language string
- Language granular marking model
- Marking
Ref int - marking reference granular marking model
- Selectors []string
- granular marking model selectors
- language String
- Language granular marking model
- marking
Ref Integer - marking reference granular marking model
- selectors List<String>
- granular marking model selectors
- language string
- Language granular marking model
- marking
Ref number - marking reference granular marking model
- selectors string[]
- granular marking model selectors
- language str
- Language granular marking model
- marking_
ref int - marking reference granular marking model
- selectors Sequence[str]
- granular marking model selectors
- language String
- Language granular marking model
- marking
Ref Number - marking reference granular marking model
- selectors List<String>
- granular marking model selectors
ThreatIntelligenceKillChainPhase, ThreatIntelligenceKillChainPhaseArgs
- Kill
Chain stringName - Kill chainName name
- Phase
Name string - Phase name
- Kill
Chain stringName - Kill chainName name
- Phase
Name string - Phase name
- kill
Chain StringName - Kill chainName name
- phase
Name String - Phase name
- kill
Chain stringName - Kill chainName name
- phase
Name string - Phase name
- kill_
chain_ strname - Kill chainName name
- phase_
name str - Phase name
- kill
Chain StringName - Kill chainName name
- phase
Name String - Phase name
ThreatIntelligenceParsedPattern, ThreatIntelligenceParsedPatternArgs
- Pattern
Type stringKey - Pattern type key
- Pattern
Type List<Pulumi.Values Azure Native. Security Insights. Inputs. Threat Intelligence Parsed Pattern Type Value> - Pattern type keys
- Pattern
Type stringKey - Pattern type key
- Pattern
Type []ThreatValues Intelligence Parsed Pattern Type Value - Pattern type keys
- pattern
Type StringKey - Pattern type key
- pattern
Type List<ThreatValues Intelligence Parsed Pattern Type Value> - Pattern type keys
- pattern
Type stringKey - Pattern type key
- pattern
Type ThreatValues Intelligence Parsed Pattern Type Value[] - Pattern type keys
- pattern_
type_ strkey - Pattern type key
- pattern_
type_ Sequence[Threatvalues Intelligence Parsed Pattern Type Value] - Pattern type keys
- pattern
Type StringKey - Pattern type key
- pattern
Type List<Property Map>Values - Pattern type keys
ThreatIntelligenceParsedPatternTypeValue, ThreatIntelligenceParsedPatternTypeValueArgs
- value str
- Value of parsed pattern
- value_
type str - Type of the value
ThreatIntelligenceResourceKind, ThreatIntelligenceResourceKindArgs
- Indicator
- indicatorEntity represents threat intelligence indicator in the system.
- Threat
Intelligence Resource Kind Indicator - indicatorEntity represents threat intelligence indicator in the system.
- Indicator
- indicatorEntity represents threat intelligence indicator in the system.
- Indicator
- indicatorEntity represents threat intelligence indicator in the system.
- INDICATOR
- indicatorEntity represents threat intelligence indicator in the system.
- "indicator"
- indicatorEntity represents threat intelligence indicator in the system.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:ThreatIntelligenceIndicator 180105c7-a28d-b1a2-4a78-234f6ec80fd6 /subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v1 pulumi/pulumi-azure-native
- License
- Apache-2.0