1. Packages
  2. Azure Native
  3. API Docs
  4. securityinsights
  5. ThreatIntelligenceIndicator
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

azure-native.securityinsights.ThreatIntelligenceIndicator

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Threat intelligence information object. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2019-01-01-preview.

    Other available API versions: 2021-04-01, 2021-09-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01, 2024-04-01-preview.

    Example Usage

    Update a threat Intelligence indicator

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var threatIntelligenceIndicator = new AzureNative.SecurityInsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator", new()
        {
            Confidence = 78,
            CreatedByRef = "contoso@contoso.com",
            Description = "debugging indicators",
            DisplayName = "new schema",
            ExternalReferences = new[] {},
            GranularMarkings = new[] {},
            KillChainPhases = new[] {},
            Kind = "indicator",
            Labels = new[] {},
            Modified = "",
            Name = "d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
            Pattern = "[url:value = 'https://www.contoso.com']",
            PatternType = "url",
            ResourceGroupName = "myRg",
            Revoked = false,
            Source = "Azure Sentinel",
            ThreatIntelligenceTags = new[]
            {
                "new schema",
            },
            ThreatTypes = new[]
            {
                "compromised",
            },
            ValidFrom = "2020-04-15T17:44:00.114052Z",
            ValidUntil = "",
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicator", &securityinsights.ThreatIntelligenceIndicatorArgs{
    			Confidence:         pulumi.Int(78),
    			CreatedByRef:       pulumi.String("contoso@contoso.com"),
    			Description:        pulumi.String("debugging indicators"),
    			DisplayName:        pulumi.String("new schema"),
    			ExternalReferences: securityinsights.ThreatIntelligenceExternalReferenceArray{},
    			GranularMarkings:   securityinsights.ThreatIntelligenceGranularMarkingModelArray{},
    			KillChainPhases:    securityinsights.ThreatIntelligenceKillChainPhaseArray{},
    			Kind:               pulumi.String("indicator"),
    			Labels:             pulumi.StringArray{},
    			Modified:           pulumi.String(""),
    			Name:               pulumi.String("d9cd6f0b-96b9-3984-17cd-a779d1e15a93"),
    			Pattern:            pulumi.String("[url:value = 'https://www.contoso.com']"),
    			PatternType:        pulumi.String("url"),
    			ResourceGroupName:  pulumi.String("myRg"),
    			Revoked:            pulumi.Bool(false),
    			Source:             pulumi.String("Azure Sentinel"),
    			ThreatIntelligenceTags: pulumi.StringArray{
    				pulumi.String("new schema"),
    			},
    			ThreatTypes: pulumi.StringArray{
    				pulumi.String("compromised"),
    			},
    			ValidFrom:     pulumi.String("2020-04-15T17:44:00.114052Z"),
    			ValidUntil:    pulumi.String(""),
    			WorkspaceName: pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicator;
    import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicatorArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var threatIntelligenceIndicator = new ThreatIntelligenceIndicator("threatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()
                .confidence(78)
                .createdByRef("contoso@contoso.com")
                .description("debugging indicators")
                .displayName("new schema")
                .externalReferences()
                .granularMarkings()
                .killChainPhases()
                .kind("indicator")
                .labels()
                .modified("")
                .name("d9cd6f0b-96b9-3984-17cd-a779d1e15a93")
                .pattern("[url:value = 'https://www.contoso.com']")
                .patternType("url")
                .resourceGroupName("myRg")
                .revoked(false)
                .source("Azure Sentinel")
                .threatIntelligenceTags("new schema")
                .threatTypes("compromised")
                .validFrom("2020-04-15T17:44:00.114052Z")
                .validUntil("")
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    threat_intelligence_indicator = azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator",
        confidence=78,
        created_by_ref="contoso@contoso.com",
        description="debugging indicators",
        display_name="new schema",
        external_references=[],
        granular_markings=[],
        kill_chain_phases=[],
        kind="indicator",
        labels=[],
        modified="",
        name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
        pattern="[url:value = 'https://www.contoso.com']",
        pattern_type="url",
        resource_group_name="myRg",
        revoked=False,
        source="Azure Sentinel",
        threat_intelligence_tags=["new schema"],
        threat_types=["compromised"],
        valid_from="2020-04-15T17:44:00.114052Z",
        valid_until="",
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const threatIntelligenceIndicator = new azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator", {
        confidence: 78,
        createdByRef: "contoso@contoso.com",
        description: "debugging indicators",
        displayName: "new schema",
        externalReferences: [],
        granularMarkings: [],
        killChainPhases: [],
        kind: "indicator",
        labels: [],
        modified: "",
        name: "d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
        pattern: "[url:value = 'https://www.contoso.com']",
        patternType: "url",
        resourceGroupName: "myRg",
        revoked: false,
        source: "Azure Sentinel",
        threatIntelligenceTags: ["new schema"],
        threatTypes: ["compromised"],
        validFrom: "2020-04-15T17:44:00.114052Z",
        validUntil: "",
        workspaceName: "myWorkspace",
    });
    
    resources:
      threatIntelligenceIndicator:
        type: azure-native:securityinsights:ThreatIntelligenceIndicator
        properties:
          confidence: 78
          createdByRef: contoso@contoso.com
          description: debugging indicators
          displayName: new schema
          externalReferences: []
          granularMarkings: []
          killChainPhases: []
          kind: indicator
          labels: []
          modified:
          name: d9cd6f0b-96b9-3984-17cd-a779d1e15a93
          pattern: '[url:value = ''https://www.contoso.com'']'
          patternType: url
          resourceGroupName: myRg
          revoked: false
          source: Azure Sentinel
          threatIntelligenceTags:
            - new schema
          threatTypes:
            - compromised
          validFrom: 2020-04-15T17:44:00.114052Z
          validUntil:
          workspaceName: myWorkspace
    

    Create ThreatIntelligenceIndicator Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ThreatIntelligenceIndicator(name: string, args: ThreatIntelligenceIndicatorArgs, opts?: CustomResourceOptions);
    @overload
    def ThreatIntelligenceIndicator(resource_name: str,
                                    args: ThreatIntelligenceIndicatorArgs,
                                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def ThreatIntelligenceIndicator(resource_name: str,
                                    opts: Optional[ResourceOptions] = None,
                                    workspace_name: Optional[str] = None,
                                    resource_group_name: Optional[str] = None,
                                    external_last_updated_time_utc: Optional[str] = None,
                                    external_id: Optional[str] = None,
                                    modified: Optional[str] = None,
                                    extensions: Optional[Any] = None,
                                    name: Optional[str] = None,
                                    confidence: Optional[int] = None,
                                    external_references: Optional[Sequence[ThreatIntelligenceExternalReferenceArgs]] = None,
                                    granular_markings: Optional[Sequence[ThreatIntelligenceGranularMarkingModelArgs]] = None,
                                    indicator_types: Optional[Sequence[str]] = None,
                                    kill_chain_phases: Optional[Sequence[ThreatIntelligenceKillChainPhaseArgs]] = None,
                                    defanged: Optional[bool] = None,
                                    object_marking_refs: Optional[Sequence[str]] = None,
                                    language: Optional[str] = None,
                                    last_updated_time_utc: Optional[str] = None,
                                    display_name: Optional[str] = None,
                                    description: Optional[str] = None,
                                    labels: Optional[Sequence[str]] = None,
                                    parsed_pattern: Optional[Sequence[ThreatIntelligenceParsedPatternArgs]] = None,
                                    pattern: Optional[str] = None,
                                    pattern_type: Optional[str] = None,
                                    pattern_version: Optional[str] = None,
                                    created_by_ref: Optional[str] = None,
                                    revoked: Optional[bool] = None,
                                    source: Optional[str] = None,
                                    threat_intelligence_tags: Optional[Sequence[str]] = None,
                                    threat_types: Optional[Sequence[str]] = None,
                                    valid_from: Optional[str] = None,
                                    valid_until: Optional[str] = None,
                                    created: Optional[str] = None)
    func NewThreatIntelligenceIndicator(ctx *Context, name string, args ThreatIntelligenceIndicatorArgs, opts ...ResourceOption) (*ThreatIntelligenceIndicator, error)
    public ThreatIntelligenceIndicator(string name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions? opts = null)
    public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args)
    public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions options)
    
    type: azure-native:securityinsights:ThreatIntelligenceIndicator
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var threatIntelligenceIndicatorResource = new AzureNative.SecurityInsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", new()
    {
        Kind = "string",
        WorkspaceName = "string",
        ResourceGroupName = "string",
        ExternalLastUpdatedTimeUtc = "string",
        ExternalId = "string",
        Modified = "string",
        Extensions = "any",
        Name = "string",
        Confidence = 0,
        ExternalReferences = new[]
        {
            new AzureNative.SecurityInsights.Inputs.ThreatIntelligenceExternalReferenceArgs
            {
                Description = "string",
                ExternalId = "string",
                Hashes = 
                {
                    { "string", "string" },
                },
                SourceName = "string",
                Url = "string",
            },
        },
        GranularMarkings = new[]
        {
            new AzureNative.SecurityInsights.Inputs.ThreatIntelligenceGranularMarkingModelArgs
            {
                Language = "string",
                MarkingRef = 0,
                Selectors = new[]
                {
                    "string",
                },
            },
        },
        IndicatorTypes = new[]
        {
            "string",
        },
        KillChainPhases = new[]
        {
            new AzureNative.SecurityInsights.Inputs.ThreatIntelligenceKillChainPhaseArgs
            {
                KillChainName = "string",
                PhaseName = "string",
            },
        },
        Defanged = false,
        ObjectMarkingRefs = new[]
        {
            "string",
        },
        Language = "string",
        LastUpdatedTimeUtc = "string",
        DisplayName = "string",
        Description = "string",
        Labels = new[]
        {
            "string",
        },
        ParsedPattern = new[]
        {
            new AzureNative.SecurityInsights.Inputs.ThreatIntelligenceParsedPatternArgs
            {
                PatternTypeKey = "string",
                PatternTypeValues = new[]
                {
                    new AzureNative.SecurityInsights.Inputs.ThreatIntelligenceParsedPatternTypeValueArgs
                    {
                        Value = "string",
                        ValueType = "string",
                    },
                },
            },
        },
        Pattern = "string",
        PatternType = "string",
        PatternVersion = "string",
        CreatedByRef = "string",
        Revoked = false,
        Source = "string",
        ThreatIntelligenceTags = new[]
        {
            "string",
        },
        ThreatTypes = new[]
        {
            "string",
        },
        ValidFrom = "string",
        ValidUntil = "string",
        Created = "string",
    });
    
    example, err := securityinsights.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicatorResource", &securityinsights.ThreatIntelligenceIndicatorArgs{
    	Kind:                       pulumi.String("string"),
    	WorkspaceName:              pulumi.String("string"),
    	ResourceGroupName:          pulumi.String("string"),
    	ExternalLastUpdatedTimeUtc: pulumi.String("string"),
    	ExternalId:                 pulumi.String("string"),
    	Modified:                   pulumi.String("string"),
    	Extensions:                 pulumi.Any("any"),
    	Name:                       pulumi.String("string"),
    	Confidence:                 pulumi.Int(0),
    	ExternalReferences: securityinsights.ThreatIntelligenceExternalReferenceArray{
    		&securityinsights.ThreatIntelligenceExternalReferenceArgs{
    			Description: pulumi.String("string"),
    			ExternalId:  pulumi.String("string"),
    			Hashes: pulumi.StringMap{
    				"string": pulumi.String("string"),
    			},
    			SourceName: pulumi.String("string"),
    			Url:        pulumi.String("string"),
    		},
    	},
    	GranularMarkings: securityinsights.ThreatIntelligenceGranularMarkingModelArray{
    		&securityinsights.ThreatIntelligenceGranularMarkingModelArgs{
    			Language:   pulumi.String("string"),
    			MarkingRef: pulumi.Int(0),
    			Selectors: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	IndicatorTypes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	KillChainPhases: securityinsights.ThreatIntelligenceKillChainPhaseArray{
    		&securityinsights.ThreatIntelligenceKillChainPhaseArgs{
    			KillChainName: pulumi.String("string"),
    			PhaseName:     pulumi.String("string"),
    		},
    	},
    	Defanged: pulumi.Bool(false),
    	ObjectMarkingRefs: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Language:           pulumi.String("string"),
    	LastUpdatedTimeUtc: pulumi.String("string"),
    	DisplayName:        pulumi.String("string"),
    	Description:        pulumi.String("string"),
    	Labels: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ParsedPattern: securityinsights.ThreatIntelligenceParsedPatternArray{
    		&securityinsights.ThreatIntelligenceParsedPatternArgs{
    			PatternTypeKey: pulumi.String("string"),
    			PatternTypeValues: securityinsights.ThreatIntelligenceParsedPatternTypeValueArray{
    				&securityinsights.ThreatIntelligenceParsedPatternTypeValueArgs{
    					Value:     pulumi.String("string"),
    					ValueType: pulumi.String("string"),
    				},
    			},
    		},
    	},
    	Pattern:        pulumi.String("string"),
    	PatternType:    pulumi.String("string"),
    	PatternVersion: pulumi.String("string"),
    	CreatedByRef:   pulumi.String("string"),
    	Revoked:        pulumi.Bool(false),
    	Source:         pulumi.String("string"),
    	ThreatIntelligenceTags: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ThreatTypes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ValidFrom:  pulumi.String("string"),
    	ValidUntil: pulumi.String("string"),
    	Created:    pulumi.String("string"),
    })
    
    var threatIntelligenceIndicatorResource = new ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", ThreatIntelligenceIndicatorArgs.builder()
        .kind("string")
        .workspaceName("string")
        .resourceGroupName("string")
        .externalLastUpdatedTimeUtc("string")
        .externalId("string")
        .modified("string")
        .extensions("any")
        .name("string")
        .confidence(0)
        .externalReferences(ThreatIntelligenceExternalReferenceArgs.builder()
            .description("string")
            .externalId("string")
            .hashes(Map.of("string", "string"))
            .sourceName("string")
            .url("string")
            .build())
        .granularMarkings(ThreatIntelligenceGranularMarkingModelArgs.builder()
            .language("string")
            .markingRef(0)
            .selectors("string")
            .build())
        .indicatorTypes("string")
        .killChainPhases(ThreatIntelligenceKillChainPhaseArgs.builder()
            .killChainName("string")
            .phaseName("string")
            .build())
        .defanged(false)
        .objectMarkingRefs("string")
        .language("string")
        .lastUpdatedTimeUtc("string")
        .displayName("string")
        .description("string")
        .labels("string")
        .parsedPattern(ThreatIntelligenceParsedPatternArgs.builder()
            .patternTypeKey("string")
            .patternTypeValues(ThreatIntelligenceParsedPatternTypeValueArgs.builder()
                .value("string")
                .valueType("string")
                .build())
            .build())
        .pattern("string")
        .patternType("string")
        .patternVersion("string")
        .createdByRef("string")
        .revoked(false)
        .source("string")
        .threatIntelligenceTags("string")
        .threatTypes("string")
        .validFrom("string")
        .validUntil("string")
        .created("string")
        .build());
    
    threat_intelligence_indicator_resource = azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource",
        kind="string",
        workspace_name="string",
        resource_group_name="string",
        external_last_updated_time_utc="string",
        external_id="string",
        modified="string",
        extensions="any",
        name="string",
        confidence=0,
        external_references=[{
            "description": "string",
            "external_id": "string",
            "hashes": {
                "string": "string",
            },
            "source_name": "string",
            "url": "string",
        }],
        granular_markings=[{
            "language": "string",
            "marking_ref": 0,
            "selectors": ["string"],
        }],
        indicator_types=["string"],
        kill_chain_phases=[{
            "kill_chain_name": "string",
            "phase_name": "string",
        }],
        defanged=False,
        object_marking_refs=["string"],
        language="string",
        last_updated_time_utc="string",
        display_name="string",
        description="string",
        labels=["string"],
        parsed_pattern=[{
            "pattern_type_key": "string",
            "pattern_type_values": [{
                "value": "string",
                "value_type": "string",
            }],
        }],
        pattern="string",
        pattern_type="string",
        pattern_version="string",
        created_by_ref="string",
        revoked=False,
        source="string",
        threat_intelligence_tags=["string"],
        threat_types=["string"],
        valid_from="string",
        valid_until="string",
        created="string")
    
    const threatIntelligenceIndicatorResource = new azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", {
        kind: "string",
        workspaceName: "string",
        resourceGroupName: "string",
        externalLastUpdatedTimeUtc: "string",
        externalId: "string",
        modified: "string",
        extensions: "any",
        name: "string",
        confidence: 0,
        externalReferences: [{
            description: "string",
            externalId: "string",
            hashes: {
                string: "string",
            },
            sourceName: "string",
            url: "string",
        }],
        granularMarkings: [{
            language: "string",
            markingRef: 0,
            selectors: ["string"],
        }],
        indicatorTypes: ["string"],
        killChainPhases: [{
            killChainName: "string",
            phaseName: "string",
        }],
        defanged: false,
        objectMarkingRefs: ["string"],
        language: "string",
        lastUpdatedTimeUtc: "string",
        displayName: "string",
        description: "string",
        labels: ["string"],
        parsedPattern: [{
            patternTypeKey: "string",
            patternTypeValues: [{
                value: "string",
                valueType: "string",
            }],
        }],
        pattern: "string",
        patternType: "string",
        patternVersion: "string",
        createdByRef: "string",
        revoked: false,
        source: "string",
        threatIntelligenceTags: ["string"],
        threatTypes: ["string"],
        validFrom: "string",
        validUntil: "string",
        created: "string",
    });
    
    type: azure-native:securityinsights:ThreatIntelligenceIndicator
    properties:
        confidence: 0
        created: string
        createdByRef: string
        defanged: false
        description: string
        displayName: string
        extensions: any
        externalId: string
        externalLastUpdatedTimeUtc: string
        externalReferences:
            - description: string
              externalId: string
              hashes:
                string: string
              sourceName: string
              url: string
        granularMarkings:
            - language: string
              markingRef: 0
              selectors:
                - string
        indicatorTypes:
            - string
        killChainPhases:
            - killChainName: string
              phaseName: string
        kind: string
        labels:
            - string
        language: string
        lastUpdatedTimeUtc: string
        modified: string
        name: string
        objectMarkingRefs:
            - string
        parsedPattern:
            - patternTypeKey: string
              patternTypeValues:
                - value: string
                  valueType: string
        pattern: string
        patternType: string
        patternVersion: string
        resourceGroupName: string
        revoked: false
        source: string
        threatIntelligenceTags:
            - string
        threatTypes:
            - string
        validFrom: string
        validUntil: string
        workspaceName: string
    

    ThreatIntelligenceIndicator Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ThreatIntelligenceIndicator resource accepts the following input properties:

    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    WorkspaceName string
    The name of the workspace.
    Confidence int
    Confidence of threat intelligence entity
    Created string
    Created by
    CreatedByRef string
    Created by reference of threat intelligence entity
    Defanged bool
    Is threat intelligence entity defanged
    Description string
    Description of a threat intelligence entity
    DisplayName string
    Display name of a threat intelligence entity
    Extensions object
    Extensions map
    ExternalId string
    External ID of threat intelligence entity
    ExternalLastUpdatedTimeUtc string
    External last updated time in UTC
    ExternalReferences List<Pulumi.AzureNative.SecurityInsights.Inputs.ThreatIntelligenceExternalReference>
    External References
    GranularMarkings List<Pulumi.AzureNative.SecurityInsights.Inputs.ThreatIntelligenceGranularMarkingModel>
    Granular Markings
    IndicatorTypes List<string>
    Indicator types of threat intelligence entities
    KillChainPhases List<Pulumi.AzureNative.SecurityInsights.Inputs.ThreatIntelligenceKillChainPhase>
    Kill chain phases
    Labels List<string>
    Labels of threat intelligence entity
    Language string
    Language of threat intelligence entity
    LastUpdatedTimeUtc string
    Last updated time in UTC
    Modified string
    Modified by
    Name string
    Threat intelligence indicator name field.
    ObjectMarkingRefs List<string>
    Threat intelligence entity object marking references
    ParsedPattern List<Pulumi.AzureNative.SecurityInsights.Inputs.ThreatIntelligenceParsedPattern>
    Parsed patterns
    Pattern string
    Pattern of a threat intelligence entity
    PatternType string
    Pattern type of a threat intelligence entity
    PatternVersion string
    Pattern version of a threat intelligence entity
    Revoked bool
    Is threat intelligence entity revoked
    Source string
    Source of a threat intelligence entity
    ThreatIntelligenceTags List<string>
    List of tags
    ThreatTypes List<string>
    Threat types
    ValidFrom string
    Valid from
    ValidUntil string
    Valid until
    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    WorkspaceName string
    The name of the workspace.
    Confidence int
    Confidence of threat intelligence entity
    Created string
    Created by
    CreatedByRef string
    Created by reference of threat intelligence entity
    Defanged bool
    Is threat intelligence entity defanged
    Description string
    Description of a threat intelligence entity
    DisplayName string
    Display name of a threat intelligence entity
    Extensions interface{}
    Extensions map
    ExternalId string
    External ID of threat intelligence entity
    ExternalLastUpdatedTimeUtc string
    External last updated time in UTC
    ExternalReferences []ThreatIntelligenceExternalReferenceArgs
    External References
    GranularMarkings []ThreatIntelligenceGranularMarkingModelArgs
    Granular Markings
    IndicatorTypes []string
    Indicator types of threat intelligence entities
    KillChainPhases []ThreatIntelligenceKillChainPhaseArgs
    Kill chain phases
    Labels []string
    Labels of threat intelligence entity
    Language string
    Language of threat intelligence entity
    LastUpdatedTimeUtc string
    Last updated time in UTC
    Modified string
    Modified by
    Name string
    Threat intelligence indicator name field.
    ObjectMarkingRefs []string
    Threat intelligence entity object marking references
    ParsedPattern []ThreatIntelligenceParsedPatternArgs
    Parsed patterns
    Pattern string
    Pattern of a threat intelligence entity
    PatternType string
    Pattern type of a threat intelligence entity
    PatternVersion string
    Pattern version of a threat intelligence entity
    Revoked bool
    Is threat intelligence entity revoked
    Source string
    Source of a threat intelligence entity
    ThreatIntelligenceTags []string
    List of tags
    ThreatTypes []string
    Threat types
    ValidFrom string
    Valid from
    ValidUntil string
    Valid until
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    workspaceName String
    The name of the workspace.
    confidence Integer
    Confidence of threat intelligence entity
    created String
    Created by
    createdByRef String
    Created by reference of threat intelligence entity
    defanged Boolean
    Is threat intelligence entity defanged
    description String
    Description of a threat intelligence entity
    displayName String
    Display name of a threat intelligence entity
    extensions Object
    Extensions map
    externalId String
    External ID of threat intelligence entity
    externalLastUpdatedTimeUtc String
    External last updated time in UTC
    externalReferences List<ThreatIntelligenceExternalReference>
    External References
    granularMarkings List<ThreatIntelligenceGranularMarkingModel>
    Granular Markings
    indicatorTypes List<String>
    Indicator types of threat intelligence entities
    killChainPhases List<ThreatIntelligenceKillChainPhase>
    Kill chain phases
    labels List<String>
    Labels of threat intelligence entity
    language String
    Language of threat intelligence entity
    lastUpdatedTimeUtc String
    Last updated time in UTC
    modified String
    Modified by
    name String
    Threat intelligence indicator name field.
    objectMarkingRefs List<String>
    Threat intelligence entity object marking references
    parsedPattern List<ThreatIntelligenceParsedPattern>
    Parsed patterns
    pattern String
    Pattern of a threat intelligence entity
    patternType String
    Pattern type of a threat intelligence entity
    patternVersion String
    Pattern version of a threat intelligence entity
    revoked Boolean
    Is threat intelligence entity revoked
    source String
    Source of a threat intelligence entity
    threatIntelligenceTags List<String>
    List of tags
    threatTypes List<String>
    Threat types
    validFrom String
    Valid from
    validUntil String
    Valid until
    resourceGroupName string
    The name of the resource group. The name is case insensitive.
    workspaceName string
    The name of the workspace.
    confidence number
    Confidence of threat intelligence entity
    created string
    Created by
    createdByRef string
    Created by reference of threat intelligence entity
    defanged boolean
    Is threat intelligence entity defanged
    description string
    Description of a threat intelligence entity
    displayName string
    Display name of a threat intelligence entity
    extensions any
    Extensions map
    externalId string
    External ID of threat intelligence entity
    externalLastUpdatedTimeUtc string
    External last updated time in UTC
    externalReferences ThreatIntelligenceExternalReference[]
    External References
    granularMarkings ThreatIntelligenceGranularMarkingModel[]
    Granular Markings
    indicatorTypes string[]
    Indicator types of threat intelligence entities
    killChainPhases ThreatIntelligenceKillChainPhase[]
    Kill chain phases
    labels string[]
    Labels of threat intelligence entity
    language string
    Language of threat intelligence entity
    lastUpdatedTimeUtc string
    Last updated time in UTC
    modified string
    Modified by
    name string
    Threat intelligence indicator name field.
    objectMarkingRefs string[]
    Threat intelligence entity object marking references
    parsedPattern ThreatIntelligenceParsedPattern[]
    Parsed patterns
    pattern string
    Pattern of a threat intelligence entity
    patternType string
    Pattern type of a threat intelligence entity
    patternVersion string
    Pattern version of a threat intelligence entity
    revoked boolean
    Is threat intelligence entity revoked
    source string
    Source of a threat intelligence entity
    threatIntelligenceTags string[]
    List of tags
    threatTypes string[]
    Threat types
    validFrom string
    Valid from
    validUntil string
    Valid until
    resource_group_name str
    The name of the resource group. The name is case insensitive.
    workspace_name str
    The name of the workspace.
    confidence int
    Confidence of threat intelligence entity
    created str
    Created by
    created_by_ref str
    Created by reference of threat intelligence entity
    defanged bool
    Is threat intelligence entity defanged
    description str
    Description of a threat intelligence entity
    display_name str
    Display name of a threat intelligence entity
    extensions Any
    Extensions map
    external_id str
    External ID of threat intelligence entity
    external_last_updated_time_utc str
    External last updated time in UTC
    external_references Sequence[ThreatIntelligenceExternalReferenceArgs]
    External References
    granular_markings Sequence[ThreatIntelligenceGranularMarkingModelArgs]
    Granular Markings
    indicator_types Sequence[str]
    Indicator types of threat intelligence entities
    kill_chain_phases Sequence[ThreatIntelligenceKillChainPhaseArgs]
    Kill chain phases
    labels Sequence[str]
    Labels of threat intelligence entity
    language str
    Language of threat intelligence entity
    last_updated_time_utc str
    Last updated time in UTC
    modified str
    Modified by
    name str
    Threat intelligence indicator name field.
    object_marking_refs Sequence[str]
    Threat intelligence entity object marking references
    parsed_pattern Sequence[ThreatIntelligenceParsedPatternArgs]
    Parsed patterns
    pattern str
    Pattern of a threat intelligence entity
    pattern_type str
    Pattern type of a threat intelligence entity
    pattern_version str
    Pattern version of a threat intelligence entity
    revoked bool
    Is threat intelligence entity revoked
    source str
    Source of a threat intelligence entity
    threat_intelligence_tags Sequence[str]
    List of tags
    threat_types Sequence[str]
    Threat types
    valid_from str
    Valid from
    valid_until str
    Valid until
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    workspaceName String
    The name of the workspace.
    confidence Number
    Confidence of threat intelligence entity
    created String
    Created by
    createdByRef String
    Created by reference of threat intelligence entity
    defanged Boolean
    Is threat intelligence entity defanged
    description String
    Description of a threat intelligence entity
    displayName String
    Display name of a threat intelligence entity
    extensions Any
    Extensions map
    externalId String
    External ID of threat intelligence entity
    externalLastUpdatedTimeUtc String
    External last updated time in UTC
    externalReferences List<Property Map>
    External References
    granularMarkings List<Property Map>
    Granular Markings
    indicatorTypes List<String>
    Indicator types of threat intelligence entities
    killChainPhases List<Property Map>
    Kill chain phases
    labels List<String>
    Labels of threat intelligence entity
    language String
    Language of threat intelligence entity
    lastUpdatedTimeUtc String
    Last updated time in UTC
    modified String
    Modified by
    name String
    Threat intelligence indicator name field.
    objectMarkingRefs List<String>
    Threat intelligence entity object marking references
    parsedPattern List<Property Map>
    Parsed patterns
    pattern String
    Pattern of a threat intelligence entity
    patternType String
    Pattern type of a threat intelligence entity
    patternVersion String
    Pattern version of a threat intelligence entity
    revoked Boolean
    Is threat intelligence entity revoked
    source String
    Source of a threat intelligence entity
    threatIntelligenceTags List<String>
    List of tags
    threatTypes List<String>
    Threat types
    validFrom String
    Valid from
    validUntil String
    Valid until

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ThreatIntelligenceIndicator resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Etag string
    Etag of the azure resource
    Id string
    The provider-assigned unique ID for this managed resource.
    SystemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Etag string
    Etag of the azure resource
    id String
    The provider-assigned unique ID for this managed resource.
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag String
    Etag of the azure resource
    id string
    The provider-assigned unique ID for this managed resource.
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag string
    Etag of the azure resource
    id str
    The provider-assigned unique ID for this managed resource.
    system_data SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type str
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag str
    Etag of the azure resource
    id String
    The provider-assigned unique ID for this managed resource.
    systemData Property Map
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag String
    Etag of the azure resource

    Supporting Types

    SystemDataResponse, SystemDataResponseArgs

    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.
    createdAt string
    The timestamp of resource creation (UTC).
    createdBy string
    The identity that created the resource.
    createdByType string
    The type of identity that created the resource.
    lastModifiedAt string
    The timestamp of resource last modification (UTC)
    lastModifiedBy string
    The identity that last modified the resource.
    lastModifiedByType string
    The type of identity that last modified the resource.
    created_at str
    The timestamp of resource creation (UTC).
    created_by str
    The identity that created the resource.
    created_by_type str
    The type of identity that created the resource.
    last_modified_at str
    The timestamp of resource last modification (UTC)
    last_modified_by str
    The identity that last modified the resource.
    last_modified_by_type str
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.

    ThreatIntelligenceExternalReference, ThreatIntelligenceExternalReferenceArgs

    Description string
    External reference description
    ExternalId string
    External reference ID
    Hashes Dictionary<string, string>
    External reference hashes
    SourceName string
    External reference source name
    Url string
    External reference URL
    Description string
    External reference description
    ExternalId string
    External reference ID
    Hashes map[string]string
    External reference hashes
    SourceName string
    External reference source name
    Url string
    External reference URL
    description String
    External reference description
    externalId String
    External reference ID
    hashes Map<String,String>
    External reference hashes
    sourceName String
    External reference source name
    url String
    External reference URL
    description string
    External reference description
    externalId string
    External reference ID
    hashes {[key: string]: string}
    External reference hashes
    sourceName string
    External reference source name
    url string
    External reference URL
    description str
    External reference description
    external_id str
    External reference ID
    hashes Mapping[str, str]
    External reference hashes
    source_name str
    External reference source name
    url str
    External reference URL
    description String
    External reference description
    externalId String
    External reference ID
    hashes Map<String>
    External reference hashes
    sourceName String
    External reference source name
    url String
    External reference URL

    ThreatIntelligenceGranularMarkingModel, ThreatIntelligenceGranularMarkingModelArgs

    Language string
    Language granular marking model
    MarkingRef int
    marking reference granular marking model
    Selectors List<string>
    granular marking model selectors
    Language string
    Language granular marking model
    MarkingRef int
    marking reference granular marking model
    Selectors []string
    granular marking model selectors
    language String
    Language granular marking model
    markingRef Integer
    marking reference granular marking model
    selectors List<String>
    granular marking model selectors
    language string
    Language granular marking model
    markingRef number
    marking reference granular marking model
    selectors string[]
    granular marking model selectors
    language str
    Language granular marking model
    marking_ref int
    marking reference granular marking model
    selectors Sequence[str]
    granular marking model selectors
    language String
    Language granular marking model
    markingRef Number
    marking reference granular marking model
    selectors List<String>
    granular marking model selectors

    ThreatIntelligenceKillChainPhase, ThreatIntelligenceKillChainPhaseArgs

    KillChainName string
    Kill chainName name
    PhaseName string
    Phase name
    KillChainName string
    Kill chainName name
    PhaseName string
    Phase name
    killChainName String
    Kill chainName name
    phaseName String
    Phase name
    killChainName string
    Kill chainName name
    phaseName string
    Phase name
    kill_chain_name str
    Kill chainName name
    phase_name str
    Phase name
    killChainName String
    Kill chainName name
    phaseName String
    Phase name

    ThreatIntelligenceParsedPattern, ThreatIntelligenceParsedPatternArgs

    patternTypeKey String
    Pattern type key
    patternTypeValues List<Property Map>
    Pattern type keys

    ThreatIntelligenceParsedPatternTypeValue, ThreatIntelligenceParsedPatternTypeValueArgs

    Value string
    Value of parsed pattern
    ValueType string
    Type of the value
    Value string
    Value of parsed pattern
    ValueType string
    Type of the value
    value String
    Value of parsed pattern
    valueType String
    Type of the value
    value string
    Value of parsed pattern
    valueType string
    Type of the value
    value str
    Value of parsed pattern
    value_type str
    Type of the value
    value String
    Value of parsed pattern
    valueType String
    Type of the value

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:securityinsights:ThreatIntelligenceIndicator 180105c7-a28d-b1a2-4a78-234f6ec80fd6 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name} 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi