We recommend using Azure Native.
azure.sentinel.Metadata
Explore with Pulumi AI
Manages a Sentinel Metadata.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
name: "example-workspace",
location: example.location,
resourceGroupName: example.name,
sku: "pergb2018",
});
const exampleAnalyticsSolution = new azure.operationalinsights.AnalyticsSolution("example", {
solutionName: "SecurityInsights",
location: example.location,
resourceGroupName: example.name,
workspaceResourceId: exampleAnalyticsWorkspace.id,
workspaceName: exampleAnalyticsWorkspace.name,
plan: {
publisher: "Microsoft",
product: "OMSGallery/SecurityInsights",
},
});
const exampleAlertRuleNrt = new azure.sentinel.AlertRuleNrt("example", {
name: "example",
logAnalyticsWorkspaceId: exampleAnalyticsSolution.workspaceResourceId,
displayName: "example",
severity: "High",
query: `AzureActivity |
where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
where ActivityStatus == "Succeeded" |
make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
`,
});
const exampleMetadata = new azure.sentinel.Metadata("example", {
name: "exampl",
workspaceId: exampleAnalyticsSolution.workspaceResourceId,
contentId: exampleAlertRuleNrt.name,
kind: "AnalyticsRule",
parentId: exampleAlertRuleNrt.id,
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
name="example-workspace",
location=example.location,
resource_group_name=example.name,
sku="pergb2018")
example_analytics_solution = azure.operationalinsights.AnalyticsSolution("example",
solution_name="SecurityInsights",
location=example.location,
resource_group_name=example.name,
workspace_resource_id=example_analytics_workspace.id,
workspace_name=example_analytics_workspace.name,
plan={
"publisher": "Microsoft",
"product": "OMSGallery/SecurityInsights",
})
example_alert_rule_nrt = azure.sentinel.AlertRuleNrt("example",
name="example",
log_analytics_workspace_id=example_analytics_solution.workspace_resource_id,
display_name="example",
severity="High",
query="""AzureActivity |
where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
where ActivityStatus == "Succeeded" |
make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
""")
example_metadata = azure.sentinel.Metadata("example",
name="exampl",
workspace_id=example_analytics_solution.workspace_resource_id,
content_id=example_alert_rule_nrt.name,
kind="AnalyticsRule",
parent_id=example_alert_rule_nrt.id)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
Name: pulumi.String("example-workspace"),
Location: example.Location,
ResourceGroupName: example.Name,
Sku: pulumi.String("pergb2018"),
})
if err != nil {
return err
}
exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "example", &operationalinsights.AnalyticsSolutionArgs{
SolutionName: pulumi.String("SecurityInsights"),
Location: example.Location,
ResourceGroupName: example.Name,
WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
WorkspaceName: exampleAnalyticsWorkspace.Name,
Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
Publisher: pulumi.String("Microsoft"),
Product: pulumi.String("OMSGallery/SecurityInsights"),
},
})
if err != nil {
return err
}
exampleAlertRuleNrt, err := sentinel.NewAlertRuleNrt(ctx, "example", &sentinel.AlertRuleNrtArgs{
Name: pulumi.String("example"),
LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
DisplayName: pulumi.String("example"),
Severity: pulumi.String("High"),
Query: pulumi.String("AzureActivity |\n where OperationName == \"Create or Update Virtual Machine\" or OperationName ==\"Create Deployment\" |\n where ActivityStatus == \"Succeeded\" |\n make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller\n"),
})
if err != nil {
return err
}
_, err = sentinel.NewMetadata(ctx, "example", &sentinel.MetadataArgs{
Name: pulumi.String("exampl"),
WorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
ContentId: exampleAlertRuleNrt.Name,
Kind: pulumi.String("AnalyticsRule"),
ParentId: exampleAlertRuleNrt.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
{
Name = "example-workspace",
Location = example.Location,
ResourceGroupName = example.Name,
Sku = "pergb2018",
});
var exampleAnalyticsSolution = new Azure.OperationalInsights.AnalyticsSolution("example", new()
{
SolutionName = "SecurityInsights",
Location = example.Location,
ResourceGroupName = example.Name,
WorkspaceResourceId = exampleAnalyticsWorkspace.Id,
WorkspaceName = exampleAnalyticsWorkspace.Name,
Plan = new Azure.OperationalInsights.Inputs.AnalyticsSolutionPlanArgs
{
Publisher = "Microsoft",
Product = "OMSGallery/SecurityInsights",
},
});
var exampleAlertRuleNrt = new Azure.Sentinel.AlertRuleNrt("example", new()
{
Name = "example",
LogAnalyticsWorkspaceId = exampleAnalyticsSolution.WorkspaceResourceId,
DisplayName = "example",
Severity = "High",
Query = @"AzureActivity |
where OperationName == ""Create or Update Virtual Machine"" or OperationName ==""Create Deployment"" |
where ActivityStatus == ""Succeeded"" |
make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
",
});
var exampleMetadata = new Azure.Sentinel.Metadata("example", new()
{
Name = "exampl",
WorkspaceId = exampleAnalyticsSolution.WorkspaceResourceId,
ContentId = exampleAlertRuleNrt.Name,
Kind = "AnalyticsRule",
ParentId = exampleAlertRuleNrt.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.operationalinsights.AnalyticsSolution;
import com.pulumi.azure.operationalinsights.AnalyticsSolutionArgs;
import com.pulumi.azure.operationalinsights.inputs.AnalyticsSolutionPlanArgs;
import com.pulumi.azure.sentinel.AlertRuleNrt;
import com.pulumi.azure.sentinel.AlertRuleNrtArgs;
import com.pulumi.azure.sentinel.Metadata;
import com.pulumi.azure.sentinel.MetadataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
.name("example-workspace")
.location(example.location())
.resourceGroupName(example.name())
.sku("pergb2018")
.build());
var exampleAnalyticsSolution = new AnalyticsSolution("exampleAnalyticsSolution", AnalyticsSolutionArgs.builder()
.solutionName("SecurityInsights")
.location(example.location())
.resourceGroupName(example.name())
.workspaceResourceId(exampleAnalyticsWorkspace.id())
.workspaceName(exampleAnalyticsWorkspace.name())
.plan(AnalyticsSolutionPlanArgs.builder()
.publisher("Microsoft")
.product("OMSGallery/SecurityInsights")
.build())
.build());
var exampleAlertRuleNrt = new AlertRuleNrt("exampleAlertRuleNrt", AlertRuleNrtArgs.builder()
.name("example")
.logAnalyticsWorkspaceId(exampleAnalyticsSolution.workspaceResourceId())
.displayName("example")
.severity("High")
.query("""
AzureActivity |
where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
where ActivityStatus == "Succeeded" |
make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
""")
.build());
var exampleMetadata = new Metadata("exampleMetadata", MetadataArgs.builder()
.name("exampl")
.workspaceId(exampleAnalyticsSolution.workspaceResourceId())
.contentId(exampleAlertRuleNrt.name())
.kind("AnalyticsRule")
.parentId(exampleAlertRuleNrt.id())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleAnalyticsWorkspace:
type: azure:operationalinsights:AnalyticsWorkspace
name: example
properties:
name: example-workspace
location: ${example.location}
resourceGroupName: ${example.name}
sku: pergb2018
exampleAnalyticsSolution:
type: azure:operationalinsights:AnalyticsSolution
name: example
properties:
solutionName: SecurityInsights
location: ${example.location}
resourceGroupName: ${example.name}
workspaceResourceId: ${exampleAnalyticsWorkspace.id}
workspaceName: ${exampleAnalyticsWorkspace.name}
plan:
publisher: Microsoft
product: OMSGallery/SecurityInsights
exampleAlertRuleNrt:
type: azure:sentinel:AlertRuleNrt
name: example
properties:
name: example
logAnalyticsWorkspaceId: ${exampleAnalyticsSolution.workspaceResourceId}
displayName: example
severity: High
query: |
AzureActivity |
where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
where ActivityStatus == "Succeeded" |
make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
exampleMetadata:
type: azure:sentinel:Metadata
name: example
properties:
name: exampl
workspaceId: ${exampleAnalyticsSolution.workspaceResourceId}
contentId: ${exampleAlertRuleNrt.name}
kind: AnalyticsRule
parentId: ${exampleAlertRuleNrt.id}
Create Metadata Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Metadata(name: string, args: MetadataArgs, opts?: CustomResourceOptions);
@overload
def Metadata(resource_name: str,
args: MetadataArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Metadata(resource_name: str,
opts: Optional[ResourceOptions] = None,
kind: Optional[str] = None,
workspace_id: Optional[str] = None,
content_id: Optional[str] = None,
parent_id: Optional[str] = None,
name: Optional[str] = None,
preview_images_darks: Optional[Sequence[str]] = None,
first_publish_date: Optional[str] = None,
icon_id: Optional[str] = None,
custom_version: Optional[str] = None,
last_publish_date: Optional[str] = None,
author: Optional[MetadataAuthorArgs] = None,
content_schema_version: Optional[str] = None,
preview_images: Optional[Sequence[str]] = None,
dependency: Optional[str] = None,
providers: Optional[Sequence[str]] = None,
source: Optional[MetadataSourceArgs] = None,
support: Optional[MetadataSupportArgs] = None,
threat_analysis_tactics: Optional[Sequence[str]] = None,
threat_analysis_techniques: Optional[Sequence[str]] = None,
version: Optional[str] = None,
category: Optional[MetadataCategoryArgs] = None)
func NewMetadata(ctx *Context, name string, args MetadataArgs, opts ...ResourceOption) (*Metadata, error)
public Metadata(string name, MetadataArgs args, CustomResourceOptions? opts = null)
public Metadata(String name, MetadataArgs args)
public Metadata(String name, MetadataArgs args, CustomResourceOptions options)
type: azure:sentinel:Metadata
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args MetadataArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args MetadataArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args MetadataArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args MetadataArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args MetadataArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var metadataResource = new Azure.Sentinel.Metadata("metadataResource", new()
{
Kind = "string",
WorkspaceId = "string",
ContentId = "string",
ParentId = "string",
Name = "string",
PreviewImagesDarks = new[]
{
"string",
},
FirstPublishDate = "string",
IconId = "string",
CustomVersion = "string",
LastPublishDate = "string",
Author = new Azure.Sentinel.Inputs.MetadataAuthorArgs
{
Email = "string",
Link = "string",
Name = "string",
},
ContentSchemaVersion = "string",
PreviewImages = new[]
{
"string",
},
Dependency = "string",
Providers = new[]
{
"string",
},
Source = new Azure.Sentinel.Inputs.MetadataSourceArgs
{
Kind = "string",
Id = "string",
Name = "string",
},
Support = new Azure.Sentinel.Inputs.MetadataSupportArgs
{
Tier = "string",
Email = "string",
Link = "string",
Name = "string",
},
ThreatAnalysisTactics = new[]
{
"string",
},
ThreatAnalysisTechniques = new[]
{
"string",
},
Version = "string",
Category = new Azure.Sentinel.Inputs.MetadataCategoryArgs
{
Domains = new[]
{
"string",
},
Verticals = new[]
{
"string",
},
},
});
example, err := sentinel.NewMetadata(ctx, "metadataResource", &sentinel.MetadataArgs{
Kind: pulumi.String("string"),
WorkspaceId: pulumi.String("string"),
ContentId: pulumi.String("string"),
ParentId: pulumi.String("string"),
Name: pulumi.String("string"),
PreviewImagesDarks: pulumi.StringArray{
pulumi.String("string"),
},
FirstPublishDate: pulumi.String("string"),
IconId: pulumi.String("string"),
CustomVersion: pulumi.String("string"),
LastPublishDate: pulumi.String("string"),
Author: &sentinel.MetadataAuthorArgs{
Email: pulumi.String("string"),
Link: pulumi.String("string"),
Name: pulumi.String("string"),
},
ContentSchemaVersion: pulumi.String("string"),
PreviewImages: pulumi.StringArray{
pulumi.String("string"),
},
Dependency: pulumi.String("string"),
Providers: pulumi.StringArray{
pulumi.String("string"),
},
Source: &sentinel.MetadataSourceArgs{
Kind: pulumi.String("string"),
Id: pulumi.String("string"),
Name: pulumi.String("string"),
},
Support: &sentinel.MetadataSupportArgs{
Tier: pulumi.String("string"),
Email: pulumi.String("string"),
Link: pulumi.String("string"),
Name: pulumi.String("string"),
},
ThreatAnalysisTactics: pulumi.StringArray{
pulumi.String("string"),
},
ThreatAnalysisTechniques: pulumi.StringArray{
pulumi.String("string"),
},
Version: pulumi.String("string"),
Category: &sentinel.MetadataCategoryArgs{
Domains: pulumi.StringArray{
pulumi.String("string"),
},
Verticals: pulumi.StringArray{
pulumi.String("string"),
},
},
})
var metadataResource = new Metadata("metadataResource", MetadataArgs.builder()
.kind("string")
.workspaceId("string")
.contentId("string")
.parentId("string")
.name("string")
.previewImagesDarks("string")
.firstPublishDate("string")
.iconId("string")
.customVersion("string")
.lastPublishDate("string")
.author(MetadataAuthorArgs.builder()
.email("string")
.link("string")
.name("string")
.build())
.contentSchemaVersion("string")
.previewImages("string")
.dependency("string")
.providers("string")
.source(MetadataSourceArgs.builder()
.kind("string")
.id("string")
.name("string")
.build())
.support(MetadataSupportArgs.builder()
.tier("string")
.email("string")
.link("string")
.name("string")
.build())
.threatAnalysisTactics("string")
.threatAnalysisTechniques("string")
.version("string")
.category(MetadataCategoryArgs.builder()
.domains("string")
.verticals("string")
.build())
.build());
metadata_resource = azure.sentinel.Metadata("metadataResource",
kind="string",
workspace_id="string",
content_id="string",
parent_id="string",
name="string",
preview_images_darks=["string"],
first_publish_date="string",
icon_id="string",
custom_version="string",
last_publish_date="string",
author={
"email": "string",
"link": "string",
"name": "string",
},
content_schema_version="string",
preview_images=["string"],
dependency="string",
providers=["string"],
source={
"kind": "string",
"id": "string",
"name": "string",
},
support={
"tier": "string",
"email": "string",
"link": "string",
"name": "string",
},
threat_analysis_tactics=["string"],
threat_analysis_techniques=["string"],
version="string",
category={
"domains": ["string"],
"verticals": ["string"],
})
const metadataResource = new azure.sentinel.Metadata("metadataResource", {
kind: "string",
workspaceId: "string",
contentId: "string",
parentId: "string",
name: "string",
previewImagesDarks: ["string"],
firstPublishDate: "string",
iconId: "string",
customVersion: "string",
lastPublishDate: "string",
author: {
email: "string",
link: "string",
name: "string",
},
contentSchemaVersion: "string",
previewImages: ["string"],
dependency: "string",
providers: ["string"],
source: {
kind: "string",
id: "string",
name: "string",
},
support: {
tier: "string",
email: "string",
link: "string",
name: "string",
},
threatAnalysisTactics: ["string"],
threatAnalysisTechniques: ["string"],
version: "string",
category: {
domains: ["string"],
verticals: ["string"],
},
});
type: azure:sentinel:Metadata
properties:
author:
email: string
link: string
name: string
category:
domains:
- string
verticals:
- string
contentId: string
contentSchemaVersion: string
customVersion: string
dependency: string
firstPublishDate: string
iconId: string
kind: string
lastPublishDate: string
name: string
parentId: string
previewImages:
- string
previewImagesDarks:
- string
providers:
- string
source:
id: string
kind: string
name: string
support:
email: string
link: string
name: string
tier: string
threatAnalysisTactics:
- string
threatAnalysisTechniques:
- string
version: string
workspaceId: string
Metadata Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Metadata resource accepts the following input properties:
- Content
Id string - The ID of the content. Used to identify dependencies and content from solutions or community.
- Kind string
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - Parent
Id string - The ID of the parent resource ID of the content item, which the metadata belongs to.
- Workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
- Metadata
Author - An
author
blocks as defined below. - Category
Metadata
Category - A
category
block as defined below. - Content
Schema stringVersion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- Custom
Version string - The Custom version of the content.
- Dependency string
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - First
Publish stringDate - The first publish date of solution content item.
- Icon
Id string - The ID of the icon, this id can be fetched from the solution template.
- Last
Publish stringDate - The last publish date of solution content item.
- Name string
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- Preview
Images List<string> - Specifies a list of preview image file names. These will be taken from solution artifacts.
- Preview
Images List<string>Darks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- Providers List<string>
- Specifies a list of providers for the solution content item.
- Source
Metadata
Source - A
source
block as defined below. - Support
Metadata
Support - A
support
block as defined below. - Threat
Analysis List<string>Tactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - Threat
Analysis List<string>Techniques - Specifies a list of techniques the resource covers.
- Version string
- Version of the content.
- Content
Id string - The ID of the content. Used to identify dependencies and content from solutions or community.
- Kind string
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - Parent
Id string - The ID of the parent resource ID of the content item, which the metadata belongs to.
- Workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
- Metadata
Author Args - An
author
blocks as defined below. - Category
Metadata
Category Args - A
category
block as defined below. - Content
Schema stringVersion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- Custom
Version string - The Custom version of the content.
- Dependency string
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - First
Publish stringDate - The first publish date of solution content item.
- Icon
Id string - The ID of the icon, this id can be fetched from the solution template.
- Last
Publish stringDate - The last publish date of solution content item.
- Name string
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- Preview
Images []string - Specifies a list of preview image file names. These will be taken from solution artifacts.
- Preview
Images []stringDarks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- Providers []string
- Specifies a list of providers for the solution content item.
- Source
Metadata
Source Args - A
source
block as defined below. - Support
Metadata
Support Args - A
support
block as defined below. - Threat
Analysis []stringTactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - Threat
Analysis []stringTechniques - Specifies a list of techniques the resource covers.
- Version string
- Version of the content.
- content
Id String - The ID of the content. Used to identify dependencies and content from solutions or community.
- kind String
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - parent
Id String - The ID of the parent resource ID of the content item, which the metadata belongs to.
- workspace
Id String - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
- Metadata
Author - An
author
blocks as defined below. - category
Metadata
Category - A
category
block as defined below. - content
Schema StringVersion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- custom
Version String - The Custom version of the content.
- dependency String
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - first
Publish StringDate - The first publish date of solution content item.
- icon
Id String - The ID of the icon, this id can be fetched from the solution template.
- last
Publish StringDate - The last publish date of solution content item.
- name String
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- preview
Images List<String> - Specifies a list of preview image file names. These will be taken from solution artifacts.
- preview
Images List<String>Darks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- providers List<String>
- Specifies a list of providers for the solution content item.
- source
Metadata
Source - A
source
block as defined below. - support
Metadata
Support - A
support
block as defined below. - threat
Analysis List<String>Tactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - threat
Analysis List<String>Techniques - Specifies a list of techniques the resource covers.
- version String
- Version of the content.
- content
Id string - The ID of the content. Used to identify dependencies and content from solutions or community.
- kind string
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - parent
Id string - The ID of the parent resource ID of the content item, which the metadata belongs to.
- workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
- Metadata
Author - An
author
blocks as defined below. - category
Metadata
Category - A
category
block as defined below. - content
Schema stringVersion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- custom
Version string - The Custom version of the content.
- dependency string
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - first
Publish stringDate - The first publish date of solution content item.
- icon
Id string - The ID of the icon, this id can be fetched from the solution template.
- last
Publish stringDate - The last publish date of solution content item.
- name string
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- preview
Images string[] - Specifies a list of preview image file names. These will be taken from solution artifacts.
- preview
Images string[]Darks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- providers string[]
- Specifies a list of providers for the solution content item.
- source
Metadata
Source - A
source
block as defined below. - support
Metadata
Support - A
support
block as defined below. - threat
Analysis string[]Tactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - threat
Analysis string[]Techniques - Specifies a list of techniques the resource covers.
- version string
- Version of the content.
- content_
id str - The ID of the content. Used to identify dependencies and content from solutions or community.
- kind str
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - parent_
id str - The ID of the parent resource ID of the content item, which the metadata belongs to.
- workspace_
id str - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
- Metadata
Author Args - An
author
blocks as defined below. - category
Metadata
Category Args - A
category
block as defined below. - content_
schema_ strversion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- custom_
version str - The Custom version of the content.
- dependency str
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - first_
publish_ strdate - The first publish date of solution content item.
- icon_
id str - The ID of the icon, this id can be fetched from the solution template.
- last_
publish_ strdate - The last publish date of solution content item.
- name str
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- preview_
images Sequence[str] - Specifies a list of preview image file names. These will be taken from solution artifacts.
- preview_
images_ Sequence[str]darks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- providers Sequence[str]
- Specifies a list of providers for the solution content item.
- source
Metadata
Source Args - A
source
block as defined below. - support
Metadata
Support Args - A
support
block as defined below. - threat_
analysis_ Sequence[str]tactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - threat_
analysis_ Sequence[str]techniques - Specifies a list of techniques the resource covers.
- version str
- Version of the content.
- content
Id String - The ID of the content. Used to identify dependencies and content from solutions or community.
- kind String
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - parent
Id String - The ID of the parent resource ID of the content item, which the metadata belongs to.
- workspace
Id String - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
- Property Map
- An
author
blocks as defined below. - category Property Map
- A
category
block as defined below. - content
Schema StringVersion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- custom
Version String - The Custom version of the content.
- dependency String
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - first
Publish StringDate - The first publish date of solution content item.
- icon
Id String - The ID of the icon, this id can be fetched from the solution template.
- last
Publish StringDate - The last publish date of solution content item.
- name String
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- preview
Images List<String> - Specifies a list of preview image file names. These will be taken from solution artifacts.
- preview
Images List<String>Darks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- providers List<String>
- Specifies a list of providers for the solution content item.
- source Property Map
- A
source
block as defined below. - support Property Map
- A
support
block as defined below. - threat
Analysis List<String>Tactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - threat
Analysis List<String>Techniques - Specifies a list of techniques the resource covers.
- version String
- Version of the content.
Outputs
All input properties are implicitly available as output properties. Additionally, the Metadata resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Metadata Resource
Get an existing Metadata resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: MetadataState, opts?: CustomResourceOptions): Metadata
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
author: Optional[MetadataAuthorArgs] = None,
category: Optional[MetadataCategoryArgs] = None,
content_id: Optional[str] = None,
content_schema_version: Optional[str] = None,
custom_version: Optional[str] = None,
dependency: Optional[str] = None,
first_publish_date: Optional[str] = None,
icon_id: Optional[str] = None,
kind: Optional[str] = None,
last_publish_date: Optional[str] = None,
name: Optional[str] = None,
parent_id: Optional[str] = None,
preview_images: Optional[Sequence[str]] = None,
preview_images_darks: Optional[Sequence[str]] = None,
providers: Optional[Sequence[str]] = None,
source: Optional[MetadataSourceArgs] = None,
support: Optional[MetadataSupportArgs] = None,
threat_analysis_tactics: Optional[Sequence[str]] = None,
threat_analysis_techniques: Optional[Sequence[str]] = None,
version: Optional[str] = None,
workspace_id: Optional[str] = None) -> Metadata
func GetMetadata(ctx *Context, name string, id IDInput, state *MetadataState, opts ...ResourceOption) (*Metadata, error)
public static Metadata Get(string name, Input<string> id, MetadataState? state, CustomResourceOptions? opts = null)
public static Metadata get(String name, Output<String> id, MetadataState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Metadata
Author - An
author
blocks as defined below. - Category
Metadata
Category - A
category
block as defined below. - Content
Id string - The ID of the content. Used to identify dependencies and content from solutions or community.
- Content
Schema stringVersion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- Custom
Version string - The Custom version of the content.
- Dependency string
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - First
Publish stringDate - The first publish date of solution content item.
- Icon
Id string - The ID of the icon, this id can be fetched from the solution template.
- Kind string
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - Last
Publish stringDate - The last publish date of solution content item.
- Name string
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- Parent
Id string - The ID of the parent resource ID of the content item, which the metadata belongs to.
- Preview
Images List<string> - Specifies a list of preview image file names. These will be taken from solution artifacts.
- Preview
Images List<string>Darks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- Providers List<string>
- Specifies a list of providers for the solution content item.
- Source
Metadata
Source - A
source
block as defined below. - Support
Metadata
Support - A
support
block as defined below. - Threat
Analysis List<string>Tactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - Threat
Analysis List<string>Techniques - Specifies a list of techniques the resource covers.
- Version string
- Version of the content.
- Workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
- Metadata
Author Args - An
author
blocks as defined below. - Category
Metadata
Category Args - A
category
block as defined below. - Content
Id string - The ID of the content. Used to identify dependencies and content from solutions or community.
- Content
Schema stringVersion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- Custom
Version string - The Custom version of the content.
- Dependency string
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - First
Publish stringDate - The first publish date of solution content item.
- Icon
Id string - The ID of the icon, this id can be fetched from the solution template.
- Kind string
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - Last
Publish stringDate - The last publish date of solution content item.
- Name string
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- Parent
Id string - The ID of the parent resource ID of the content item, which the metadata belongs to.
- Preview
Images []string - Specifies a list of preview image file names. These will be taken from solution artifacts.
- Preview
Images []stringDarks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- Providers []string
- Specifies a list of providers for the solution content item.
- Source
Metadata
Source Args - A
source
block as defined below. - Support
Metadata
Support Args - A
support
block as defined below. - Threat
Analysis []stringTactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - Threat
Analysis []stringTechniques - Specifies a list of techniques the resource covers.
- Version string
- Version of the content.
- Workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
- Metadata
Author - An
author
blocks as defined below. - category
Metadata
Category - A
category
block as defined below. - content
Id String - The ID of the content. Used to identify dependencies and content from solutions or community.
- content
Schema StringVersion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- custom
Version String - The Custom version of the content.
- dependency String
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - first
Publish StringDate - The first publish date of solution content item.
- icon
Id String - The ID of the icon, this id can be fetched from the solution template.
- kind String
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - last
Publish StringDate - The last publish date of solution content item.
- name String
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- parent
Id String - The ID of the parent resource ID of the content item, which the metadata belongs to.
- preview
Images List<String> - Specifies a list of preview image file names. These will be taken from solution artifacts.
- preview
Images List<String>Darks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- providers List<String>
- Specifies a list of providers for the solution content item.
- source
Metadata
Source - A
source
block as defined below. - support
Metadata
Support - A
support
block as defined below. - threat
Analysis List<String>Tactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - threat
Analysis List<String>Techniques - Specifies a list of techniques the resource covers.
- version String
- Version of the content.
- workspace
Id String - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
- Metadata
Author - An
author
blocks as defined below. - category
Metadata
Category - A
category
block as defined below. - content
Id string - The ID of the content. Used to identify dependencies and content from solutions or community.
- content
Schema stringVersion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- custom
Version string - The Custom version of the content.
- dependency string
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - first
Publish stringDate - The first publish date of solution content item.
- icon
Id string - The ID of the icon, this id can be fetched from the solution template.
- kind string
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - last
Publish stringDate - The last publish date of solution content item.
- name string
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- parent
Id string - The ID of the parent resource ID of the content item, which the metadata belongs to.
- preview
Images string[] - Specifies a list of preview image file names. These will be taken from solution artifacts.
- preview
Images string[]Darks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- providers string[]
- Specifies a list of providers for the solution content item.
- source
Metadata
Source - A
source
block as defined below. - support
Metadata
Support - A
support
block as defined below. - threat
Analysis string[]Tactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - threat
Analysis string[]Techniques - Specifies a list of techniques the resource covers.
- version string
- Version of the content.
- workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
- Metadata
Author Args - An
author
blocks as defined below. - category
Metadata
Category Args - A
category
block as defined below. - content_
id str - The ID of the content. Used to identify dependencies and content from solutions or community.
- content_
schema_ strversion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- custom_
version str - The Custom version of the content.
- dependency str
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - first_
publish_ strdate - The first publish date of solution content item.
- icon_
id str - The ID of the icon, this id can be fetched from the solution template.
- kind str
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - last_
publish_ strdate - The last publish date of solution content item.
- name str
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- parent_
id str - The ID of the parent resource ID of the content item, which the metadata belongs to.
- preview_
images Sequence[str] - Specifies a list of preview image file names. These will be taken from solution artifacts.
- preview_
images_ Sequence[str]darks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- providers Sequence[str]
- Specifies a list of providers for the solution content item.
- source
Metadata
Source Args - A
source
block as defined below. - support
Metadata
Support Args - A
support
block as defined below. - threat_
analysis_ Sequence[str]tactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - threat_
analysis_ Sequence[str]techniques - Specifies a list of techniques the resource covers.
- version str
- Version of the content.
- workspace_
id str - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
- Property Map
- An
author
blocks as defined below. - category Property Map
- A
category
block as defined below. - content
Id String - The ID of the content. Used to identify dependencies and content from solutions or community.
- content
Schema StringVersion - Schema version of the content. Can be used to distinguish between flow based on the schema version.
- custom
Version String - The Custom version of the content.
- dependency String
- A JSON formatted
dependency
block as defined below. Dependency for the content item, what other content items it requires to work. - first
Publish StringDate - The first publish date of solution content item.
- icon
Id String - The ID of the icon, this id can be fetched from the solution template.
- kind String
- The kind of content the metadata is for. Possible values are
AnalyticsRule
,AnalyticsRuleTemplate
,AutomationRule
,AzureFunction
,DataConnector
,DataType
,HuntingQuery
,InvestigationQuery
,LogicAppsCustomConnector
,Parser
,Playbook
,PlaybookTemplate
,Solution
,Watchlist
,WatchlistTemplate
,Workbook
andWorkbookTemplate
. - last
Publish StringDate - The last publish date of solution content item.
- name String
- The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
- parent
Id String - The ID of the parent resource ID of the content item, which the metadata belongs to.
- preview
Images List<String> - Specifies a list of preview image file names. These will be taken from solution artifacts.
- preview
Images List<String>Darks - Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
- providers List<String>
- Specifies a list of providers for the solution content item.
- source Property Map
- A
source
block as defined below. - support Property Map
- A
support
block as defined below. - threat
Analysis List<String>Tactics - Specifies a list of tactics the resource covers. Possible values are
Reconnaissance
,ResourceDevelopment
,InitialAccess
,Execution
,Persistence
,PrivilegeEscalation
,DefenseEvasion
,CredentialAccess
,Discovery
,LateralMovement
,Collection
,CommandAndControl
,Exfiltration
,Impact
,ImpairProcessControl
andInhibitResponseFunction
. - threat
Analysis List<String>Techniques - Specifies a list of techniques the resource covers.
- version String
- Version of the content.
- workspace
Id String - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
Supporting Types
MetadataAuthor, MetadataAuthorArgs
MetadataCategory, MetadataCategoryArgs
MetadataSource, MetadataSourceArgs
- Kind string
- The kind of the content source. Possible values are
Community
,LocalWorkspace
,Solution
andSourceRepository
. - Id string
- The id of the content source, the solution ID, Log Analytics Workspace name etc.
- Name string
- The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
- Kind string
- The kind of the content source. Possible values are
Community
,LocalWorkspace
,Solution
andSourceRepository
. - Id string
- The id of the content source, the solution ID, Log Analytics Workspace name etc.
- Name string
- The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
- kind String
- The kind of the content source. Possible values are
Community
,LocalWorkspace
,Solution
andSourceRepository
. - id String
- The id of the content source, the solution ID, Log Analytics Workspace name etc.
- name String
- The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
- kind string
- The kind of the content source. Possible values are
Community
,LocalWorkspace
,Solution
andSourceRepository
. - id string
- The id of the content source, the solution ID, Log Analytics Workspace name etc.
- name string
- The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
- kind str
- The kind of the content source. Possible values are
Community
,LocalWorkspace
,Solution
andSourceRepository
. - id str
- The id of the content source, the solution ID, Log Analytics Workspace name etc.
- name str
- The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
- kind String
- The kind of the content source. Possible values are
Community
,LocalWorkspace
,Solution
andSourceRepository
. - id String
- The id of the content source, the solution ID, Log Analytics Workspace name etc.
- name String
- The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
MetadataSupport, MetadataSupportArgs
Import
Sentinel Metadata can be imported using the resource id
, e.g.
$ pulumi import azure:sentinel/metadata:Metadata example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/metadata/metadata1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.