1. Packages
  2. Azure Classic
  3. API Docs
  4. sentinel
  5. Metadata

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

azure.sentinel.Metadata

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Manages a Sentinel Metadata.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = new azure.core.ResourceGroup("example", {
        name: "example-resources",
        location: "West Europe",
    });
    const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
        name: "example-workspace",
        location: example.location,
        resourceGroupName: example.name,
        sku: "pergb2018",
    });
    const exampleAnalyticsSolution = new azure.operationalinsights.AnalyticsSolution("example", {
        solutionName: "SecurityInsights",
        location: example.location,
        resourceGroupName: example.name,
        workspaceResourceId: exampleAnalyticsWorkspace.id,
        workspaceName: exampleAnalyticsWorkspace.name,
        plan: {
            publisher: "Microsoft",
            product: "OMSGallery/SecurityInsights",
        },
    });
    const exampleAlertRuleNrt = new azure.sentinel.AlertRuleNrt("example", {
        name: "example",
        logAnalyticsWorkspaceId: exampleAnalyticsSolution.workspaceResourceId,
        displayName: "example",
        severity: "High",
        query: `AzureActivity |
      where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
      where ActivityStatus == "Succeeded" |
      make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
    `,
    });
    const exampleMetadata = new azure.sentinel.Metadata("example", {
        name: "exampl",
        workspaceId: exampleAnalyticsSolution.workspaceResourceId,
        contentId: exampleAlertRuleNrt.name,
        kind: "AnalyticsRule",
        parentId: exampleAlertRuleNrt.id,
    });
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.core.ResourceGroup("example",
        name="example-resources",
        location="West Europe")
    example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
        name="example-workspace",
        location=example.location,
        resource_group_name=example.name,
        sku="pergb2018")
    example_analytics_solution = azure.operationalinsights.AnalyticsSolution("example",
        solution_name="SecurityInsights",
        location=example.location,
        resource_group_name=example.name,
        workspace_resource_id=example_analytics_workspace.id,
        workspace_name=example_analytics_workspace.name,
        plan={
            "publisher": "Microsoft",
            "product": "OMSGallery/SecurityInsights",
        })
    example_alert_rule_nrt = azure.sentinel.AlertRuleNrt("example",
        name="example",
        log_analytics_workspace_id=example_analytics_solution.workspace_resource_id,
        display_name="example",
        severity="High",
        query="""AzureActivity |
      where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
      where ActivityStatus == "Succeeded" |
      make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
    """)
    example_metadata = azure.sentinel.Metadata("example",
        name="exampl",
        workspace_id=example_analytics_solution.workspace_resource_id,
        content_id=example_alert_rule_nrt.name,
        kind="AnalyticsRule",
        parent_id=example_alert_rule_nrt.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/operationalinsights"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/sentinel"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-resources"),
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
    			Name:              pulumi.String("example-workspace"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			Sku:               pulumi.String("pergb2018"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "example", &operationalinsights.AnalyticsSolutionArgs{
    			SolutionName:        pulumi.String("SecurityInsights"),
    			Location:            example.Location,
    			ResourceGroupName:   example.Name,
    			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
    			WorkspaceName:       exampleAnalyticsWorkspace.Name,
    			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
    				Publisher: pulumi.String("Microsoft"),
    				Product:   pulumi.String("OMSGallery/SecurityInsights"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		exampleAlertRuleNrt, err := sentinel.NewAlertRuleNrt(ctx, "example", &sentinel.AlertRuleNrtArgs{
    			Name:                    pulumi.String("example"),
    			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
    			DisplayName:             pulumi.String("example"),
    			Severity:                pulumi.String("High"),
    			Query:                   pulumi.String("AzureActivity |\n  where OperationName == \"Create or Update Virtual Machine\" or OperationName ==\"Create Deployment\" |\n  where ActivityStatus == \"Succeeded\" |\n  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller\n"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = sentinel.NewMetadata(ctx, "example", &sentinel.MetadataArgs{
    			Name:        pulumi.String("exampl"),
    			WorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
    			ContentId:   exampleAlertRuleNrt.Name,
    			Kind:        pulumi.String("AnalyticsRule"),
    			ParentId:    exampleAlertRuleNrt.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "example-resources",
            Location = "West Europe",
        });
    
        var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
        {
            Name = "example-workspace",
            Location = example.Location,
            ResourceGroupName = example.Name,
            Sku = "pergb2018",
        });
    
        var exampleAnalyticsSolution = new Azure.OperationalInsights.AnalyticsSolution("example", new()
        {
            SolutionName = "SecurityInsights",
            Location = example.Location,
            ResourceGroupName = example.Name,
            WorkspaceResourceId = exampleAnalyticsWorkspace.Id,
            WorkspaceName = exampleAnalyticsWorkspace.Name,
            Plan = new Azure.OperationalInsights.Inputs.AnalyticsSolutionPlanArgs
            {
                Publisher = "Microsoft",
                Product = "OMSGallery/SecurityInsights",
            },
        });
    
        var exampleAlertRuleNrt = new Azure.Sentinel.AlertRuleNrt("example", new()
        {
            Name = "example",
            LogAnalyticsWorkspaceId = exampleAnalyticsSolution.WorkspaceResourceId,
            DisplayName = "example",
            Severity = "High",
            Query = @"AzureActivity |
      where OperationName == ""Create or Update Virtual Machine"" or OperationName ==""Create Deployment"" |
      where ActivityStatus == ""Succeeded"" |
      make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
    ",
        });
    
        var exampleMetadata = new Azure.Sentinel.Metadata("example", new()
        {
            Name = "exampl",
            WorkspaceId = exampleAnalyticsSolution.WorkspaceResourceId,
            ContentId = exampleAlertRuleNrt.Name,
            Kind = "AnalyticsRule",
            ParentId = exampleAlertRuleNrt.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
    import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
    import com.pulumi.azure.operationalinsights.AnalyticsSolution;
    import com.pulumi.azure.operationalinsights.AnalyticsSolutionArgs;
    import com.pulumi.azure.operationalinsights.inputs.AnalyticsSolutionPlanArgs;
    import com.pulumi.azure.sentinel.AlertRuleNrt;
    import com.pulumi.azure.sentinel.AlertRuleNrtArgs;
    import com.pulumi.azure.sentinel.Metadata;
    import com.pulumi.azure.sentinel.MetadataArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()
                .name("example-resources")
                .location("West Europe")
                .build());
    
            var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
                .name("example-workspace")
                .location(example.location())
                .resourceGroupName(example.name())
                .sku("pergb2018")
                .build());
    
            var exampleAnalyticsSolution = new AnalyticsSolution("exampleAnalyticsSolution", AnalyticsSolutionArgs.builder()
                .solutionName("SecurityInsights")
                .location(example.location())
                .resourceGroupName(example.name())
                .workspaceResourceId(exampleAnalyticsWorkspace.id())
                .workspaceName(exampleAnalyticsWorkspace.name())
                .plan(AnalyticsSolutionPlanArgs.builder()
                    .publisher("Microsoft")
                    .product("OMSGallery/SecurityInsights")
                    .build())
                .build());
    
            var exampleAlertRuleNrt = new AlertRuleNrt("exampleAlertRuleNrt", AlertRuleNrtArgs.builder()
                .name("example")
                .logAnalyticsWorkspaceId(exampleAnalyticsSolution.workspaceResourceId())
                .displayName("example")
                .severity("High")
                .query("""
    AzureActivity |
      where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
      where ActivityStatus == "Succeeded" |
      make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
                """)
                .build());
    
            var exampleMetadata = new Metadata("exampleMetadata", MetadataArgs.builder()
                .name("exampl")
                .workspaceId(exampleAnalyticsSolution.workspaceResourceId())
                .contentId(exampleAlertRuleNrt.name())
                .kind("AnalyticsRule")
                .parentId(exampleAlertRuleNrt.id())
                .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: example-resources
          location: West Europe
      exampleAnalyticsWorkspace:
        type: azure:operationalinsights:AnalyticsWorkspace
        name: example
        properties:
          name: example-workspace
          location: ${example.location}
          resourceGroupName: ${example.name}
          sku: pergb2018
      exampleAnalyticsSolution:
        type: azure:operationalinsights:AnalyticsSolution
        name: example
        properties:
          solutionName: SecurityInsights
          location: ${example.location}
          resourceGroupName: ${example.name}
          workspaceResourceId: ${exampleAnalyticsWorkspace.id}
          workspaceName: ${exampleAnalyticsWorkspace.name}
          plan:
            publisher: Microsoft
            product: OMSGallery/SecurityInsights
      exampleAlertRuleNrt:
        type: azure:sentinel:AlertRuleNrt
        name: example
        properties:
          name: example
          logAnalyticsWorkspaceId: ${exampleAnalyticsSolution.workspaceResourceId}
          displayName: example
          severity: High
          query: |
            AzureActivity |
              where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
              where ActivityStatus == "Succeeded" |
              make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller        
      exampleMetadata:
        type: azure:sentinel:Metadata
        name: example
        properties:
          name: exampl
          workspaceId: ${exampleAnalyticsSolution.workspaceResourceId}
          contentId: ${exampleAlertRuleNrt.name}
          kind: AnalyticsRule
          parentId: ${exampleAlertRuleNrt.id}
    

    Create Metadata Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Metadata(name: string, args: MetadataArgs, opts?: CustomResourceOptions);
    @overload
    def Metadata(resource_name: str,
                 args: MetadataArgs,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Metadata(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 kind: Optional[str] = None,
                 workspace_id: Optional[str] = None,
                 content_id: Optional[str] = None,
                 parent_id: Optional[str] = None,
                 name: Optional[str] = None,
                 preview_images_darks: Optional[Sequence[str]] = None,
                 first_publish_date: Optional[str] = None,
                 icon_id: Optional[str] = None,
                 custom_version: Optional[str] = None,
                 last_publish_date: Optional[str] = None,
                 author: Optional[MetadataAuthorArgs] = None,
                 content_schema_version: Optional[str] = None,
                 preview_images: Optional[Sequence[str]] = None,
                 dependency: Optional[str] = None,
                 providers: Optional[Sequence[str]] = None,
                 source: Optional[MetadataSourceArgs] = None,
                 support: Optional[MetadataSupportArgs] = None,
                 threat_analysis_tactics: Optional[Sequence[str]] = None,
                 threat_analysis_techniques: Optional[Sequence[str]] = None,
                 version: Optional[str] = None,
                 category: Optional[MetadataCategoryArgs] = None)
    func NewMetadata(ctx *Context, name string, args MetadataArgs, opts ...ResourceOption) (*Metadata, error)
    public Metadata(string name, MetadataArgs args, CustomResourceOptions? opts = null)
    public Metadata(String name, MetadataArgs args)
    public Metadata(String name, MetadataArgs args, CustomResourceOptions options)
    
    type: azure:sentinel:Metadata
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args MetadataArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args MetadataArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args MetadataArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args MetadataArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args MetadataArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var metadataResource = new Azure.Sentinel.Metadata("metadataResource", new()
    {
        Kind = "string",
        WorkspaceId = "string",
        ContentId = "string",
        ParentId = "string",
        Name = "string",
        PreviewImagesDarks = new[]
        {
            "string",
        },
        FirstPublishDate = "string",
        IconId = "string",
        CustomVersion = "string",
        LastPublishDate = "string",
        Author = new Azure.Sentinel.Inputs.MetadataAuthorArgs
        {
            Email = "string",
            Link = "string",
            Name = "string",
        },
        ContentSchemaVersion = "string",
        PreviewImages = new[]
        {
            "string",
        },
        Dependency = "string",
        Providers = new[]
        {
            "string",
        },
        Source = new Azure.Sentinel.Inputs.MetadataSourceArgs
        {
            Kind = "string",
            Id = "string",
            Name = "string",
        },
        Support = new Azure.Sentinel.Inputs.MetadataSupportArgs
        {
            Tier = "string",
            Email = "string",
            Link = "string",
            Name = "string",
        },
        ThreatAnalysisTactics = new[]
        {
            "string",
        },
        ThreatAnalysisTechniques = new[]
        {
            "string",
        },
        Version = "string",
        Category = new Azure.Sentinel.Inputs.MetadataCategoryArgs
        {
            Domains = new[]
            {
                "string",
            },
            Verticals = new[]
            {
                "string",
            },
        },
    });
    
    example, err := sentinel.NewMetadata(ctx, "metadataResource", &sentinel.MetadataArgs{
    	Kind:        pulumi.String("string"),
    	WorkspaceId: pulumi.String("string"),
    	ContentId:   pulumi.String("string"),
    	ParentId:    pulumi.String("string"),
    	Name:        pulumi.String("string"),
    	PreviewImagesDarks: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	FirstPublishDate: pulumi.String("string"),
    	IconId:           pulumi.String("string"),
    	CustomVersion:    pulumi.String("string"),
    	LastPublishDate:  pulumi.String("string"),
    	Author: &sentinel.MetadataAuthorArgs{
    		Email: pulumi.String("string"),
    		Link:  pulumi.String("string"),
    		Name:  pulumi.String("string"),
    	},
    	ContentSchemaVersion: pulumi.String("string"),
    	PreviewImages: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Dependency: pulumi.String("string"),
    	Providers: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Source: &sentinel.MetadataSourceArgs{
    		Kind: pulumi.String("string"),
    		Id:   pulumi.String("string"),
    		Name: pulumi.String("string"),
    	},
    	Support: &sentinel.MetadataSupportArgs{
    		Tier:  pulumi.String("string"),
    		Email: pulumi.String("string"),
    		Link:  pulumi.String("string"),
    		Name:  pulumi.String("string"),
    	},
    	ThreatAnalysisTactics: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ThreatAnalysisTechniques: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Version: pulumi.String("string"),
    	Category: &sentinel.MetadataCategoryArgs{
    		Domains: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Verticals: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    })
    
    var metadataResource = new Metadata("metadataResource", MetadataArgs.builder()
        .kind("string")
        .workspaceId("string")
        .contentId("string")
        .parentId("string")
        .name("string")
        .previewImagesDarks("string")
        .firstPublishDate("string")
        .iconId("string")
        .customVersion("string")
        .lastPublishDate("string")
        .author(MetadataAuthorArgs.builder()
            .email("string")
            .link("string")
            .name("string")
            .build())
        .contentSchemaVersion("string")
        .previewImages("string")
        .dependency("string")
        .providers("string")
        .source(MetadataSourceArgs.builder()
            .kind("string")
            .id("string")
            .name("string")
            .build())
        .support(MetadataSupportArgs.builder()
            .tier("string")
            .email("string")
            .link("string")
            .name("string")
            .build())
        .threatAnalysisTactics("string")
        .threatAnalysisTechniques("string")
        .version("string")
        .category(MetadataCategoryArgs.builder()
            .domains("string")
            .verticals("string")
            .build())
        .build());
    
    metadata_resource = azure.sentinel.Metadata("metadataResource",
        kind="string",
        workspace_id="string",
        content_id="string",
        parent_id="string",
        name="string",
        preview_images_darks=["string"],
        first_publish_date="string",
        icon_id="string",
        custom_version="string",
        last_publish_date="string",
        author={
            "email": "string",
            "link": "string",
            "name": "string",
        },
        content_schema_version="string",
        preview_images=["string"],
        dependency="string",
        providers=["string"],
        source={
            "kind": "string",
            "id": "string",
            "name": "string",
        },
        support={
            "tier": "string",
            "email": "string",
            "link": "string",
            "name": "string",
        },
        threat_analysis_tactics=["string"],
        threat_analysis_techniques=["string"],
        version="string",
        category={
            "domains": ["string"],
            "verticals": ["string"],
        })
    
    const metadataResource = new azure.sentinel.Metadata("metadataResource", {
        kind: "string",
        workspaceId: "string",
        contentId: "string",
        parentId: "string",
        name: "string",
        previewImagesDarks: ["string"],
        firstPublishDate: "string",
        iconId: "string",
        customVersion: "string",
        lastPublishDate: "string",
        author: {
            email: "string",
            link: "string",
            name: "string",
        },
        contentSchemaVersion: "string",
        previewImages: ["string"],
        dependency: "string",
        providers: ["string"],
        source: {
            kind: "string",
            id: "string",
            name: "string",
        },
        support: {
            tier: "string",
            email: "string",
            link: "string",
            name: "string",
        },
        threatAnalysisTactics: ["string"],
        threatAnalysisTechniques: ["string"],
        version: "string",
        category: {
            domains: ["string"],
            verticals: ["string"],
        },
    });
    
    type: azure:sentinel:Metadata
    properties:
        author:
            email: string
            link: string
            name: string
        category:
            domains:
                - string
            verticals:
                - string
        contentId: string
        contentSchemaVersion: string
        customVersion: string
        dependency: string
        firstPublishDate: string
        iconId: string
        kind: string
        lastPublishDate: string
        name: string
        parentId: string
        previewImages:
            - string
        previewImagesDarks:
            - string
        providers:
            - string
        source:
            id: string
            kind: string
            name: string
        support:
            email: string
            link: string
            name: string
            tier: string
        threatAnalysisTactics:
            - string
        threatAnalysisTechniques:
            - string
        version: string
        workspaceId: string
    

    Metadata Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Metadata resource accepts the following input properties:

    ContentId string
    The ID of the content. Used to identify dependencies and content from solutions or community.
    Kind string
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    ParentId string
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    WorkspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
    Author MetadataAuthor
    An author blocks as defined below.
    Category MetadataCategory
    A category block as defined below.
    ContentSchemaVersion string
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    CustomVersion string
    The Custom version of the content.
    Dependency string
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    FirstPublishDate string
    The first publish date of solution content item.
    IconId string
    The ID of the icon, this id can be fetched from the solution template.
    LastPublishDate string
    The last publish date of solution content item.
    Name string
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    PreviewImages List<string>
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    PreviewImagesDarks List<string>
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    Providers List<string>
    Specifies a list of providers for the solution content item.
    Source MetadataSource
    A source block as defined below.
    Support MetadataSupport
    A support block as defined below.
    ThreatAnalysisTactics List<string>
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    ThreatAnalysisTechniques List<string>
    Specifies a list of techniques the resource covers.
    Version string
    Version of the content.
    ContentId string
    The ID of the content. Used to identify dependencies and content from solutions or community.
    Kind string
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    ParentId string
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    WorkspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
    Author MetadataAuthorArgs
    An author blocks as defined below.
    Category MetadataCategoryArgs
    A category block as defined below.
    ContentSchemaVersion string
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    CustomVersion string
    The Custom version of the content.
    Dependency string
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    FirstPublishDate string
    The first publish date of solution content item.
    IconId string
    The ID of the icon, this id can be fetched from the solution template.
    LastPublishDate string
    The last publish date of solution content item.
    Name string
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    PreviewImages []string
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    PreviewImagesDarks []string
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    Providers []string
    Specifies a list of providers for the solution content item.
    Source MetadataSourceArgs
    A source block as defined below.
    Support MetadataSupportArgs
    A support block as defined below.
    ThreatAnalysisTactics []string
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    ThreatAnalysisTechniques []string
    Specifies a list of techniques the resource covers.
    Version string
    Version of the content.
    contentId String
    The ID of the content. Used to identify dependencies and content from solutions or community.
    kind String
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    parentId String
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    workspaceId String
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
    author MetadataAuthor
    An author blocks as defined below.
    category MetadataCategory
    A category block as defined below.
    contentSchemaVersion String
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    customVersion String
    The Custom version of the content.
    dependency String
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    firstPublishDate String
    The first publish date of solution content item.
    iconId String
    The ID of the icon, this id can be fetched from the solution template.
    lastPublishDate String
    The last publish date of solution content item.
    name String
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    previewImages List<String>
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    previewImagesDarks List<String>
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    providers List<String>
    Specifies a list of providers for the solution content item.
    source MetadataSource
    A source block as defined below.
    support MetadataSupport
    A support block as defined below.
    threatAnalysisTactics List<String>
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    threatAnalysisTechniques List<String>
    Specifies a list of techniques the resource covers.
    version String
    Version of the content.
    contentId string
    The ID of the content. Used to identify dependencies and content from solutions or community.
    kind string
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    parentId string
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    workspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
    author MetadataAuthor
    An author blocks as defined below.
    category MetadataCategory
    A category block as defined below.
    contentSchemaVersion string
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    customVersion string
    The Custom version of the content.
    dependency string
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    firstPublishDate string
    The first publish date of solution content item.
    iconId string
    The ID of the icon, this id can be fetched from the solution template.
    lastPublishDate string
    The last publish date of solution content item.
    name string
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    previewImages string[]
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    previewImagesDarks string[]
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    providers string[]
    Specifies a list of providers for the solution content item.
    source MetadataSource
    A source block as defined below.
    support MetadataSupport
    A support block as defined below.
    threatAnalysisTactics string[]
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    threatAnalysisTechniques string[]
    Specifies a list of techniques the resource covers.
    version string
    Version of the content.
    content_id str
    The ID of the content. Used to identify dependencies and content from solutions or community.
    kind str
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    parent_id str
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    workspace_id str
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
    author MetadataAuthorArgs
    An author blocks as defined below.
    category MetadataCategoryArgs
    A category block as defined below.
    content_schema_version str
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    custom_version str
    The Custom version of the content.
    dependency str
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    first_publish_date str
    The first publish date of solution content item.
    icon_id str
    The ID of the icon, this id can be fetched from the solution template.
    last_publish_date str
    The last publish date of solution content item.
    name str
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    preview_images Sequence[str]
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    preview_images_darks Sequence[str]
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    providers Sequence[str]
    Specifies a list of providers for the solution content item.
    source MetadataSourceArgs
    A source block as defined below.
    support MetadataSupportArgs
    A support block as defined below.
    threat_analysis_tactics Sequence[str]
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    threat_analysis_techniques Sequence[str]
    Specifies a list of techniques the resource covers.
    version str
    Version of the content.
    contentId String
    The ID of the content. Used to identify dependencies and content from solutions or community.
    kind String
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    parentId String
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    workspaceId String
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
    author Property Map
    An author blocks as defined below.
    category Property Map
    A category block as defined below.
    contentSchemaVersion String
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    customVersion String
    The Custom version of the content.
    dependency String
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    firstPublishDate String
    The first publish date of solution content item.
    iconId String
    The ID of the icon, this id can be fetched from the solution template.
    lastPublishDate String
    The last publish date of solution content item.
    name String
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    previewImages List<String>
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    previewImagesDarks List<String>
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    providers List<String>
    Specifies a list of providers for the solution content item.
    source Property Map
    A source block as defined below.
    support Property Map
    A support block as defined below.
    threatAnalysisTactics List<String>
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    threatAnalysisTechniques List<String>
    Specifies a list of techniques the resource covers.
    version String
    Version of the content.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Metadata resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Metadata Resource

    Get an existing Metadata resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: MetadataState, opts?: CustomResourceOptions): Metadata
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            author: Optional[MetadataAuthorArgs] = None,
            category: Optional[MetadataCategoryArgs] = None,
            content_id: Optional[str] = None,
            content_schema_version: Optional[str] = None,
            custom_version: Optional[str] = None,
            dependency: Optional[str] = None,
            first_publish_date: Optional[str] = None,
            icon_id: Optional[str] = None,
            kind: Optional[str] = None,
            last_publish_date: Optional[str] = None,
            name: Optional[str] = None,
            parent_id: Optional[str] = None,
            preview_images: Optional[Sequence[str]] = None,
            preview_images_darks: Optional[Sequence[str]] = None,
            providers: Optional[Sequence[str]] = None,
            source: Optional[MetadataSourceArgs] = None,
            support: Optional[MetadataSupportArgs] = None,
            threat_analysis_tactics: Optional[Sequence[str]] = None,
            threat_analysis_techniques: Optional[Sequence[str]] = None,
            version: Optional[str] = None,
            workspace_id: Optional[str] = None) -> Metadata
    func GetMetadata(ctx *Context, name string, id IDInput, state *MetadataState, opts ...ResourceOption) (*Metadata, error)
    public static Metadata Get(string name, Input<string> id, MetadataState? state, CustomResourceOptions? opts = null)
    public static Metadata get(String name, Output<String> id, MetadataState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Author MetadataAuthor
    An author blocks as defined below.
    Category MetadataCategory
    A category block as defined below.
    ContentId string
    The ID of the content. Used to identify dependencies and content from solutions or community.
    ContentSchemaVersion string
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    CustomVersion string
    The Custom version of the content.
    Dependency string
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    FirstPublishDate string
    The first publish date of solution content item.
    IconId string
    The ID of the icon, this id can be fetched from the solution template.
    Kind string
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    LastPublishDate string
    The last publish date of solution content item.
    Name string
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    ParentId string
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    PreviewImages List<string>
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    PreviewImagesDarks List<string>
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    Providers List<string>
    Specifies a list of providers for the solution content item.
    Source MetadataSource
    A source block as defined below.
    Support MetadataSupport
    A support block as defined below.
    ThreatAnalysisTactics List<string>
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    ThreatAnalysisTechniques List<string>
    Specifies a list of techniques the resource covers.
    Version string
    Version of the content.
    WorkspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
    Author MetadataAuthorArgs
    An author blocks as defined below.
    Category MetadataCategoryArgs
    A category block as defined below.
    ContentId string
    The ID of the content. Used to identify dependencies and content from solutions or community.
    ContentSchemaVersion string
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    CustomVersion string
    The Custom version of the content.
    Dependency string
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    FirstPublishDate string
    The first publish date of solution content item.
    IconId string
    The ID of the icon, this id can be fetched from the solution template.
    Kind string
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    LastPublishDate string
    The last publish date of solution content item.
    Name string
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    ParentId string
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    PreviewImages []string
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    PreviewImagesDarks []string
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    Providers []string
    Specifies a list of providers for the solution content item.
    Source MetadataSourceArgs
    A source block as defined below.
    Support MetadataSupportArgs
    A support block as defined below.
    ThreatAnalysisTactics []string
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    ThreatAnalysisTechniques []string
    Specifies a list of techniques the resource covers.
    Version string
    Version of the content.
    WorkspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
    author MetadataAuthor
    An author blocks as defined below.
    category MetadataCategory
    A category block as defined below.
    contentId String
    The ID of the content. Used to identify dependencies and content from solutions or community.
    contentSchemaVersion String
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    customVersion String
    The Custom version of the content.
    dependency String
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    firstPublishDate String
    The first publish date of solution content item.
    iconId String
    The ID of the icon, this id can be fetched from the solution template.
    kind String
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    lastPublishDate String
    The last publish date of solution content item.
    name String
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    parentId String
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    previewImages List<String>
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    previewImagesDarks List<String>
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    providers List<String>
    Specifies a list of providers for the solution content item.
    source MetadataSource
    A source block as defined below.
    support MetadataSupport
    A support block as defined below.
    threatAnalysisTactics List<String>
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    threatAnalysisTechniques List<String>
    Specifies a list of techniques the resource covers.
    version String
    Version of the content.
    workspaceId String
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
    author MetadataAuthor
    An author blocks as defined below.
    category MetadataCategory
    A category block as defined below.
    contentId string
    The ID of the content. Used to identify dependencies and content from solutions or community.
    contentSchemaVersion string
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    customVersion string
    The Custom version of the content.
    dependency string
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    firstPublishDate string
    The first publish date of solution content item.
    iconId string
    The ID of the icon, this id can be fetched from the solution template.
    kind string
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    lastPublishDate string
    The last publish date of solution content item.
    name string
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    parentId string
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    previewImages string[]
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    previewImagesDarks string[]
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    providers string[]
    Specifies a list of providers for the solution content item.
    source MetadataSource
    A source block as defined below.
    support MetadataSupport
    A support block as defined below.
    threatAnalysisTactics string[]
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    threatAnalysisTechniques string[]
    Specifies a list of techniques the resource covers.
    version string
    Version of the content.
    workspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
    author MetadataAuthorArgs
    An author blocks as defined below.
    category MetadataCategoryArgs
    A category block as defined below.
    content_id str
    The ID of the content. Used to identify dependencies and content from solutions or community.
    content_schema_version str
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    custom_version str
    The Custom version of the content.
    dependency str
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    first_publish_date str
    The first publish date of solution content item.
    icon_id str
    The ID of the icon, this id can be fetched from the solution template.
    kind str
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    last_publish_date str
    The last publish date of solution content item.
    name str
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    parent_id str
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    preview_images Sequence[str]
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    preview_images_darks Sequence[str]
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    providers Sequence[str]
    Specifies a list of providers for the solution content item.
    source MetadataSourceArgs
    A source block as defined below.
    support MetadataSupportArgs
    A support block as defined below.
    threat_analysis_tactics Sequence[str]
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    threat_analysis_techniques Sequence[str]
    Specifies a list of techniques the resource covers.
    version str
    Version of the content.
    workspace_id str
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
    author Property Map
    An author blocks as defined below.
    category Property Map
    A category block as defined below.
    contentId String
    The ID of the content. Used to identify dependencies and content from solutions or community.
    contentSchemaVersion String
    Schema version of the content. Can be used to distinguish between flow based on the schema version.
    customVersion String
    The Custom version of the content.
    dependency String
    A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
    firstPublishDate String
    The first publish date of solution content item.
    iconId String
    The ID of the icon, this id can be fetched from the solution template.
    kind String
    The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
    lastPublishDate String
    The last publish date of solution content item.
    name String
    The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
    parentId String
    The ID of the parent resource ID of the content item, which the metadata belongs to.
    previewImages List<String>
    Specifies a list of preview image file names. These will be taken from solution artifacts.
    previewImagesDarks List<String>
    Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
    providers List<String>
    Specifies a list of providers for the solution content item.
    source Property Map
    A source block as defined below.
    support Property Map
    A support block as defined below.
    threatAnalysisTactics List<String>
    Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
    threatAnalysisTechniques List<String>
    Specifies a list of techniques the resource covers.
    version String
    Version of the content.
    workspaceId String
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.

    Supporting Types

    MetadataAuthor, MetadataAuthorArgs

    Email string
    The email address of the author contact.
    Link string
    The link for author/vendor page.
    Name string
    The name of the author, company or person.
    Email string
    The email address of the author contact.
    Link string
    The link for author/vendor page.
    Name string
    The name of the author, company or person.
    email String
    The email address of the author contact.
    link String
    The link for author/vendor page.
    name String
    The name of the author, company or person.
    email string
    The email address of the author contact.
    link string
    The link for author/vendor page.
    name string
    The name of the author, company or person.
    email str
    The email address of the author contact.
    link str
    The link for author/vendor page.
    name str
    The name of the author, company or person.
    email String
    The email address of the author contact.
    link String
    The link for author/vendor page.
    name String
    The name of the author, company or person.

    MetadataCategory, MetadataCategoryArgs

    Domains List<string>
    Specifies a list of domains for the solution content item.
    Verticals List<string>
    Specifies a list of industry verticals for the solution content item.
    Domains []string
    Specifies a list of domains for the solution content item.
    Verticals []string
    Specifies a list of industry verticals for the solution content item.
    domains List<String>
    Specifies a list of domains for the solution content item.
    verticals List<String>
    Specifies a list of industry verticals for the solution content item.
    domains string[]
    Specifies a list of domains for the solution content item.
    verticals string[]
    Specifies a list of industry verticals for the solution content item.
    domains Sequence[str]
    Specifies a list of domains for the solution content item.
    verticals Sequence[str]
    Specifies a list of industry verticals for the solution content item.
    domains List<String>
    Specifies a list of domains for the solution content item.
    verticals List<String>
    Specifies a list of industry verticals for the solution content item.

    MetadataSource, MetadataSourceArgs

    Kind string
    The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
    Id string
    The id of the content source, the solution ID, Log Analytics Workspace name etc.
    Name string
    The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
    Kind string
    The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
    Id string
    The id of the content source, the solution ID, Log Analytics Workspace name etc.
    Name string
    The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
    kind String
    The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
    id String
    The id of the content source, the solution ID, Log Analytics Workspace name etc.
    name String
    The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
    kind string
    The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
    id string
    The id of the content source, the solution ID, Log Analytics Workspace name etc.
    name string
    The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
    kind str
    The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
    id str
    The id of the content source, the solution ID, Log Analytics Workspace name etc.
    name str
    The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.
    kind String
    The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
    id String
    The id of the content source, the solution ID, Log Analytics Workspace name etc.
    name String
    The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.

    MetadataSupport, MetadataSupportArgs

    Tier string
    The type of support for content item. Possible values are Microsoft, Partner and Community.
    Email string
    The email address of the support contact.
    Link string
    The link for support help.
    Name string
    The name of the support contact.
    Tier string
    The type of support for content item. Possible values are Microsoft, Partner and Community.
    Email string
    The email address of the support contact.
    Link string
    The link for support help.
    Name string
    The name of the support contact.
    tier String
    The type of support for content item. Possible values are Microsoft, Partner and Community.
    email String
    The email address of the support contact.
    link String
    The link for support help.
    name String
    The name of the support contact.
    tier string
    The type of support for content item. Possible values are Microsoft, Partner and Community.
    email string
    The email address of the support contact.
    link string
    The link for support help.
    name string
    The name of the support contact.
    tier str
    The type of support for content item. Possible values are Microsoft, Partner and Community.
    email str
    The email address of the support contact.
    link str
    The link for support help.
    name str
    The name of the support contact.
    tier String
    The type of support for content item. Possible values are Microsoft, Partner and Community.
    email String
    The email address of the support contact.
    link String
    The link for support help.
    name String
    The name of the support contact.

    Import

    Sentinel Metadata can be imported using the resource id, e.g.

    $ pulumi import azure:sentinel/metadata:Metadata example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/metadata/metadata1
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi