1. Packages
  2. Azure Classic
  3. API Docs
  4. sentinel
  5. ThreatIntelligenceIndicator

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

azure.sentinel.ThreatIntelligenceIndicator

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Manages a Sentinel Threat Intelligence Indicator.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = new azure.core.ResourceGroup("example", {
        name: "example-rg",
        location: "east us",
    });
    const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
        name: "example-law",
        location: example.location,
        resourceGroupName: example.name,
        sku: "PerGB2018",
        retentionInDays: 30,
    });
    const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", {workspaceId: exampleAnalyticsWorkspace.id});
    const exampleThreatIntelligenceIndicator = new azure.sentinel.ThreatIntelligenceIndicator("example", {
        workspaceId: exampleLogAnalyticsWorkspaceOnboarding.workspaceId,
        patternType: "domain-name",
        pattern: "http://example.com",
        source: "Microsoft Sentinel",
        validateFromUtc: "2022-12-14T16:00:00Z",
        displayName: "example-indicator",
    });
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.core.ResourceGroup("example",
        name="example-rg",
        location="east us")
    example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
        name="example-law",
        location=example.location,
        resource_group_name=example.name,
        sku="PerGB2018",
        retention_in_days=30)
    example_log_analytics_workspace_onboarding = azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", workspace_id=example_analytics_workspace.id)
    example_threat_intelligence_indicator = azure.sentinel.ThreatIntelligenceIndicator("example",
        workspace_id=example_log_analytics_workspace_onboarding.workspace_id,
        pattern_type="domain-name",
        pattern="http://example.com",
        source="Microsoft Sentinel",
        validate_from_utc="2022-12-14T16:00:00Z",
        display_name="example-indicator")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/operationalinsights"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/sentinel"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-rg"),
    			Location: pulumi.String("east us"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
    			Name:              pulumi.String("example-law"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			Sku:               pulumi.String("PerGB2018"),
    			RetentionInDays:   pulumi.Int(30),
    		})
    		if err != nil {
    			return err
    		}
    		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
    			WorkspaceId: exampleAnalyticsWorkspace.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = sentinel.NewThreatIntelligenceIndicator(ctx, "example", &sentinel.ThreatIntelligenceIndicatorArgs{
    			WorkspaceId:     exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
    			PatternType:     pulumi.String("domain-name"),
    			Pattern:         pulumi.String("http://example.com"),
    			Source:          pulumi.String("Microsoft Sentinel"),
    			ValidateFromUtc: pulumi.String("2022-12-14T16:00:00Z"),
    			DisplayName:     pulumi.String("example-indicator"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "example-rg",
            Location = "east us",
        });
    
        var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
        {
            Name = "example-law",
            Location = example.Location,
            ResourceGroupName = example.Name,
            Sku = "PerGB2018",
            RetentionInDays = 30,
        });
    
        var exampleLogAnalyticsWorkspaceOnboarding = new Azure.Sentinel.LogAnalyticsWorkspaceOnboarding("example", new()
        {
            WorkspaceId = exampleAnalyticsWorkspace.Id,
        });
    
        var exampleThreatIntelligenceIndicator = new Azure.Sentinel.ThreatIntelligenceIndicator("example", new()
        {
            WorkspaceId = exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
            PatternType = "domain-name",
            Pattern = "http://example.com",
            Source = "Microsoft Sentinel",
            ValidateFromUtc = "2022-12-14T16:00:00Z",
            DisplayName = "example-indicator",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
    import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
    import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
    import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
    import com.pulumi.azure.sentinel.ThreatIntelligenceIndicator;
    import com.pulumi.azure.sentinel.ThreatIntelligenceIndicatorArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()
                .name("example-rg")
                .location("east us")
                .build());
    
            var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
                .name("example-law")
                .location(example.location())
                .resourceGroupName(example.name())
                .sku("PerGB2018")
                .retentionInDays(30)
                .build());
    
            var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()
                .workspaceId(exampleAnalyticsWorkspace.id())
                .build());
    
            var exampleThreatIntelligenceIndicator = new ThreatIntelligenceIndicator("exampleThreatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()
                .workspaceId(exampleLogAnalyticsWorkspaceOnboarding.workspaceId())
                .patternType("domain-name")
                .pattern("http://example.com")
                .source("Microsoft Sentinel")
                .validateFromUtc("2022-12-14T16:00:00Z")
                .displayName("example-indicator")
                .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: example-rg
          location: east us
      exampleAnalyticsWorkspace:
        type: azure:operationalinsights:AnalyticsWorkspace
        name: example
        properties:
          name: example-law
          location: ${example.location}
          resourceGroupName: ${example.name}
          sku: PerGB2018
          retentionInDays: 30
      exampleLogAnalyticsWorkspaceOnboarding:
        type: azure:sentinel:LogAnalyticsWorkspaceOnboarding
        name: example
        properties:
          workspaceId: ${exampleAnalyticsWorkspace.id}
      exampleThreatIntelligenceIndicator:
        type: azure:sentinel:ThreatIntelligenceIndicator
        name: example
        properties:
          workspaceId: ${exampleLogAnalyticsWorkspaceOnboarding.workspaceId}
          patternType: domain-name
          pattern: http://example.com
          source: Microsoft Sentinel
          validateFromUtc: 2022-12-14T16:00:00Z
          displayName: example-indicator
    

    Create ThreatIntelligenceIndicator Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ThreatIntelligenceIndicator(name: string, args: ThreatIntelligenceIndicatorArgs, opts?: CustomResourceOptions);
    @overload
    def ThreatIntelligenceIndicator(resource_name: str,
                                    args: ThreatIntelligenceIndicatorArgs,
                                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def ThreatIntelligenceIndicator(resource_name: str,
                                    opts: Optional[ResourceOptions] = None,
                                    pattern: Optional[str] = None,
                                    workspace_id: Optional[str] = None,
                                    validate_from_utc: Optional[str] = None,
                                    display_name: Optional[str] = None,
                                    source: Optional[str] = None,
                                    pattern_type: Optional[str] = None,
                                    external_references: Optional[Sequence[ThreatIntelligenceIndicatorExternalReferenceArgs]] = None,
                                    revoked: Optional[bool] = None,
                                    language: Optional[str] = None,
                                    object_marking_refs: Optional[Sequence[str]] = None,
                                    granular_markings: Optional[Sequence[ThreatIntelligenceIndicatorGranularMarkingArgs]] = None,
                                    confidence: Optional[int] = None,
                                    pattern_version: Optional[str] = None,
                                    kill_chain_phases: Optional[Sequence[ThreatIntelligenceIndicatorKillChainPhaseArgs]] = None,
                                    extension: Optional[str] = None,
                                    tags: Optional[Sequence[str]] = None,
                                    threat_types: Optional[Sequence[str]] = None,
                                    description: Optional[str] = None,
                                    validate_until_utc: Optional[str] = None,
                                    created_by: Optional[str] = None)
    func NewThreatIntelligenceIndicator(ctx *Context, name string, args ThreatIntelligenceIndicatorArgs, opts ...ResourceOption) (*ThreatIntelligenceIndicator, error)
    public ThreatIntelligenceIndicator(string name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions? opts = null)
    public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args)
    public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions options)
    
    type: azure:sentinel:ThreatIntelligenceIndicator
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ThreatIntelligenceIndicatorArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var threatIntelligenceIndicatorResource = new Azure.Sentinel.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", new()
    {
        Pattern = "string",
        WorkspaceId = "string",
        ValidateFromUtc = "string",
        DisplayName = "string",
        Source = "string",
        PatternType = "string",
        ExternalReferences = new[]
        {
            new Azure.Sentinel.Inputs.ThreatIntelligenceIndicatorExternalReferenceArgs
            {
                Description = "string",
                Hashes = 
                {
                    { "string", "string" },
                },
                Id = "string",
                SourceName = "string",
                Url = "string",
            },
        },
        Revoked = false,
        Language = "string",
        ObjectMarkingRefs = new[]
        {
            "string",
        },
        GranularMarkings = new[]
        {
            new Azure.Sentinel.Inputs.ThreatIntelligenceIndicatorGranularMarkingArgs
            {
                Language = "string",
                MarkingRef = "string",
                Selectors = new[]
                {
                    "string",
                },
            },
        },
        Confidence = 0,
        PatternVersion = "string",
        KillChainPhases = new[]
        {
            new Azure.Sentinel.Inputs.ThreatIntelligenceIndicatorKillChainPhaseArgs
            {
                Name = "string",
            },
        },
        Extension = "string",
        Tags = new[]
        {
            "string",
        },
        ThreatTypes = new[]
        {
            "string",
        },
        Description = "string",
        ValidateUntilUtc = "string",
        CreatedBy = "string",
    });
    
    example, err := sentinel.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicatorResource", &sentinel.ThreatIntelligenceIndicatorArgs{
    	Pattern:         pulumi.String("string"),
    	WorkspaceId:     pulumi.String("string"),
    	ValidateFromUtc: pulumi.String("string"),
    	DisplayName:     pulumi.String("string"),
    	Source:          pulumi.String("string"),
    	PatternType:     pulumi.String("string"),
    	ExternalReferences: sentinel.ThreatIntelligenceIndicatorExternalReferenceArray{
    		&sentinel.ThreatIntelligenceIndicatorExternalReferenceArgs{
    			Description: pulumi.String("string"),
    			Hashes: pulumi.StringMap{
    				"string": pulumi.String("string"),
    			},
    			Id:         pulumi.String("string"),
    			SourceName: pulumi.String("string"),
    			Url:        pulumi.String("string"),
    		},
    	},
    	Revoked:  pulumi.Bool(false),
    	Language: pulumi.String("string"),
    	ObjectMarkingRefs: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	GranularMarkings: sentinel.ThreatIntelligenceIndicatorGranularMarkingArray{
    		&sentinel.ThreatIntelligenceIndicatorGranularMarkingArgs{
    			Language:   pulumi.String("string"),
    			MarkingRef: pulumi.String("string"),
    			Selectors: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	Confidence:     pulumi.Int(0),
    	PatternVersion: pulumi.String("string"),
    	KillChainPhases: sentinel.ThreatIntelligenceIndicatorKillChainPhaseArray{
    		&sentinel.ThreatIntelligenceIndicatorKillChainPhaseArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	Extension: pulumi.String("string"),
    	Tags: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ThreatTypes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Description:      pulumi.String("string"),
    	ValidateUntilUtc: pulumi.String("string"),
    	CreatedBy:        pulumi.String("string"),
    })
    
    var threatIntelligenceIndicatorResource = new ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", ThreatIntelligenceIndicatorArgs.builder()
        .pattern("string")
        .workspaceId("string")
        .validateFromUtc("string")
        .displayName("string")
        .source("string")
        .patternType("string")
        .externalReferences(ThreatIntelligenceIndicatorExternalReferenceArgs.builder()
            .description("string")
            .hashes(Map.of("string", "string"))
            .id("string")
            .sourceName("string")
            .url("string")
            .build())
        .revoked(false)
        .language("string")
        .objectMarkingRefs("string")
        .granularMarkings(ThreatIntelligenceIndicatorGranularMarkingArgs.builder()
            .language("string")
            .markingRef("string")
            .selectors("string")
            .build())
        .confidence(0)
        .patternVersion("string")
        .killChainPhases(ThreatIntelligenceIndicatorKillChainPhaseArgs.builder()
            .name("string")
            .build())
        .extension("string")
        .tags("string")
        .threatTypes("string")
        .description("string")
        .validateUntilUtc("string")
        .createdBy("string")
        .build());
    
    threat_intelligence_indicator_resource = azure.sentinel.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource",
        pattern="string",
        workspace_id="string",
        validate_from_utc="string",
        display_name="string",
        source="string",
        pattern_type="string",
        external_references=[{
            "description": "string",
            "hashes": {
                "string": "string",
            },
            "id": "string",
            "source_name": "string",
            "url": "string",
        }],
        revoked=False,
        language="string",
        object_marking_refs=["string"],
        granular_markings=[{
            "language": "string",
            "marking_ref": "string",
            "selectors": ["string"],
        }],
        confidence=0,
        pattern_version="string",
        kill_chain_phases=[{
            "name": "string",
        }],
        extension="string",
        tags=["string"],
        threat_types=["string"],
        description="string",
        validate_until_utc="string",
        created_by="string")
    
    const threatIntelligenceIndicatorResource = new azure.sentinel.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", {
        pattern: "string",
        workspaceId: "string",
        validateFromUtc: "string",
        displayName: "string",
        source: "string",
        patternType: "string",
        externalReferences: [{
            description: "string",
            hashes: {
                string: "string",
            },
            id: "string",
            sourceName: "string",
            url: "string",
        }],
        revoked: false,
        language: "string",
        objectMarkingRefs: ["string"],
        granularMarkings: [{
            language: "string",
            markingRef: "string",
            selectors: ["string"],
        }],
        confidence: 0,
        patternVersion: "string",
        killChainPhases: [{
            name: "string",
        }],
        extension: "string",
        tags: ["string"],
        threatTypes: ["string"],
        description: "string",
        validateUntilUtc: "string",
        createdBy: "string",
    });
    
    type: azure:sentinel:ThreatIntelligenceIndicator
    properties:
        confidence: 0
        createdBy: string
        description: string
        displayName: string
        extension: string
        externalReferences:
            - description: string
              hashes:
                string: string
              id: string
              sourceName: string
              url: string
        granularMarkings:
            - language: string
              markingRef: string
              selectors:
                - string
        killChainPhases:
            - name: string
        language: string
        objectMarkingRefs:
            - string
        pattern: string
        patternType: string
        patternVersion: string
        revoked: false
        source: string
        tags:
            - string
        threatTypes:
            - string
        validateFromUtc: string
        validateUntilUtc: string
        workspaceId: string
    

    ThreatIntelligenceIndicator Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ThreatIntelligenceIndicator resource accepts the following input properties:

    DisplayName string
    The display name of the Threat Intelligence Indicator.
    Pattern string
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    PatternType string
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    Source string
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    ValidateFromUtc string
    The start of validate date in RFC3339.
    WorkspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
    Confidence int
    Confidence levels of the Threat Intelligence Indicator.
    CreatedBy string
    The creator of the Threat Intelligence Indicator.
    Description string
    The description of the Threat Intelligence Indicator.
    Extension string
    The extension config of the Threat Intelligence Indicator in JSON format.
    ExternalReferences List<ThreatIntelligenceIndicatorExternalReference>
    One or more external_reference blocks as defined below.
    GranularMarkings List<ThreatIntelligenceIndicatorGranularMarking>
    One or more granular_marking blocks as defined below.
    KillChainPhases List<ThreatIntelligenceIndicatorKillChainPhase>
    One or more kill_chain_phase blocks as defined below.
    Language string
    The language of the Threat Intelligence Indicator.
    ObjectMarkingRefs List<string>
    Specifies a list of Threat Intelligence marking references.
    PatternVersion string
    The version of a Threat Intelligence entity.
    Revoked bool
    Whether the Threat Intelligence entity revoked.
    Tags List<string>
    Specifies a list of tags of the Threat Intelligence Indicator.
    ThreatTypes List<string>
    Specifies a list of threat types of this Threat Intelligence Indicator.
    ValidateUntilUtc string
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
    DisplayName string
    The display name of the Threat Intelligence Indicator.
    Pattern string
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    PatternType string
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    Source string
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    ValidateFromUtc string
    The start of validate date in RFC3339.
    WorkspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
    Confidence int
    Confidence levels of the Threat Intelligence Indicator.
    CreatedBy string
    The creator of the Threat Intelligence Indicator.
    Description string
    The description of the Threat Intelligence Indicator.
    Extension string
    The extension config of the Threat Intelligence Indicator in JSON format.
    ExternalReferences []ThreatIntelligenceIndicatorExternalReferenceArgs
    One or more external_reference blocks as defined below.
    GranularMarkings []ThreatIntelligenceIndicatorGranularMarkingArgs
    One or more granular_marking blocks as defined below.
    KillChainPhases []ThreatIntelligenceIndicatorKillChainPhaseArgs
    One or more kill_chain_phase blocks as defined below.
    Language string
    The language of the Threat Intelligence Indicator.
    ObjectMarkingRefs []string
    Specifies a list of Threat Intelligence marking references.
    PatternVersion string
    The version of a Threat Intelligence entity.
    Revoked bool
    Whether the Threat Intelligence entity revoked.
    Tags []string
    Specifies a list of tags of the Threat Intelligence Indicator.
    ThreatTypes []string
    Specifies a list of threat types of this Threat Intelligence Indicator.
    ValidateUntilUtc string
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
    displayName String
    The display name of the Threat Intelligence Indicator.
    pattern String
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    patternType String
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    source String
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    validateFromUtc String
    The start of validate date in RFC3339.
    workspaceId String
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
    confidence Integer
    Confidence levels of the Threat Intelligence Indicator.
    createdBy String
    The creator of the Threat Intelligence Indicator.
    description String
    The description of the Threat Intelligence Indicator.
    extension String
    The extension config of the Threat Intelligence Indicator in JSON format.
    externalReferences List<ThreatIntelligenceIndicatorExternalReference>
    One or more external_reference blocks as defined below.
    granularMarkings List<ThreatIntelligenceIndicatorGranularMarking>
    One or more granular_marking blocks as defined below.
    killChainPhases List<ThreatIntelligenceIndicatorKillChainPhase>
    One or more kill_chain_phase blocks as defined below.
    language String
    The language of the Threat Intelligence Indicator.
    objectMarkingRefs List<String>
    Specifies a list of Threat Intelligence marking references.
    patternVersion String
    The version of a Threat Intelligence entity.
    revoked Boolean
    Whether the Threat Intelligence entity revoked.
    tags List<String>
    Specifies a list of tags of the Threat Intelligence Indicator.
    threatTypes List<String>
    Specifies a list of threat types of this Threat Intelligence Indicator.
    validateUntilUtc String
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
    displayName string
    The display name of the Threat Intelligence Indicator.
    pattern string
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    patternType string
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    source string
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    validateFromUtc string
    The start of validate date in RFC3339.
    workspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
    confidence number
    Confidence levels of the Threat Intelligence Indicator.
    createdBy string
    The creator of the Threat Intelligence Indicator.
    description string
    The description of the Threat Intelligence Indicator.
    extension string
    The extension config of the Threat Intelligence Indicator in JSON format.
    externalReferences ThreatIntelligenceIndicatorExternalReference[]
    One or more external_reference blocks as defined below.
    granularMarkings ThreatIntelligenceIndicatorGranularMarking[]
    One or more granular_marking blocks as defined below.
    killChainPhases ThreatIntelligenceIndicatorKillChainPhase[]
    One or more kill_chain_phase blocks as defined below.
    language string
    The language of the Threat Intelligence Indicator.
    objectMarkingRefs string[]
    Specifies a list of Threat Intelligence marking references.
    patternVersion string
    The version of a Threat Intelligence entity.
    revoked boolean
    Whether the Threat Intelligence entity revoked.
    tags string[]
    Specifies a list of tags of the Threat Intelligence Indicator.
    threatTypes string[]
    Specifies a list of threat types of this Threat Intelligence Indicator.
    validateUntilUtc string
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
    display_name str
    The display name of the Threat Intelligence Indicator.
    pattern str
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    pattern_type str
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    source str
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    validate_from_utc str
    The start of validate date in RFC3339.
    workspace_id str
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
    confidence int
    Confidence levels of the Threat Intelligence Indicator.
    created_by str
    The creator of the Threat Intelligence Indicator.
    description str
    The description of the Threat Intelligence Indicator.
    extension str
    The extension config of the Threat Intelligence Indicator in JSON format.
    external_references Sequence[ThreatIntelligenceIndicatorExternalReferenceArgs]
    One or more external_reference blocks as defined below.
    granular_markings Sequence[ThreatIntelligenceIndicatorGranularMarkingArgs]
    One or more granular_marking blocks as defined below.
    kill_chain_phases Sequence[ThreatIntelligenceIndicatorKillChainPhaseArgs]
    One or more kill_chain_phase blocks as defined below.
    language str
    The language of the Threat Intelligence Indicator.
    object_marking_refs Sequence[str]
    Specifies a list of Threat Intelligence marking references.
    pattern_version str
    The version of a Threat Intelligence entity.
    revoked bool
    Whether the Threat Intelligence entity revoked.
    tags Sequence[str]
    Specifies a list of tags of the Threat Intelligence Indicator.
    threat_types Sequence[str]
    Specifies a list of threat types of this Threat Intelligence Indicator.
    validate_until_utc str
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
    displayName String
    The display name of the Threat Intelligence Indicator.
    pattern String
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    patternType String
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    source String
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    validateFromUtc String
    The start of validate date in RFC3339.
    workspaceId String
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
    confidence Number
    Confidence levels of the Threat Intelligence Indicator.
    createdBy String
    The creator of the Threat Intelligence Indicator.
    description String
    The description of the Threat Intelligence Indicator.
    extension String
    The extension config of the Threat Intelligence Indicator in JSON format.
    externalReferences List<Property Map>
    One or more external_reference blocks as defined below.
    granularMarkings List<Property Map>
    One or more granular_marking blocks as defined below.
    killChainPhases List<Property Map>
    One or more kill_chain_phase blocks as defined below.
    language String
    The language of the Threat Intelligence Indicator.
    objectMarkingRefs List<String>
    Specifies a list of Threat Intelligence marking references.
    patternVersion String
    The version of a Threat Intelligence entity.
    revoked Boolean
    Whether the Threat Intelligence entity revoked.
    tags List<String>
    Specifies a list of tags of the Threat Intelligence Indicator.
    threatTypes List<String>
    Specifies a list of threat types of this Threat Intelligence Indicator.
    validateUntilUtc String
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ThreatIntelligenceIndicator resource produces the following output properties:

    CreatedOn string
    The date of this Threat Intelligence Indicator created.
    Defanged bool
    Whether the Threat Intelligence entity is defanged?
    ExternalId string
    The external ID of the Threat Intelligence Indicator.
    ExternalLastUpdatedTimeUtc string
    the External last updated time in UTC.
    Guid string
    The guid of this Sentinel Threat Intelligence Indicator.
    Id string
    The provider-assigned unique ID for this managed resource.
    IndicatorTypes List<string>
    A list of indicator types of this Threat Intelligence Indicator.
    LastUpdatedTimeUtc string
    The last updated time of the Threat Intelligence Indicator in UTC.
    ParsedPatterns List<ThreatIntelligenceIndicatorParsedPattern>
    A parsed_pattern block as defined below.
    CreatedOn string
    The date of this Threat Intelligence Indicator created.
    Defanged bool
    Whether the Threat Intelligence entity is defanged?
    ExternalId string
    The external ID of the Threat Intelligence Indicator.
    ExternalLastUpdatedTimeUtc string
    the External last updated time in UTC.
    Guid string
    The guid of this Sentinel Threat Intelligence Indicator.
    Id string
    The provider-assigned unique ID for this managed resource.
    IndicatorTypes []string
    A list of indicator types of this Threat Intelligence Indicator.
    LastUpdatedTimeUtc string
    The last updated time of the Threat Intelligence Indicator in UTC.
    ParsedPatterns []ThreatIntelligenceIndicatorParsedPattern
    A parsed_pattern block as defined below.
    createdOn String
    The date of this Threat Intelligence Indicator created.
    defanged Boolean
    Whether the Threat Intelligence entity is defanged?
    externalId String
    The external ID of the Threat Intelligence Indicator.
    externalLastUpdatedTimeUtc String
    the External last updated time in UTC.
    guid String
    The guid of this Sentinel Threat Intelligence Indicator.
    id String
    The provider-assigned unique ID for this managed resource.
    indicatorTypes List<String>
    A list of indicator types of this Threat Intelligence Indicator.
    lastUpdatedTimeUtc String
    The last updated time of the Threat Intelligence Indicator in UTC.
    parsedPatterns List<ThreatIntelligenceIndicatorParsedPattern>
    A parsed_pattern block as defined below.
    createdOn string
    The date of this Threat Intelligence Indicator created.
    defanged boolean
    Whether the Threat Intelligence entity is defanged?
    externalId string
    The external ID of the Threat Intelligence Indicator.
    externalLastUpdatedTimeUtc string
    the External last updated time in UTC.
    guid string
    The guid of this Sentinel Threat Intelligence Indicator.
    id string
    The provider-assigned unique ID for this managed resource.
    indicatorTypes string[]
    A list of indicator types of this Threat Intelligence Indicator.
    lastUpdatedTimeUtc string
    The last updated time of the Threat Intelligence Indicator in UTC.
    parsedPatterns ThreatIntelligenceIndicatorParsedPattern[]
    A parsed_pattern block as defined below.
    created_on str
    The date of this Threat Intelligence Indicator created.
    defanged bool
    Whether the Threat Intelligence entity is defanged?
    external_id str
    The external ID of the Threat Intelligence Indicator.
    external_last_updated_time_utc str
    the External last updated time in UTC.
    guid str
    The guid of this Sentinel Threat Intelligence Indicator.
    id str
    The provider-assigned unique ID for this managed resource.
    indicator_types Sequence[str]
    A list of indicator types of this Threat Intelligence Indicator.
    last_updated_time_utc str
    The last updated time of the Threat Intelligence Indicator in UTC.
    parsed_patterns Sequence[ThreatIntelligenceIndicatorParsedPattern]
    A parsed_pattern block as defined below.
    createdOn String
    The date of this Threat Intelligence Indicator created.
    defanged Boolean
    Whether the Threat Intelligence entity is defanged?
    externalId String
    The external ID of the Threat Intelligence Indicator.
    externalLastUpdatedTimeUtc String
    the External last updated time in UTC.
    guid String
    The guid of this Sentinel Threat Intelligence Indicator.
    id String
    The provider-assigned unique ID for this managed resource.
    indicatorTypes List<String>
    A list of indicator types of this Threat Intelligence Indicator.
    lastUpdatedTimeUtc String
    The last updated time of the Threat Intelligence Indicator in UTC.
    parsedPatterns List<Property Map>
    A parsed_pattern block as defined below.

    Look up Existing ThreatIntelligenceIndicator Resource

    Get an existing ThreatIntelligenceIndicator resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ThreatIntelligenceIndicatorState, opts?: CustomResourceOptions): ThreatIntelligenceIndicator
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            confidence: Optional[int] = None,
            created_by: Optional[str] = None,
            created_on: Optional[str] = None,
            defanged: Optional[bool] = None,
            description: Optional[str] = None,
            display_name: Optional[str] = None,
            extension: Optional[str] = None,
            external_id: Optional[str] = None,
            external_last_updated_time_utc: Optional[str] = None,
            external_references: Optional[Sequence[ThreatIntelligenceIndicatorExternalReferenceArgs]] = None,
            granular_markings: Optional[Sequence[ThreatIntelligenceIndicatorGranularMarkingArgs]] = None,
            guid: Optional[str] = None,
            indicator_types: Optional[Sequence[str]] = None,
            kill_chain_phases: Optional[Sequence[ThreatIntelligenceIndicatorKillChainPhaseArgs]] = None,
            language: Optional[str] = None,
            last_updated_time_utc: Optional[str] = None,
            object_marking_refs: Optional[Sequence[str]] = None,
            parsed_patterns: Optional[Sequence[ThreatIntelligenceIndicatorParsedPatternArgs]] = None,
            pattern: Optional[str] = None,
            pattern_type: Optional[str] = None,
            pattern_version: Optional[str] = None,
            revoked: Optional[bool] = None,
            source: Optional[str] = None,
            tags: Optional[Sequence[str]] = None,
            threat_types: Optional[Sequence[str]] = None,
            validate_from_utc: Optional[str] = None,
            validate_until_utc: Optional[str] = None,
            workspace_id: Optional[str] = None) -> ThreatIntelligenceIndicator
    func GetThreatIntelligenceIndicator(ctx *Context, name string, id IDInput, state *ThreatIntelligenceIndicatorState, opts ...ResourceOption) (*ThreatIntelligenceIndicator, error)
    public static ThreatIntelligenceIndicator Get(string name, Input<string> id, ThreatIntelligenceIndicatorState? state, CustomResourceOptions? opts = null)
    public static ThreatIntelligenceIndicator get(String name, Output<String> id, ThreatIntelligenceIndicatorState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Confidence int
    Confidence levels of the Threat Intelligence Indicator.
    CreatedBy string
    The creator of the Threat Intelligence Indicator.
    CreatedOn string
    The date of this Threat Intelligence Indicator created.
    Defanged bool
    Whether the Threat Intelligence entity is defanged?
    Description string
    The description of the Threat Intelligence Indicator.
    DisplayName string
    The display name of the Threat Intelligence Indicator.
    Extension string
    The extension config of the Threat Intelligence Indicator in JSON format.
    ExternalId string
    The external ID of the Threat Intelligence Indicator.
    ExternalLastUpdatedTimeUtc string
    the External last updated time in UTC.
    ExternalReferences List<ThreatIntelligenceIndicatorExternalReference>
    One or more external_reference blocks as defined below.
    GranularMarkings List<ThreatIntelligenceIndicatorGranularMarking>
    One or more granular_marking blocks as defined below.
    Guid string
    The guid of this Sentinel Threat Intelligence Indicator.
    IndicatorTypes List<string>
    A list of indicator types of this Threat Intelligence Indicator.
    KillChainPhases List<ThreatIntelligenceIndicatorKillChainPhase>
    One or more kill_chain_phase blocks as defined below.
    Language string
    The language of the Threat Intelligence Indicator.
    LastUpdatedTimeUtc string
    The last updated time of the Threat Intelligence Indicator in UTC.
    ObjectMarkingRefs List<string>
    Specifies a list of Threat Intelligence marking references.
    ParsedPatterns List<ThreatIntelligenceIndicatorParsedPattern>
    A parsed_pattern block as defined below.
    Pattern string
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    PatternType string
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    PatternVersion string
    The version of a Threat Intelligence entity.
    Revoked bool
    Whether the Threat Intelligence entity revoked.
    Source string
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    Tags List<string>
    Specifies a list of tags of the Threat Intelligence Indicator.
    ThreatTypes List<string>
    Specifies a list of threat types of this Threat Intelligence Indicator.
    ValidateFromUtc string
    The start of validate date in RFC3339.
    ValidateUntilUtc string
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
    WorkspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
    Confidence int
    Confidence levels of the Threat Intelligence Indicator.
    CreatedBy string
    The creator of the Threat Intelligence Indicator.
    CreatedOn string
    The date of this Threat Intelligence Indicator created.
    Defanged bool
    Whether the Threat Intelligence entity is defanged?
    Description string
    The description of the Threat Intelligence Indicator.
    DisplayName string
    The display name of the Threat Intelligence Indicator.
    Extension string
    The extension config of the Threat Intelligence Indicator in JSON format.
    ExternalId string
    The external ID of the Threat Intelligence Indicator.
    ExternalLastUpdatedTimeUtc string
    the External last updated time in UTC.
    ExternalReferences []ThreatIntelligenceIndicatorExternalReferenceArgs
    One or more external_reference blocks as defined below.
    GranularMarkings []ThreatIntelligenceIndicatorGranularMarkingArgs
    One or more granular_marking blocks as defined below.
    Guid string
    The guid of this Sentinel Threat Intelligence Indicator.
    IndicatorTypes []string
    A list of indicator types of this Threat Intelligence Indicator.
    KillChainPhases []ThreatIntelligenceIndicatorKillChainPhaseArgs
    One or more kill_chain_phase blocks as defined below.
    Language string
    The language of the Threat Intelligence Indicator.
    LastUpdatedTimeUtc string
    The last updated time of the Threat Intelligence Indicator in UTC.
    ObjectMarkingRefs []string
    Specifies a list of Threat Intelligence marking references.
    ParsedPatterns []ThreatIntelligenceIndicatorParsedPatternArgs
    A parsed_pattern block as defined below.
    Pattern string
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    PatternType string
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    PatternVersion string
    The version of a Threat Intelligence entity.
    Revoked bool
    Whether the Threat Intelligence entity revoked.
    Source string
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    Tags []string
    Specifies a list of tags of the Threat Intelligence Indicator.
    ThreatTypes []string
    Specifies a list of threat types of this Threat Intelligence Indicator.
    ValidateFromUtc string
    The start of validate date in RFC3339.
    ValidateUntilUtc string
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
    WorkspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
    confidence Integer
    Confidence levels of the Threat Intelligence Indicator.
    createdBy String
    The creator of the Threat Intelligence Indicator.
    createdOn String
    The date of this Threat Intelligence Indicator created.
    defanged Boolean
    Whether the Threat Intelligence entity is defanged?
    description String
    The description of the Threat Intelligence Indicator.
    displayName String
    The display name of the Threat Intelligence Indicator.
    extension String
    The extension config of the Threat Intelligence Indicator in JSON format.
    externalId String
    The external ID of the Threat Intelligence Indicator.
    externalLastUpdatedTimeUtc String
    the External last updated time in UTC.
    externalReferences List<ThreatIntelligenceIndicatorExternalReference>
    One or more external_reference blocks as defined below.
    granularMarkings List<ThreatIntelligenceIndicatorGranularMarking>
    One or more granular_marking blocks as defined below.
    guid String
    The guid of this Sentinel Threat Intelligence Indicator.
    indicatorTypes List<String>
    A list of indicator types of this Threat Intelligence Indicator.
    killChainPhases List<ThreatIntelligenceIndicatorKillChainPhase>
    One or more kill_chain_phase blocks as defined below.
    language String
    The language of the Threat Intelligence Indicator.
    lastUpdatedTimeUtc String
    The last updated time of the Threat Intelligence Indicator in UTC.
    objectMarkingRefs List<String>
    Specifies a list of Threat Intelligence marking references.
    parsedPatterns List<ThreatIntelligenceIndicatorParsedPattern>
    A parsed_pattern block as defined below.
    pattern String
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    patternType String
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    patternVersion String
    The version of a Threat Intelligence entity.
    revoked Boolean
    Whether the Threat Intelligence entity revoked.
    source String
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    tags List<String>
    Specifies a list of tags of the Threat Intelligence Indicator.
    threatTypes List<String>
    Specifies a list of threat types of this Threat Intelligence Indicator.
    validateFromUtc String
    The start of validate date in RFC3339.
    validateUntilUtc String
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
    workspaceId String
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
    confidence number
    Confidence levels of the Threat Intelligence Indicator.
    createdBy string
    The creator of the Threat Intelligence Indicator.
    createdOn string
    The date of this Threat Intelligence Indicator created.
    defanged boolean
    Whether the Threat Intelligence entity is defanged?
    description string
    The description of the Threat Intelligence Indicator.
    displayName string
    The display name of the Threat Intelligence Indicator.
    extension string
    The extension config of the Threat Intelligence Indicator in JSON format.
    externalId string
    The external ID of the Threat Intelligence Indicator.
    externalLastUpdatedTimeUtc string
    the External last updated time in UTC.
    externalReferences ThreatIntelligenceIndicatorExternalReference[]
    One or more external_reference blocks as defined below.
    granularMarkings ThreatIntelligenceIndicatorGranularMarking[]
    One or more granular_marking blocks as defined below.
    guid string
    The guid of this Sentinel Threat Intelligence Indicator.
    indicatorTypes string[]
    A list of indicator types of this Threat Intelligence Indicator.
    killChainPhases ThreatIntelligenceIndicatorKillChainPhase[]
    One or more kill_chain_phase blocks as defined below.
    language string
    The language of the Threat Intelligence Indicator.
    lastUpdatedTimeUtc string
    The last updated time of the Threat Intelligence Indicator in UTC.
    objectMarkingRefs string[]
    Specifies a list of Threat Intelligence marking references.
    parsedPatterns ThreatIntelligenceIndicatorParsedPattern[]
    A parsed_pattern block as defined below.
    pattern string
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    patternType string
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    patternVersion string
    The version of a Threat Intelligence entity.
    revoked boolean
    Whether the Threat Intelligence entity revoked.
    source string
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    tags string[]
    Specifies a list of tags of the Threat Intelligence Indicator.
    threatTypes string[]
    Specifies a list of threat types of this Threat Intelligence Indicator.
    validateFromUtc string
    The start of validate date in RFC3339.
    validateUntilUtc string
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
    workspaceId string
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
    confidence int
    Confidence levels of the Threat Intelligence Indicator.
    created_by str
    The creator of the Threat Intelligence Indicator.
    created_on str
    The date of this Threat Intelligence Indicator created.
    defanged bool
    Whether the Threat Intelligence entity is defanged?
    description str
    The description of the Threat Intelligence Indicator.
    display_name str
    The display name of the Threat Intelligence Indicator.
    extension str
    The extension config of the Threat Intelligence Indicator in JSON format.
    external_id str
    The external ID of the Threat Intelligence Indicator.
    external_last_updated_time_utc str
    the External last updated time in UTC.
    external_references Sequence[ThreatIntelligenceIndicatorExternalReferenceArgs]
    One or more external_reference blocks as defined below.
    granular_markings Sequence[ThreatIntelligenceIndicatorGranularMarkingArgs]
    One or more granular_marking blocks as defined below.
    guid str
    The guid of this Sentinel Threat Intelligence Indicator.
    indicator_types Sequence[str]
    A list of indicator types of this Threat Intelligence Indicator.
    kill_chain_phases Sequence[ThreatIntelligenceIndicatorKillChainPhaseArgs]
    One or more kill_chain_phase blocks as defined below.
    language str
    The language of the Threat Intelligence Indicator.
    last_updated_time_utc str
    The last updated time of the Threat Intelligence Indicator in UTC.
    object_marking_refs Sequence[str]
    Specifies a list of Threat Intelligence marking references.
    parsed_patterns Sequence[ThreatIntelligenceIndicatorParsedPatternArgs]
    A parsed_pattern block as defined below.
    pattern str
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    pattern_type str
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    pattern_version str
    The version of a Threat Intelligence entity.
    revoked bool
    Whether the Threat Intelligence entity revoked.
    source str
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    tags Sequence[str]
    Specifies a list of tags of the Threat Intelligence Indicator.
    threat_types Sequence[str]
    Specifies a list of threat types of this Threat Intelligence Indicator.
    validate_from_utc str
    The start of validate date in RFC3339.
    validate_until_utc str
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
    workspace_id str
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
    confidence Number
    Confidence levels of the Threat Intelligence Indicator.
    createdBy String
    The creator of the Threat Intelligence Indicator.
    createdOn String
    The date of this Threat Intelligence Indicator created.
    defanged Boolean
    Whether the Threat Intelligence entity is defanged?
    description String
    The description of the Threat Intelligence Indicator.
    displayName String
    The display name of the Threat Intelligence Indicator.
    extension String
    The extension config of the Threat Intelligence Indicator in JSON format.
    externalId String
    The external ID of the Threat Intelligence Indicator.
    externalLastUpdatedTimeUtc String
    the External last updated time in UTC.
    externalReferences List<Property Map>
    One or more external_reference blocks as defined below.
    granularMarkings List<Property Map>
    One or more granular_marking blocks as defined below.
    guid String
    The guid of this Sentinel Threat Intelligence Indicator.
    indicatorTypes List<String>
    A list of indicator types of this Threat Intelligence Indicator.
    killChainPhases List<Property Map>
    One or more kill_chain_phase blocks as defined below.
    language String
    The language of the Threat Intelligence Indicator.
    lastUpdatedTimeUtc String
    The last updated time of the Threat Intelligence Indicator in UTC.
    objectMarkingRefs List<String>
    Specifies a list of Threat Intelligence marking references.
    parsedPatterns List<Property Map>
    A parsed_pattern block as defined below.
    pattern String
    The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
    patternType String
    The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
    patternVersion String
    The version of a Threat Intelligence entity.
    revoked Boolean
    Whether the Threat Intelligence entity revoked.
    source String
    Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
    tags List<String>
    Specifies a list of tags of the Threat Intelligence Indicator.
    threatTypes List<String>
    Specifies a list of threat types of this Threat Intelligence Indicator.
    validateFromUtc String
    The start of validate date in RFC3339.
    validateUntilUtc String
    The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
    workspaceId String
    The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.

    Supporting Types

    ThreatIntelligenceIndicatorExternalReference, ThreatIntelligenceIndicatorExternalReferenceArgs

    Description string
    The description of the external reference of the Threat Intelligence Indicator.
    Hashes Dictionary<string, string>
    The list of hashes of the external reference of the Threat Intelligence Indicator.
    Id string
    The ID of the Sentinel Threat Intelligence Indicator.
    SourceName string
    The source name of the external reference of the Threat Intelligence Indicator.
    Url string
    The url of the external reference of the Threat Intelligence Indicator.
    Description string
    The description of the external reference of the Threat Intelligence Indicator.
    Hashes map[string]string
    The list of hashes of the external reference of the Threat Intelligence Indicator.
    Id string
    The ID of the Sentinel Threat Intelligence Indicator.
    SourceName string
    The source name of the external reference of the Threat Intelligence Indicator.
    Url string
    The url of the external reference of the Threat Intelligence Indicator.
    description String
    The description of the external reference of the Threat Intelligence Indicator.
    hashes Map<String,String>
    The list of hashes of the external reference of the Threat Intelligence Indicator.
    id String
    The ID of the Sentinel Threat Intelligence Indicator.
    sourceName String
    The source name of the external reference of the Threat Intelligence Indicator.
    url String
    The url of the external reference of the Threat Intelligence Indicator.
    description string
    The description of the external reference of the Threat Intelligence Indicator.
    hashes {[key: string]: string}
    The list of hashes of the external reference of the Threat Intelligence Indicator.
    id string
    The ID of the Sentinel Threat Intelligence Indicator.
    sourceName string
    The source name of the external reference of the Threat Intelligence Indicator.
    url string
    The url of the external reference of the Threat Intelligence Indicator.
    description str
    The description of the external reference of the Threat Intelligence Indicator.
    hashes Mapping[str, str]
    The list of hashes of the external reference of the Threat Intelligence Indicator.
    id str
    The ID of the Sentinel Threat Intelligence Indicator.
    source_name str
    The source name of the external reference of the Threat Intelligence Indicator.
    url str
    The url of the external reference of the Threat Intelligence Indicator.
    description String
    The description of the external reference of the Threat Intelligence Indicator.
    hashes Map<String>
    The list of hashes of the external reference of the Threat Intelligence Indicator.
    id String
    The ID of the Sentinel Threat Intelligence Indicator.
    sourceName String
    The source name of the external reference of the Threat Intelligence Indicator.
    url String
    The url of the external reference of the Threat Intelligence Indicator.

    ThreatIntelligenceIndicatorGranularMarking, ThreatIntelligenceIndicatorGranularMarkingArgs

    Language string
    The language of granular marking of the Threat Intelligence Indicator.
    MarkingRef string
    The reference of the granular marking of the Threat Intelligence Indicator.
    Selectors List<string>
    A list of selectors of the granular marking of the Threat Intelligence Indicator.
    Language string
    The language of granular marking of the Threat Intelligence Indicator.
    MarkingRef string
    The reference of the granular marking of the Threat Intelligence Indicator.
    Selectors []string
    A list of selectors of the granular marking of the Threat Intelligence Indicator.
    language String
    The language of granular marking of the Threat Intelligence Indicator.
    markingRef String
    The reference of the granular marking of the Threat Intelligence Indicator.
    selectors List<String>
    A list of selectors of the granular marking of the Threat Intelligence Indicator.
    language string
    The language of granular marking of the Threat Intelligence Indicator.
    markingRef string
    The reference of the granular marking of the Threat Intelligence Indicator.
    selectors string[]
    A list of selectors of the granular marking of the Threat Intelligence Indicator.
    language str
    The language of granular marking of the Threat Intelligence Indicator.
    marking_ref str
    The reference of the granular marking of the Threat Intelligence Indicator.
    selectors Sequence[str]
    A list of selectors of the granular marking of the Threat Intelligence Indicator.
    language String
    The language of granular marking of the Threat Intelligence Indicator.
    markingRef String
    The reference of the granular marking of the Threat Intelligence Indicator.
    selectors List<String>
    A list of selectors of the granular marking of the Threat Intelligence Indicator.

    ThreatIntelligenceIndicatorKillChainPhase, ThreatIntelligenceIndicatorKillChainPhaseArgs

    Name string
    The name which should be used for the Lockheed Martin cyber kill chain phase.
    Name string
    The name which should be used for the Lockheed Martin cyber kill chain phase.
    name String
    The name which should be used for the Lockheed Martin cyber kill chain phase.
    name string
    The name which should be used for the Lockheed Martin cyber kill chain phase.
    name str
    The name which should be used for the Lockheed Martin cyber kill chain phase.
    name String
    The name which should be used for the Lockheed Martin cyber kill chain phase.

    ThreatIntelligenceIndicatorParsedPattern, ThreatIntelligenceIndicatorParsedPatternArgs

    PatternTypeKey string
    The type key of parsed pattern.
    PatternTypeValues List<ThreatIntelligenceIndicatorParsedPatternPatternTypeValue>
    A pattern_type_values block as defined below.
    PatternTypeKey string
    The type key of parsed pattern.
    PatternTypeValues []ThreatIntelligenceIndicatorParsedPatternPatternTypeValue
    A pattern_type_values block as defined below.
    patternTypeKey String
    The type key of parsed pattern.
    patternTypeValues List<ThreatIntelligenceIndicatorParsedPatternPatternTypeValue>
    A pattern_type_values block as defined below.
    patternTypeKey string
    The type key of parsed pattern.
    patternTypeValues ThreatIntelligenceIndicatorParsedPatternPatternTypeValue[]
    A pattern_type_values block as defined below.
    pattern_type_key str
    The type key of parsed pattern.
    pattern_type_values Sequence[ThreatIntelligenceIndicatorParsedPatternPatternTypeValue]
    A pattern_type_values block as defined below.
    patternTypeKey String
    The type key of parsed pattern.
    patternTypeValues List<Property Map>
    A pattern_type_values block as defined below.

    ThreatIntelligenceIndicatorParsedPatternPatternTypeValue, ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs

    Value string
    The value of the parsed pattern type.
    ValueType string
    The type of the value of the parsed pattern type value.
    Value string
    The value of the parsed pattern type.
    ValueType string
    The type of the value of the parsed pattern type value.
    value String
    The value of the parsed pattern type.
    valueType String
    The type of the value of the parsed pattern type value.
    value string
    The value of the parsed pattern type.
    valueType string
    The type of the value of the parsed pattern type value.
    value str
    The value of the parsed pattern type.
    value_type str
    The type of the value of the parsed pattern type value.
    value String
    The value of the parsed pattern type.
    valueType String
    The type of the value of the parsed pattern type value.

    Import

    Sentinel Threat Intelligence Indicators can be imported using the resource id, e.g.

    $ pulumi import azure:sentinel/threatIntelligenceIndicator:ThreatIntelligenceIndicator example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi