We recommend using Azure Native.
azure.sentinel.ThreatIntelligenceIndicator
Explore with Pulumi AI
Manages a Sentinel Threat Intelligence Indicator.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-rg",
location: "east us",
});
const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
name: "example-law",
location: example.location,
resourceGroupName: example.name,
sku: "PerGB2018",
retentionInDays: 30,
});
const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", {workspaceId: exampleAnalyticsWorkspace.id});
const exampleThreatIntelligenceIndicator = new azure.sentinel.ThreatIntelligenceIndicator("example", {
workspaceId: exampleLogAnalyticsWorkspaceOnboarding.workspaceId,
patternType: "domain-name",
pattern: "http://example.com",
source: "Microsoft Sentinel",
validateFromUtc: "2022-12-14T16:00:00Z",
displayName: "example-indicator",
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-rg",
location="east us")
example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
name="example-law",
location=example.location,
resource_group_name=example.name,
sku="PerGB2018",
retention_in_days=30)
example_log_analytics_workspace_onboarding = azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", workspace_id=example_analytics_workspace.id)
example_threat_intelligence_indicator = azure.sentinel.ThreatIntelligenceIndicator("example",
workspace_id=example_log_analytics_workspace_onboarding.workspace_id,
pattern_type="domain-name",
pattern="http://example.com",
source="Microsoft Sentinel",
validate_from_utc="2022-12-14T16:00:00Z",
display_name="example-indicator")
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-rg"),
Location: pulumi.String("east us"),
})
if err != nil {
return err
}
exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
Name: pulumi.String("example-law"),
Location: example.Location,
ResourceGroupName: example.Name,
Sku: pulumi.String("PerGB2018"),
RetentionInDays: pulumi.Int(30),
})
if err != nil {
return err
}
exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
WorkspaceId: exampleAnalyticsWorkspace.ID(),
})
if err != nil {
return err
}
_, err = sentinel.NewThreatIntelligenceIndicator(ctx, "example", &sentinel.ThreatIntelligenceIndicatorArgs{
WorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
PatternType: pulumi.String("domain-name"),
Pattern: pulumi.String("http://example.com"),
Source: pulumi.String("Microsoft Sentinel"),
ValidateFromUtc: pulumi.String("2022-12-14T16:00:00Z"),
DisplayName: pulumi.String("example-indicator"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-rg",
Location = "east us",
});
var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
{
Name = "example-law",
Location = example.Location,
ResourceGroupName = example.Name,
Sku = "PerGB2018",
RetentionInDays = 30,
});
var exampleLogAnalyticsWorkspaceOnboarding = new Azure.Sentinel.LogAnalyticsWorkspaceOnboarding("example", new()
{
WorkspaceId = exampleAnalyticsWorkspace.Id,
});
var exampleThreatIntelligenceIndicator = new Azure.Sentinel.ThreatIntelligenceIndicator("example", new()
{
WorkspaceId = exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
PatternType = "domain-name",
Pattern = "http://example.com",
Source = "Microsoft Sentinel",
ValidateFromUtc = "2022-12-14T16:00:00Z",
DisplayName = "example-indicator",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
import com.pulumi.azure.sentinel.ThreatIntelligenceIndicator;
import com.pulumi.azure.sentinel.ThreatIntelligenceIndicatorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-rg")
.location("east us")
.build());
var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
.name("example-law")
.location(example.location())
.resourceGroupName(example.name())
.sku("PerGB2018")
.retentionInDays(30)
.build());
var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()
.workspaceId(exampleAnalyticsWorkspace.id())
.build());
var exampleThreatIntelligenceIndicator = new ThreatIntelligenceIndicator("exampleThreatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()
.workspaceId(exampleLogAnalyticsWorkspaceOnboarding.workspaceId())
.patternType("domain-name")
.pattern("http://example.com")
.source("Microsoft Sentinel")
.validateFromUtc("2022-12-14T16:00:00Z")
.displayName("example-indicator")
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-rg
location: east us
exampleAnalyticsWorkspace:
type: azure:operationalinsights:AnalyticsWorkspace
name: example
properties:
name: example-law
location: ${example.location}
resourceGroupName: ${example.name}
sku: PerGB2018
retentionInDays: 30
exampleLogAnalyticsWorkspaceOnboarding:
type: azure:sentinel:LogAnalyticsWorkspaceOnboarding
name: example
properties:
workspaceId: ${exampleAnalyticsWorkspace.id}
exampleThreatIntelligenceIndicator:
type: azure:sentinel:ThreatIntelligenceIndicator
name: example
properties:
workspaceId: ${exampleLogAnalyticsWorkspaceOnboarding.workspaceId}
patternType: domain-name
pattern: http://example.com
source: Microsoft Sentinel
validateFromUtc: 2022-12-14T16:00:00Z
displayName: example-indicator
Create ThreatIntelligenceIndicator Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ThreatIntelligenceIndicator(name: string, args: ThreatIntelligenceIndicatorArgs, opts?: CustomResourceOptions);
@overload
def ThreatIntelligenceIndicator(resource_name: str,
args: ThreatIntelligenceIndicatorArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ThreatIntelligenceIndicator(resource_name: str,
opts: Optional[ResourceOptions] = None,
pattern: Optional[str] = None,
workspace_id: Optional[str] = None,
validate_from_utc: Optional[str] = None,
display_name: Optional[str] = None,
source: Optional[str] = None,
pattern_type: Optional[str] = None,
external_references: Optional[Sequence[ThreatIntelligenceIndicatorExternalReferenceArgs]] = None,
revoked: Optional[bool] = None,
language: Optional[str] = None,
object_marking_refs: Optional[Sequence[str]] = None,
granular_markings: Optional[Sequence[ThreatIntelligenceIndicatorGranularMarkingArgs]] = None,
confidence: Optional[int] = None,
pattern_version: Optional[str] = None,
kill_chain_phases: Optional[Sequence[ThreatIntelligenceIndicatorKillChainPhaseArgs]] = None,
extension: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
threat_types: Optional[Sequence[str]] = None,
description: Optional[str] = None,
validate_until_utc: Optional[str] = None,
created_by: Optional[str] = None)
func NewThreatIntelligenceIndicator(ctx *Context, name string, args ThreatIntelligenceIndicatorArgs, opts ...ResourceOption) (*ThreatIntelligenceIndicator, error)
public ThreatIntelligenceIndicator(string name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions? opts = null)
public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args)
public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions options)
type: azure:sentinel:ThreatIntelligenceIndicator
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var threatIntelligenceIndicatorResource = new Azure.Sentinel.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", new()
{
Pattern = "string",
WorkspaceId = "string",
ValidateFromUtc = "string",
DisplayName = "string",
Source = "string",
PatternType = "string",
ExternalReferences = new[]
{
new Azure.Sentinel.Inputs.ThreatIntelligenceIndicatorExternalReferenceArgs
{
Description = "string",
Hashes =
{
{ "string", "string" },
},
Id = "string",
SourceName = "string",
Url = "string",
},
},
Revoked = false,
Language = "string",
ObjectMarkingRefs = new[]
{
"string",
},
GranularMarkings = new[]
{
new Azure.Sentinel.Inputs.ThreatIntelligenceIndicatorGranularMarkingArgs
{
Language = "string",
MarkingRef = "string",
Selectors = new[]
{
"string",
},
},
},
Confidence = 0,
PatternVersion = "string",
KillChainPhases = new[]
{
new Azure.Sentinel.Inputs.ThreatIntelligenceIndicatorKillChainPhaseArgs
{
Name = "string",
},
},
Extension = "string",
Tags = new[]
{
"string",
},
ThreatTypes = new[]
{
"string",
},
Description = "string",
ValidateUntilUtc = "string",
CreatedBy = "string",
});
example, err := sentinel.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicatorResource", &sentinel.ThreatIntelligenceIndicatorArgs{
Pattern: pulumi.String("string"),
WorkspaceId: pulumi.String("string"),
ValidateFromUtc: pulumi.String("string"),
DisplayName: pulumi.String("string"),
Source: pulumi.String("string"),
PatternType: pulumi.String("string"),
ExternalReferences: sentinel.ThreatIntelligenceIndicatorExternalReferenceArray{
&sentinel.ThreatIntelligenceIndicatorExternalReferenceArgs{
Description: pulumi.String("string"),
Hashes: pulumi.StringMap{
"string": pulumi.String("string"),
},
Id: pulumi.String("string"),
SourceName: pulumi.String("string"),
Url: pulumi.String("string"),
},
},
Revoked: pulumi.Bool(false),
Language: pulumi.String("string"),
ObjectMarkingRefs: pulumi.StringArray{
pulumi.String("string"),
},
GranularMarkings: sentinel.ThreatIntelligenceIndicatorGranularMarkingArray{
&sentinel.ThreatIntelligenceIndicatorGranularMarkingArgs{
Language: pulumi.String("string"),
MarkingRef: pulumi.String("string"),
Selectors: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Confidence: pulumi.Int(0),
PatternVersion: pulumi.String("string"),
KillChainPhases: sentinel.ThreatIntelligenceIndicatorKillChainPhaseArray{
&sentinel.ThreatIntelligenceIndicatorKillChainPhaseArgs{
Name: pulumi.String("string"),
},
},
Extension: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
ThreatTypes: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
ValidateUntilUtc: pulumi.String("string"),
CreatedBy: pulumi.String("string"),
})
var threatIntelligenceIndicatorResource = new ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", ThreatIntelligenceIndicatorArgs.builder()
.pattern("string")
.workspaceId("string")
.validateFromUtc("string")
.displayName("string")
.source("string")
.patternType("string")
.externalReferences(ThreatIntelligenceIndicatorExternalReferenceArgs.builder()
.description("string")
.hashes(Map.of("string", "string"))
.id("string")
.sourceName("string")
.url("string")
.build())
.revoked(false)
.language("string")
.objectMarkingRefs("string")
.granularMarkings(ThreatIntelligenceIndicatorGranularMarkingArgs.builder()
.language("string")
.markingRef("string")
.selectors("string")
.build())
.confidence(0)
.patternVersion("string")
.killChainPhases(ThreatIntelligenceIndicatorKillChainPhaseArgs.builder()
.name("string")
.build())
.extension("string")
.tags("string")
.threatTypes("string")
.description("string")
.validateUntilUtc("string")
.createdBy("string")
.build());
threat_intelligence_indicator_resource = azure.sentinel.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource",
pattern="string",
workspace_id="string",
validate_from_utc="string",
display_name="string",
source="string",
pattern_type="string",
external_references=[{
"description": "string",
"hashes": {
"string": "string",
},
"id": "string",
"source_name": "string",
"url": "string",
}],
revoked=False,
language="string",
object_marking_refs=["string"],
granular_markings=[{
"language": "string",
"marking_ref": "string",
"selectors": ["string"],
}],
confidence=0,
pattern_version="string",
kill_chain_phases=[{
"name": "string",
}],
extension="string",
tags=["string"],
threat_types=["string"],
description="string",
validate_until_utc="string",
created_by="string")
const threatIntelligenceIndicatorResource = new azure.sentinel.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", {
pattern: "string",
workspaceId: "string",
validateFromUtc: "string",
displayName: "string",
source: "string",
patternType: "string",
externalReferences: [{
description: "string",
hashes: {
string: "string",
},
id: "string",
sourceName: "string",
url: "string",
}],
revoked: false,
language: "string",
objectMarkingRefs: ["string"],
granularMarkings: [{
language: "string",
markingRef: "string",
selectors: ["string"],
}],
confidence: 0,
patternVersion: "string",
killChainPhases: [{
name: "string",
}],
extension: "string",
tags: ["string"],
threatTypes: ["string"],
description: "string",
validateUntilUtc: "string",
createdBy: "string",
});
type: azure:sentinel:ThreatIntelligenceIndicator
properties:
confidence: 0
createdBy: string
description: string
displayName: string
extension: string
externalReferences:
- description: string
hashes:
string: string
id: string
sourceName: string
url: string
granularMarkings:
- language: string
markingRef: string
selectors:
- string
killChainPhases:
- name: string
language: string
objectMarkingRefs:
- string
pattern: string
patternType: string
patternVersion: string
revoked: false
source: string
tags:
- string
threatTypes:
- string
validateFromUtc: string
validateUntilUtc: string
workspaceId: string
ThreatIntelligenceIndicator Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ThreatIntelligenceIndicator resource accepts the following input properties:
- Display
Name string - The display name of the Threat Intelligence Indicator.
- Pattern string
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - Pattern
Type string - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - Source string
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- Validate
From stringUtc - The start of validate date in RFC3339.
- Workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
- Confidence int
- Confidence levels of the Threat Intelligence Indicator.
- Created
By string - The creator of the Threat Intelligence Indicator.
- Description string
- The description of the Threat Intelligence Indicator.
- Extension string
- The extension config of the Threat Intelligence Indicator in JSON format.
- External
References List<ThreatIntelligence Indicator External Reference> - One or more
external_reference
blocks as defined below. - Granular
Markings List<ThreatIntelligence Indicator Granular Marking> - One or more
granular_marking
blocks as defined below. - Kill
Chain List<ThreatPhases Intelligence Indicator Kill Chain Phase> - One or more
kill_chain_phase
blocks as defined below. - Language string
- The language of the Threat Intelligence Indicator.
- Object
Marking List<string>Refs - Specifies a list of Threat Intelligence marking references.
- Pattern
Version string - The version of a Threat Intelligence entity.
- Revoked bool
- Whether the Threat Intelligence entity revoked.
- List<string>
- Specifies a list of tags of the Threat Intelligence Indicator.
- Threat
Types List<string> - Specifies a list of threat types of this Threat Intelligence Indicator.
- Validate
Until stringUtc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
- Display
Name string - The display name of the Threat Intelligence Indicator.
- Pattern string
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - Pattern
Type string - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - Source string
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- Validate
From stringUtc - The start of validate date in RFC3339.
- Workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
- Confidence int
- Confidence levels of the Threat Intelligence Indicator.
- Created
By string - The creator of the Threat Intelligence Indicator.
- Description string
- The description of the Threat Intelligence Indicator.
- Extension string
- The extension config of the Threat Intelligence Indicator in JSON format.
- External
References []ThreatIntelligence Indicator External Reference Args - One or more
external_reference
blocks as defined below. - Granular
Markings []ThreatIntelligence Indicator Granular Marking Args - One or more
granular_marking
blocks as defined below. - Kill
Chain []ThreatPhases Intelligence Indicator Kill Chain Phase Args - One or more
kill_chain_phase
blocks as defined below. - Language string
- The language of the Threat Intelligence Indicator.
- Object
Marking []stringRefs - Specifies a list of Threat Intelligence marking references.
- Pattern
Version string - The version of a Threat Intelligence entity.
- Revoked bool
- Whether the Threat Intelligence entity revoked.
- []string
- Specifies a list of tags of the Threat Intelligence Indicator.
- Threat
Types []string - Specifies a list of threat types of this Threat Intelligence Indicator.
- Validate
Until stringUtc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
- display
Name String - The display name of the Threat Intelligence Indicator.
- pattern String
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - pattern
Type String - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - source String
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- validate
From StringUtc - The start of validate date in RFC3339.
- workspace
Id String - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
- confidence Integer
- Confidence levels of the Threat Intelligence Indicator.
- created
By String - The creator of the Threat Intelligence Indicator.
- description String
- The description of the Threat Intelligence Indicator.
- extension String
- The extension config of the Threat Intelligence Indicator in JSON format.
- external
References List<ThreatIntelligence Indicator External Reference> - One or more
external_reference
blocks as defined below. - granular
Markings List<ThreatIntelligence Indicator Granular Marking> - One or more
granular_marking
blocks as defined below. - kill
Chain List<ThreatPhases Intelligence Indicator Kill Chain Phase> - One or more
kill_chain_phase
blocks as defined below. - language String
- The language of the Threat Intelligence Indicator.
- object
Marking List<String>Refs - Specifies a list of Threat Intelligence marking references.
- pattern
Version String - The version of a Threat Intelligence entity.
- revoked Boolean
- Whether the Threat Intelligence entity revoked.
- List<String>
- Specifies a list of tags of the Threat Intelligence Indicator.
- threat
Types List<String> - Specifies a list of threat types of this Threat Intelligence Indicator.
- validate
Until StringUtc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
- display
Name string - The display name of the Threat Intelligence Indicator.
- pattern string
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - pattern
Type string - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - source string
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- validate
From stringUtc - The start of validate date in RFC3339.
- workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
- confidence number
- Confidence levels of the Threat Intelligence Indicator.
- created
By string - The creator of the Threat Intelligence Indicator.
- description string
- The description of the Threat Intelligence Indicator.
- extension string
- The extension config of the Threat Intelligence Indicator in JSON format.
- external
References ThreatIntelligence Indicator External Reference[] - One or more
external_reference
blocks as defined below. - granular
Markings ThreatIntelligence Indicator Granular Marking[] - One or more
granular_marking
blocks as defined below. - kill
Chain ThreatPhases Intelligence Indicator Kill Chain Phase[] - One or more
kill_chain_phase
blocks as defined below. - language string
- The language of the Threat Intelligence Indicator.
- object
Marking string[]Refs - Specifies a list of Threat Intelligence marking references.
- pattern
Version string - The version of a Threat Intelligence entity.
- revoked boolean
- Whether the Threat Intelligence entity revoked.
- string[]
- Specifies a list of tags of the Threat Intelligence Indicator.
- threat
Types string[] - Specifies a list of threat types of this Threat Intelligence Indicator.
- validate
Until stringUtc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
- display_
name str - The display name of the Threat Intelligence Indicator.
- pattern str
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - pattern_
type str - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - source str
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- validate_
from_ strutc - The start of validate date in RFC3339.
- workspace_
id str - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
- confidence int
- Confidence levels of the Threat Intelligence Indicator.
- created_
by str - The creator of the Threat Intelligence Indicator.
- description str
- The description of the Threat Intelligence Indicator.
- extension str
- The extension config of the Threat Intelligence Indicator in JSON format.
- external_
references Sequence[ThreatIntelligence Indicator External Reference Args] - One or more
external_reference
blocks as defined below. - granular_
markings Sequence[ThreatIntelligence Indicator Granular Marking Args] - One or more
granular_marking
blocks as defined below. - kill_
chain_ Sequence[Threatphases Intelligence Indicator Kill Chain Phase Args] - One or more
kill_chain_phase
blocks as defined below. - language str
- The language of the Threat Intelligence Indicator.
- object_
marking_ Sequence[str]refs - Specifies a list of Threat Intelligence marking references.
- pattern_
version str - The version of a Threat Intelligence entity.
- revoked bool
- Whether the Threat Intelligence entity revoked.
- Sequence[str]
- Specifies a list of tags of the Threat Intelligence Indicator.
- threat_
types Sequence[str] - Specifies a list of threat types of this Threat Intelligence Indicator.
- validate_
until_ strutc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
- display
Name String - The display name of the Threat Intelligence Indicator.
- pattern String
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - pattern
Type String - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - source String
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- validate
From StringUtc - The start of validate date in RFC3339.
- workspace
Id String - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
- confidence Number
- Confidence levels of the Threat Intelligence Indicator.
- created
By String - The creator of the Threat Intelligence Indicator.
- description String
- The description of the Threat Intelligence Indicator.
- extension String
- The extension config of the Threat Intelligence Indicator in JSON format.
- external
References List<Property Map> - One or more
external_reference
blocks as defined below. - granular
Markings List<Property Map> - One or more
granular_marking
blocks as defined below. - kill
Chain List<Property Map>Phases - One or more
kill_chain_phase
blocks as defined below. - language String
- The language of the Threat Intelligence Indicator.
- object
Marking List<String>Refs - Specifies a list of Threat Intelligence marking references.
- pattern
Version String - The version of a Threat Intelligence entity.
- revoked Boolean
- Whether the Threat Intelligence entity revoked.
- List<String>
- Specifies a list of tags of the Threat Intelligence Indicator.
- threat
Types List<String> - Specifies a list of threat types of this Threat Intelligence Indicator.
- validate
Until StringUtc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
Outputs
All input properties are implicitly available as output properties. Additionally, the ThreatIntelligenceIndicator resource produces the following output properties:
- Created
On string - The date of this Threat Intelligence Indicator created.
- Defanged bool
- Whether the Threat Intelligence entity is defanged?
- External
Id string - The external ID of the Threat Intelligence Indicator.
- External
Last stringUpdated Time Utc - the External last updated time in UTC.
- Guid string
- The guid of this Sentinel Threat Intelligence Indicator.
- Id string
- The provider-assigned unique ID for this managed resource.
- Indicator
Types List<string> - A list of indicator types of this Threat Intelligence Indicator.
- Last
Updated stringTime Utc - The last updated time of the Threat Intelligence Indicator in UTC.
- Parsed
Patterns List<ThreatIntelligence Indicator Parsed Pattern> - A
parsed_pattern
block as defined below.
- Created
On string - The date of this Threat Intelligence Indicator created.
- Defanged bool
- Whether the Threat Intelligence entity is defanged?
- External
Id string - The external ID of the Threat Intelligence Indicator.
- External
Last stringUpdated Time Utc - the External last updated time in UTC.
- Guid string
- The guid of this Sentinel Threat Intelligence Indicator.
- Id string
- The provider-assigned unique ID for this managed resource.
- Indicator
Types []string - A list of indicator types of this Threat Intelligence Indicator.
- Last
Updated stringTime Utc - The last updated time of the Threat Intelligence Indicator in UTC.
- Parsed
Patterns []ThreatIntelligence Indicator Parsed Pattern - A
parsed_pattern
block as defined below.
- created
On String - The date of this Threat Intelligence Indicator created.
- defanged Boolean
- Whether the Threat Intelligence entity is defanged?
- external
Id String - The external ID of the Threat Intelligence Indicator.
- external
Last StringUpdated Time Utc - the External last updated time in UTC.
- guid String
- The guid of this Sentinel Threat Intelligence Indicator.
- id String
- The provider-assigned unique ID for this managed resource.
- indicator
Types List<String> - A list of indicator types of this Threat Intelligence Indicator.
- last
Updated StringTime Utc - The last updated time of the Threat Intelligence Indicator in UTC.
- parsed
Patterns List<ThreatIntelligence Indicator Parsed Pattern> - A
parsed_pattern
block as defined below.
- created
On string - The date of this Threat Intelligence Indicator created.
- defanged boolean
- Whether the Threat Intelligence entity is defanged?
- external
Id string - The external ID of the Threat Intelligence Indicator.
- external
Last stringUpdated Time Utc - the External last updated time in UTC.
- guid string
- The guid of this Sentinel Threat Intelligence Indicator.
- id string
- The provider-assigned unique ID for this managed resource.
- indicator
Types string[] - A list of indicator types of this Threat Intelligence Indicator.
- last
Updated stringTime Utc - The last updated time of the Threat Intelligence Indicator in UTC.
- parsed
Patterns ThreatIntelligence Indicator Parsed Pattern[] - A
parsed_pattern
block as defined below.
- created_
on str - The date of this Threat Intelligence Indicator created.
- defanged bool
- Whether the Threat Intelligence entity is defanged?
- external_
id str - The external ID of the Threat Intelligence Indicator.
- external_
last_ strupdated_ time_ utc - the External last updated time in UTC.
- guid str
- The guid of this Sentinel Threat Intelligence Indicator.
- id str
- The provider-assigned unique ID for this managed resource.
- indicator_
types Sequence[str] - A list of indicator types of this Threat Intelligence Indicator.
- last_
updated_ strtime_ utc - The last updated time of the Threat Intelligence Indicator in UTC.
- parsed_
patterns Sequence[ThreatIntelligence Indicator Parsed Pattern] - A
parsed_pattern
block as defined below.
- created
On String - The date of this Threat Intelligence Indicator created.
- defanged Boolean
- Whether the Threat Intelligence entity is defanged?
- external
Id String - The external ID of the Threat Intelligence Indicator.
- external
Last StringUpdated Time Utc - the External last updated time in UTC.
- guid String
- The guid of this Sentinel Threat Intelligence Indicator.
- id String
- The provider-assigned unique ID for this managed resource.
- indicator
Types List<String> - A list of indicator types of this Threat Intelligence Indicator.
- last
Updated StringTime Utc - The last updated time of the Threat Intelligence Indicator in UTC.
- parsed
Patterns List<Property Map> - A
parsed_pattern
block as defined below.
Look up Existing ThreatIntelligenceIndicator Resource
Get an existing ThreatIntelligenceIndicator resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ThreatIntelligenceIndicatorState, opts?: CustomResourceOptions): ThreatIntelligenceIndicator
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
confidence: Optional[int] = None,
created_by: Optional[str] = None,
created_on: Optional[str] = None,
defanged: Optional[bool] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
extension: Optional[str] = None,
external_id: Optional[str] = None,
external_last_updated_time_utc: Optional[str] = None,
external_references: Optional[Sequence[ThreatIntelligenceIndicatorExternalReferenceArgs]] = None,
granular_markings: Optional[Sequence[ThreatIntelligenceIndicatorGranularMarkingArgs]] = None,
guid: Optional[str] = None,
indicator_types: Optional[Sequence[str]] = None,
kill_chain_phases: Optional[Sequence[ThreatIntelligenceIndicatorKillChainPhaseArgs]] = None,
language: Optional[str] = None,
last_updated_time_utc: Optional[str] = None,
object_marking_refs: Optional[Sequence[str]] = None,
parsed_patterns: Optional[Sequence[ThreatIntelligenceIndicatorParsedPatternArgs]] = None,
pattern: Optional[str] = None,
pattern_type: Optional[str] = None,
pattern_version: Optional[str] = None,
revoked: Optional[bool] = None,
source: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
threat_types: Optional[Sequence[str]] = None,
validate_from_utc: Optional[str] = None,
validate_until_utc: Optional[str] = None,
workspace_id: Optional[str] = None) -> ThreatIntelligenceIndicator
func GetThreatIntelligenceIndicator(ctx *Context, name string, id IDInput, state *ThreatIntelligenceIndicatorState, opts ...ResourceOption) (*ThreatIntelligenceIndicator, error)
public static ThreatIntelligenceIndicator Get(string name, Input<string> id, ThreatIntelligenceIndicatorState? state, CustomResourceOptions? opts = null)
public static ThreatIntelligenceIndicator get(String name, Output<String> id, ThreatIntelligenceIndicatorState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Confidence int
- Confidence levels of the Threat Intelligence Indicator.
- Created
By string - The creator of the Threat Intelligence Indicator.
- Created
On string - The date of this Threat Intelligence Indicator created.
- Defanged bool
- Whether the Threat Intelligence entity is defanged?
- Description string
- The description of the Threat Intelligence Indicator.
- Display
Name string - The display name of the Threat Intelligence Indicator.
- Extension string
- The extension config of the Threat Intelligence Indicator in JSON format.
- External
Id string - The external ID of the Threat Intelligence Indicator.
- External
Last stringUpdated Time Utc - the External last updated time in UTC.
- External
References List<ThreatIntelligence Indicator External Reference> - One or more
external_reference
blocks as defined below. - Granular
Markings List<ThreatIntelligence Indicator Granular Marking> - One or more
granular_marking
blocks as defined below. - Guid string
- The guid of this Sentinel Threat Intelligence Indicator.
- Indicator
Types List<string> - A list of indicator types of this Threat Intelligence Indicator.
- Kill
Chain List<ThreatPhases Intelligence Indicator Kill Chain Phase> - One or more
kill_chain_phase
blocks as defined below. - Language string
- The language of the Threat Intelligence Indicator.
- Last
Updated stringTime Utc - The last updated time of the Threat Intelligence Indicator in UTC.
- Object
Marking List<string>Refs - Specifies a list of Threat Intelligence marking references.
- Parsed
Patterns List<ThreatIntelligence Indicator Parsed Pattern> - A
parsed_pattern
block as defined below. - Pattern string
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - Pattern
Type string - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - Pattern
Version string - The version of a Threat Intelligence entity.
- Revoked bool
- Whether the Threat Intelligence entity revoked.
- Source string
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- List<string>
- Specifies a list of tags of the Threat Intelligence Indicator.
- Threat
Types List<string> - Specifies a list of threat types of this Threat Intelligence Indicator.
- Validate
From stringUtc - The start of validate date in RFC3339.
- Validate
Until stringUtc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
- Workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
- Confidence int
- Confidence levels of the Threat Intelligence Indicator.
- Created
By string - The creator of the Threat Intelligence Indicator.
- Created
On string - The date of this Threat Intelligence Indicator created.
- Defanged bool
- Whether the Threat Intelligence entity is defanged?
- Description string
- The description of the Threat Intelligence Indicator.
- Display
Name string - The display name of the Threat Intelligence Indicator.
- Extension string
- The extension config of the Threat Intelligence Indicator in JSON format.
- External
Id string - The external ID of the Threat Intelligence Indicator.
- External
Last stringUpdated Time Utc - the External last updated time in UTC.
- External
References []ThreatIntelligence Indicator External Reference Args - One or more
external_reference
blocks as defined below. - Granular
Markings []ThreatIntelligence Indicator Granular Marking Args - One or more
granular_marking
blocks as defined below. - Guid string
- The guid of this Sentinel Threat Intelligence Indicator.
- Indicator
Types []string - A list of indicator types of this Threat Intelligence Indicator.
- Kill
Chain []ThreatPhases Intelligence Indicator Kill Chain Phase Args - One or more
kill_chain_phase
blocks as defined below. - Language string
- The language of the Threat Intelligence Indicator.
- Last
Updated stringTime Utc - The last updated time of the Threat Intelligence Indicator in UTC.
- Object
Marking []stringRefs - Specifies a list of Threat Intelligence marking references.
- Parsed
Patterns []ThreatIntelligence Indicator Parsed Pattern Args - A
parsed_pattern
block as defined below. - Pattern string
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - Pattern
Type string - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - Pattern
Version string - The version of a Threat Intelligence entity.
- Revoked bool
- Whether the Threat Intelligence entity revoked.
- Source string
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- []string
- Specifies a list of tags of the Threat Intelligence Indicator.
- Threat
Types []string - Specifies a list of threat types of this Threat Intelligence Indicator.
- Validate
From stringUtc - The start of validate date in RFC3339.
- Validate
Until stringUtc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
- Workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
- confidence Integer
- Confidence levels of the Threat Intelligence Indicator.
- created
By String - The creator of the Threat Intelligence Indicator.
- created
On String - The date of this Threat Intelligence Indicator created.
- defanged Boolean
- Whether the Threat Intelligence entity is defanged?
- description String
- The description of the Threat Intelligence Indicator.
- display
Name String - The display name of the Threat Intelligence Indicator.
- extension String
- The extension config of the Threat Intelligence Indicator in JSON format.
- external
Id String - The external ID of the Threat Intelligence Indicator.
- external
Last StringUpdated Time Utc - the External last updated time in UTC.
- external
References List<ThreatIntelligence Indicator External Reference> - One or more
external_reference
blocks as defined below. - granular
Markings List<ThreatIntelligence Indicator Granular Marking> - One or more
granular_marking
blocks as defined below. - guid String
- The guid of this Sentinel Threat Intelligence Indicator.
- indicator
Types List<String> - A list of indicator types of this Threat Intelligence Indicator.
- kill
Chain List<ThreatPhases Intelligence Indicator Kill Chain Phase> - One or more
kill_chain_phase
blocks as defined below. - language String
- The language of the Threat Intelligence Indicator.
- last
Updated StringTime Utc - The last updated time of the Threat Intelligence Indicator in UTC.
- object
Marking List<String>Refs - Specifies a list of Threat Intelligence marking references.
- parsed
Patterns List<ThreatIntelligence Indicator Parsed Pattern> - A
parsed_pattern
block as defined below. - pattern String
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - pattern
Type String - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - pattern
Version String - The version of a Threat Intelligence entity.
- revoked Boolean
- Whether the Threat Intelligence entity revoked.
- source String
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- List<String>
- Specifies a list of tags of the Threat Intelligence Indicator.
- threat
Types List<String> - Specifies a list of threat types of this Threat Intelligence Indicator.
- validate
From StringUtc - The start of validate date in RFC3339.
- validate
Until StringUtc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
- workspace
Id String - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
- confidence number
- Confidence levels of the Threat Intelligence Indicator.
- created
By string - The creator of the Threat Intelligence Indicator.
- created
On string - The date of this Threat Intelligence Indicator created.
- defanged boolean
- Whether the Threat Intelligence entity is defanged?
- description string
- The description of the Threat Intelligence Indicator.
- display
Name string - The display name of the Threat Intelligence Indicator.
- extension string
- The extension config of the Threat Intelligence Indicator in JSON format.
- external
Id string - The external ID of the Threat Intelligence Indicator.
- external
Last stringUpdated Time Utc - the External last updated time in UTC.
- external
References ThreatIntelligence Indicator External Reference[] - One or more
external_reference
blocks as defined below. - granular
Markings ThreatIntelligence Indicator Granular Marking[] - One or more
granular_marking
blocks as defined below. - guid string
- The guid of this Sentinel Threat Intelligence Indicator.
- indicator
Types string[] - A list of indicator types of this Threat Intelligence Indicator.
- kill
Chain ThreatPhases Intelligence Indicator Kill Chain Phase[] - One or more
kill_chain_phase
blocks as defined below. - language string
- The language of the Threat Intelligence Indicator.
- last
Updated stringTime Utc - The last updated time of the Threat Intelligence Indicator in UTC.
- object
Marking string[]Refs - Specifies a list of Threat Intelligence marking references.
- parsed
Patterns ThreatIntelligence Indicator Parsed Pattern[] - A
parsed_pattern
block as defined below. - pattern string
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - pattern
Type string - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - pattern
Version string - The version of a Threat Intelligence entity.
- revoked boolean
- Whether the Threat Intelligence entity revoked.
- source string
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- string[]
- Specifies a list of tags of the Threat Intelligence Indicator.
- threat
Types string[] - Specifies a list of threat types of this Threat Intelligence Indicator.
- validate
From stringUtc - The start of validate date in RFC3339.
- validate
Until stringUtc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
- workspace
Id string - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
- confidence int
- Confidence levels of the Threat Intelligence Indicator.
- created_
by str - The creator of the Threat Intelligence Indicator.
- created_
on str - The date of this Threat Intelligence Indicator created.
- defanged bool
- Whether the Threat Intelligence entity is defanged?
- description str
- The description of the Threat Intelligence Indicator.
- display_
name str - The display name of the Threat Intelligence Indicator.
- extension str
- The extension config of the Threat Intelligence Indicator in JSON format.
- external_
id str - The external ID of the Threat Intelligence Indicator.
- external_
last_ strupdated_ time_ utc - the External last updated time in UTC.
- external_
references Sequence[ThreatIntelligence Indicator External Reference Args] - One or more
external_reference
blocks as defined below. - granular_
markings Sequence[ThreatIntelligence Indicator Granular Marking Args] - One or more
granular_marking
blocks as defined below. - guid str
- The guid of this Sentinel Threat Intelligence Indicator.
- indicator_
types Sequence[str] - A list of indicator types of this Threat Intelligence Indicator.
- kill_
chain_ Sequence[Threatphases Intelligence Indicator Kill Chain Phase Args] - One or more
kill_chain_phase
blocks as defined below. - language str
- The language of the Threat Intelligence Indicator.
- last_
updated_ strtime_ utc - The last updated time of the Threat Intelligence Indicator in UTC.
- object_
marking_ Sequence[str]refs - Specifies a list of Threat Intelligence marking references.
- parsed_
patterns Sequence[ThreatIntelligence Indicator Parsed Pattern Args] - A
parsed_pattern
block as defined below. - pattern str
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - pattern_
type str - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - pattern_
version str - The version of a Threat Intelligence entity.
- revoked bool
- Whether the Threat Intelligence entity revoked.
- source str
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- Sequence[str]
- Specifies a list of tags of the Threat Intelligence Indicator.
- threat_
types Sequence[str] - Specifies a list of threat types of this Threat Intelligence Indicator.
- validate_
from_ strutc - The start of validate date in RFC3339.
- validate_
until_ strutc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
- workspace_
id str - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
- confidence Number
- Confidence levels of the Threat Intelligence Indicator.
- created
By String - The creator of the Threat Intelligence Indicator.
- created
On String - The date of this Threat Intelligence Indicator created.
- defanged Boolean
- Whether the Threat Intelligence entity is defanged?
- description String
- The description of the Threat Intelligence Indicator.
- display
Name String - The display name of the Threat Intelligence Indicator.
- extension String
- The extension config of the Threat Intelligence Indicator in JSON format.
- external
Id String - The external ID of the Threat Intelligence Indicator.
- external
Last StringUpdated Time Utc - the External last updated time in UTC.
- external
References List<Property Map> - One or more
external_reference
blocks as defined below. - granular
Markings List<Property Map> - One or more
granular_marking
blocks as defined below. - guid String
- The guid of this Sentinel Threat Intelligence Indicator.
- indicator
Types List<String> - A list of indicator types of this Threat Intelligence Indicator.
- kill
Chain List<Property Map>Phases - One or more
kill_chain_phase
blocks as defined below. - language String
- The language of the Threat Intelligence Indicator.
- last
Updated StringTime Utc - The last updated time of the Threat Intelligence Indicator in UTC.
- object
Marking List<String>Refs - Specifies a list of Threat Intelligence marking references.
- parsed
Patterns List<Property Map> - A
parsed_pattern
block as defined below. - pattern String
- The pattern used by the Threat Intelligence Indicator. When
pattern_type
set tofile
,pattern
must be specified with<HashName>:<Value>
format, such asMD5:78ecc5c05cd8b79af480df2f8fba0b9d
. - pattern
Type String - The type of pattern used by the Threat Intelligence Indicator. Possible values are
domain-name
,file
,ipv4-addr
,ipv6-addr
andurl
. - pattern
Version String - The version of a Threat Intelligence entity.
- revoked Boolean
- Whether the Threat Intelligence entity revoked.
- source String
- Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
- List<String>
- Specifies a list of tags of the Threat Intelligence Indicator.
- threat
Types List<String> - Specifies a list of threat types of this Threat Intelligence Indicator.
- validate
From StringUtc - The start of validate date in RFC3339.
- validate
Until StringUtc - The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
- workspace
Id String - The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
Supporting Types
ThreatIntelligenceIndicatorExternalReference, ThreatIntelligenceIndicatorExternalReferenceArgs
- Description string
- The description of the external reference of the Threat Intelligence Indicator.
- Hashes Dictionary<string, string>
- The list of hashes of the external reference of the Threat Intelligence Indicator.
- Id string
- The ID of the Sentinel Threat Intelligence Indicator.
- Source
Name string - The source name of the external reference of the Threat Intelligence Indicator.
- Url string
- The url of the external reference of the Threat Intelligence Indicator.
- Description string
- The description of the external reference of the Threat Intelligence Indicator.
- Hashes map[string]string
- The list of hashes of the external reference of the Threat Intelligence Indicator.
- Id string
- The ID of the Sentinel Threat Intelligence Indicator.
- Source
Name string - The source name of the external reference of the Threat Intelligence Indicator.
- Url string
- The url of the external reference of the Threat Intelligence Indicator.
- description String
- The description of the external reference of the Threat Intelligence Indicator.
- hashes Map<String,String>
- The list of hashes of the external reference of the Threat Intelligence Indicator.
- id String
- The ID of the Sentinel Threat Intelligence Indicator.
- source
Name String - The source name of the external reference of the Threat Intelligence Indicator.
- url String
- The url of the external reference of the Threat Intelligence Indicator.
- description string
- The description of the external reference of the Threat Intelligence Indicator.
- hashes {[key: string]: string}
- The list of hashes of the external reference of the Threat Intelligence Indicator.
- id string
- The ID of the Sentinel Threat Intelligence Indicator.
- source
Name string - The source name of the external reference of the Threat Intelligence Indicator.
- url string
- The url of the external reference of the Threat Intelligence Indicator.
- description str
- The description of the external reference of the Threat Intelligence Indicator.
- hashes Mapping[str, str]
- The list of hashes of the external reference of the Threat Intelligence Indicator.
- id str
- The ID of the Sentinel Threat Intelligence Indicator.
- source_
name str - The source name of the external reference of the Threat Intelligence Indicator.
- url str
- The url of the external reference of the Threat Intelligence Indicator.
- description String
- The description of the external reference of the Threat Intelligence Indicator.
- hashes Map<String>
- The list of hashes of the external reference of the Threat Intelligence Indicator.
- id String
- The ID of the Sentinel Threat Intelligence Indicator.
- source
Name String - The source name of the external reference of the Threat Intelligence Indicator.
- url String
- The url of the external reference of the Threat Intelligence Indicator.
ThreatIntelligenceIndicatorGranularMarking, ThreatIntelligenceIndicatorGranularMarkingArgs
- Language string
- The language of granular marking of the Threat Intelligence Indicator.
- Marking
Ref string - The reference of the granular marking of the Threat Intelligence Indicator.
- Selectors List<string>
- A list of selectors of the granular marking of the Threat Intelligence Indicator.
- Language string
- The language of granular marking of the Threat Intelligence Indicator.
- Marking
Ref string - The reference of the granular marking of the Threat Intelligence Indicator.
- Selectors []string
- A list of selectors of the granular marking of the Threat Intelligence Indicator.
- language String
- The language of granular marking of the Threat Intelligence Indicator.
- marking
Ref String - The reference of the granular marking of the Threat Intelligence Indicator.
- selectors List<String>
- A list of selectors of the granular marking of the Threat Intelligence Indicator.
- language string
- The language of granular marking of the Threat Intelligence Indicator.
- marking
Ref string - The reference of the granular marking of the Threat Intelligence Indicator.
- selectors string[]
- A list of selectors of the granular marking of the Threat Intelligence Indicator.
- language str
- The language of granular marking of the Threat Intelligence Indicator.
- marking_
ref str - The reference of the granular marking of the Threat Intelligence Indicator.
- selectors Sequence[str]
- A list of selectors of the granular marking of the Threat Intelligence Indicator.
- language String
- The language of granular marking of the Threat Intelligence Indicator.
- marking
Ref String - The reference of the granular marking of the Threat Intelligence Indicator.
- selectors List<String>
- A list of selectors of the granular marking of the Threat Intelligence Indicator.
ThreatIntelligenceIndicatorKillChainPhase, ThreatIntelligenceIndicatorKillChainPhaseArgs
- Name string
- The name which should be used for the Lockheed Martin cyber kill chain phase.
- Name string
- The name which should be used for the Lockheed Martin cyber kill chain phase.
- name String
- The name which should be used for the Lockheed Martin cyber kill chain phase.
- name string
- The name which should be used for the Lockheed Martin cyber kill chain phase.
- name str
- The name which should be used for the Lockheed Martin cyber kill chain phase.
- name String
- The name which should be used for the Lockheed Martin cyber kill chain phase.
ThreatIntelligenceIndicatorParsedPattern, ThreatIntelligenceIndicatorParsedPatternArgs
- Pattern
Type stringKey - The type key of parsed pattern.
- Pattern
Type List<ThreatValues Intelligence Indicator Parsed Pattern Pattern Type Value> - A
pattern_type_values
block as defined below.
- Pattern
Type stringKey - The type key of parsed pattern.
- Pattern
Type []ThreatValues Intelligence Indicator Parsed Pattern Pattern Type Value - A
pattern_type_values
block as defined below.
- pattern
Type StringKey - The type key of parsed pattern.
- pattern
Type List<ThreatValues Intelligence Indicator Parsed Pattern Pattern Type Value> - A
pattern_type_values
block as defined below.
- pattern
Type stringKey - The type key of parsed pattern.
- pattern
Type ThreatValues Intelligence Indicator Parsed Pattern Pattern Type Value[] - A
pattern_type_values
block as defined below.
- pattern_
type_ strkey - The type key of parsed pattern.
- pattern_
type_ Sequence[Threatvalues Intelligence Indicator Parsed Pattern Pattern Type Value] - A
pattern_type_values
block as defined below.
- pattern
Type StringKey - The type key of parsed pattern.
- pattern
Type List<Property Map>Values - A
pattern_type_values
block as defined below.
ThreatIntelligenceIndicatorParsedPatternPatternTypeValue, ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs
- value str
- The value of the parsed pattern type.
- value_
type str - The type of the value of the parsed pattern type value.
Import
Sentinel Threat Intelligence Indicators can be imported using the resource id
, e.g.
$ pulumi import azure:sentinel/threatIntelligenceIndicator:ThreatIntelligenceIndicator example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.