Azure Classic v5.81.0, Jun 24 24

We recommend using Azure Native.

Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi

pulumi/pulumi-azure

azure.sentinel.ThreatIntelligenceIndicator

Explore with Pulumi AI

We recommend using Azure Native.

Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi

pulumi/pulumi-azure

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.core.ResourceGroup("example", {
    name: "example-rg",
    location: "east us",
});
const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
    name: "example-law",
    location: example.location,
    resourceGroupName: example.name,
    sku: "PerGB2018",
    retentionInDays: 30,
});
const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", {
    resourceGroupName: example.name,
    workspaceName: exampleAnalyticsWorkspace.name,
});
const exampleThreatIntelligenceIndicator = new azure.sentinel.ThreatIntelligenceIndicator("example", {
    workspaceId: exampleAnalyticsWorkspace.id,
    patternType: "domain-name",
    pattern: "http://example.com",
    source: "Microsoft Sentinel",
    validateFromUtc: "2022-12-14T16:00:00Z",
    displayName: "example-indicator",
}, {
    dependsOn: [test],
});

import pulumi
import pulumi_azure as azure

example = azure.core.ResourceGroup("example",
    name="example-rg",
    location="east us")
example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
    name="example-law",
    location=example.location,
    resource_group_name=example.name,
    sku="PerGB2018",
    retention_in_days=30)
example_log_analytics_workspace_onboarding = azure.sentinel.LogAnalyticsWorkspaceOnboarding("example",
    resource_group_name=example.name,
    workspace_name=example_analytics_workspace.name)
example_threat_intelligence_indicator = azure.sentinel.ThreatIntelligenceIndicator("example",
    workspace_id=example_analytics_workspace.id,
    pattern_type="domain-name",
    pattern="http://example.com",
    source="Microsoft Sentinel",
    validate_from_utc="2022-12-14T16:00:00Z",
    display_name="example-indicator",
    opts=pulumi.ResourceOptions(depends_on=[test]))

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("east us"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-law"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
			RetentionInDays:   pulumi.Int(30),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			ResourceGroupName: example.Name,
			WorkspaceName:     exampleAnalyticsWorkspace.Name,
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewThreatIntelligenceIndicator(ctx, "example", &sentinel.ThreatIntelligenceIndicatorArgs{
			WorkspaceId:     exampleAnalyticsWorkspace.ID(),
			PatternType:     pulumi.String("domain-name"),
			Pattern:         pulumi.String("http://example.com"),
			Source:          pulumi.String("Microsoft Sentinel"),
			ValidateFromUtc: pulumi.String("2022-12-14T16:00:00Z"),
			DisplayName:     pulumi.String("example-indicator"),
		}, pulumi.DependsOn([]pulumi.Resource{
			test,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-rg",
        Location = "east us",
    });

    var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
    {
        Name = "example-law",
        Location = example.Location,
        ResourceGroupName = example.Name,
        Sku = "PerGB2018",
        RetentionInDays = 30,
    });

    var exampleLogAnalyticsWorkspaceOnboarding = new Azure.Sentinel.LogAnalyticsWorkspaceOnboarding("example", new()
    {
        ResourceGroupName = example.Name,
        WorkspaceName = exampleAnalyticsWorkspace.Name,
    });

    var exampleThreatIntelligenceIndicator = new Azure.Sentinel.ThreatIntelligenceIndicator("example", new()
    {
        WorkspaceId = exampleAnalyticsWorkspace.Id,
        PatternType = "domain-name",
        Pattern = "http://example.com",
        Source = "Microsoft Sentinel",
        ValidateFromUtc = "2022-12-14T16:00:00Z",
        DisplayName = "example-indicator",
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            test,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
import com.pulumi.azure.sentinel.ThreatIntelligenceIndicator;
import com.pulumi.azure.sentinel.ThreatIntelligenceIndicatorArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-rg")
            .location("east us")
            .build());

        var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
            .name("example-law")
            .location(example.location())
            .resourceGroupName(example.name())
            .sku("PerGB2018")
            .retentionInDays(30)
            .build());

        var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()
            .resourceGroupName(example.name())
            .workspaceName(exampleAnalyticsWorkspace.name())
            .build());

        var exampleThreatIntelligenceIndicator = new ThreatIntelligenceIndicator("exampleThreatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()
            .workspaceId(exampleAnalyticsWorkspace.id())
            .patternType("domain-name")
            .pattern("http://example.com")
            .source("Microsoft Sentinel")
            .validateFromUtc("2022-12-14T16:00:00Z")
            .displayName("example-indicator")
            .build(), CustomResourceOptions.builder()
                .dependsOn(test)
                .build());

    }
}

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-rg
      location: east us
  exampleAnalyticsWorkspace:
    type: azure:operationalinsights:AnalyticsWorkspace
    name: example
    properties:
      name: example-law
      location: ${example.location}
      resourceGroupName: ${example.name}
      sku: PerGB2018
      retentionInDays: 30
  exampleLogAnalyticsWorkspaceOnboarding:
    type: azure:sentinel:LogAnalyticsWorkspaceOnboarding
    name: example
    properties:
      resourceGroupName: ${example.name}
      workspaceName: ${exampleAnalyticsWorkspace.name}
  exampleThreatIntelligenceIndicator:
    type: azure:sentinel:ThreatIntelligenceIndicator
    name: example
    properties:
      workspaceId: ${exampleAnalyticsWorkspace.id}
      patternType: domain-name
      pattern: http://example.com
      source: Microsoft Sentinel
      validateFromUtc: 2022-12-14T16:00:00Z
      displayName: example-indicator
    options:
      dependson:
        - ${test}

Create ThreatIntelligenceIndicator Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ThreatIntelligenceIndicator(name: string, args: ThreatIntelligenceIndicatorArgs, opts?: CustomResourceOptions);

@overload
def ThreatIntelligenceIndicator(resource_name: str,
                                args: ThreatIntelligenceIndicatorArgs,
                                opts: Optional[ResourceOptions] = None)

@overload
def ThreatIntelligenceIndicator(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                pattern: Optional[str] = None,
                                workspace_id: Optional[str] = None,
                                validate_from_utc: Optional[str] = None,
                                display_name: Optional[str] = None,
                                source: Optional[str] = None,
                                pattern_type: Optional[str] = None,
                                external_references: Optional[Sequence[ThreatIntelligenceIndicatorExternalReferenceArgs]] = None,
                                revoked: Optional[bool] = None,
                                language: Optional[str] = None,
                                object_marking_refs: Optional[Sequence[str]] = None,
                                granular_markings: Optional[Sequence[ThreatIntelligenceIndicatorGranularMarkingArgs]] = None,
                                confidence: Optional[int] = None,
                                pattern_version: Optional[str] = None,
                                kill_chain_phases: Optional[Sequence[ThreatIntelligenceIndicatorKillChainPhaseArgs]] = None,
                                extension: Optional[str] = None,
                                tags: Optional[Sequence[str]] = None,
                                threat_types: Optional[Sequence[str]] = None,
                                description: Optional[str] = None,
                                validate_until_utc: Optional[str] = None,
                                created_by: Optional[str] = None)

func NewThreatIntelligenceIndicator(ctx *Context, name string, args ThreatIntelligenceIndicatorArgs, opts ...ResourceOption) (*ThreatIntelligenceIndicator, error)

public ThreatIntelligenceIndicator(string name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions? opts = null)

public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args)
public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions options)

type: azure:sentinel:ThreatIntelligenceIndicator
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ThreatIntelligenceIndicatorArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ThreatIntelligenceIndicatorArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ThreatIntelligenceIndicatorArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ThreatIntelligenceIndicatorArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ThreatIntelligenceIndicatorArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var threatIntelligenceIndicatorResource = new Azure.Sentinel.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", new()
{
    Pattern = "string",
    WorkspaceId = "string",
    ValidateFromUtc = "string",
    DisplayName = "string",
    Source = "string",
    PatternType = "string",
    ExternalReferences = new[]
    {
        new Azure.Sentinel.Inputs.ThreatIntelligenceIndicatorExternalReferenceArgs
        {
            Description = "string",
            Hashes = 
            {
                { "string", "string" },
            },
            Id = "string",
            SourceName = "string",
            Url = "string",
        },
    },
    Revoked = false,
    Language = "string",
    ObjectMarkingRefs = new[]
    {
        "string",
    },
    GranularMarkings = new[]
    {
        new Azure.Sentinel.Inputs.ThreatIntelligenceIndicatorGranularMarkingArgs
        {
            Language = "string",
            MarkingRef = "string",
            Selectors = new[]
            {
                "string",
            },
        },
    },
    Confidence = 0,
    PatternVersion = "string",
    KillChainPhases = new[]
    {
        new Azure.Sentinel.Inputs.ThreatIntelligenceIndicatorKillChainPhaseArgs
        {
            Name = "string",
        },
    },
    Extension = "string",
    Tags = new[]
    {
        "string",
    },
    ThreatTypes = new[]
    {
        "string",
    },
    Description = "string",
    ValidateUntilUtc = "string",
    CreatedBy = "string",
});

example, err := sentinel.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicatorResource", &sentinel.ThreatIntelligenceIndicatorArgs{
	Pattern:         pulumi.String("string"),
	WorkspaceId:     pulumi.String("string"),
	ValidateFromUtc: pulumi.String("string"),
	DisplayName:     pulumi.String("string"),
	Source:          pulumi.String("string"),
	PatternType:     pulumi.String("string"),
	ExternalReferences: sentinel.ThreatIntelligenceIndicatorExternalReferenceArray{
		&sentinel.ThreatIntelligenceIndicatorExternalReferenceArgs{
			Description: pulumi.String("string"),
			Hashes: pulumi.StringMap{
				"string": pulumi.String("string"),
			},
			Id:         pulumi.String("string"),
			SourceName: pulumi.String("string"),
			Url:        pulumi.String("string"),
		},
	},
	Revoked:  pulumi.Bool(false),
	Language: pulumi.String("string"),
	ObjectMarkingRefs: pulumi.StringArray{
		pulumi.String("string"),
	},
	GranularMarkings: sentinel.ThreatIntelligenceIndicatorGranularMarkingArray{
		&sentinel.ThreatIntelligenceIndicatorGranularMarkingArgs{
			Language:   pulumi.String("string"),
			MarkingRef: pulumi.String("string"),
			Selectors: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Confidence:     pulumi.Int(0),
	PatternVersion: pulumi.String("string"),
	KillChainPhases: sentinel.ThreatIntelligenceIndicatorKillChainPhaseArray{
		&sentinel.ThreatIntelligenceIndicatorKillChainPhaseArgs{
			Name: pulumi.String("string"),
		},
	},
	Extension: pulumi.String("string"),
	Tags: pulumi.StringArray{
		pulumi.String("string"),
	},
	ThreatTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Description:      pulumi.String("string"),
	ValidateUntilUtc: pulumi.String("string"),
	CreatedBy:        pulumi.String("string"),
})

var threatIntelligenceIndicatorResource = new ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", ThreatIntelligenceIndicatorArgs.builder()
    .pattern("string")
    .workspaceId("string")
    .validateFromUtc("string")
    .displayName("string")
    .source("string")
    .patternType("string")
    .externalReferences(ThreatIntelligenceIndicatorExternalReferenceArgs.builder()
        .description("string")
        .hashes(Map.of("string", "string"))
        .id("string")
        .sourceName("string")
        .url("string")
        .build())
    .revoked(false)
    .language("string")
    .objectMarkingRefs("string")
    .granularMarkings(ThreatIntelligenceIndicatorGranularMarkingArgs.builder()
        .language("string")
        .markingRef("string")
        .selectors("string")
        .build())
    .confidence(0)
    .patternVersion("string")
    .killChainPhases(ThreatIntelligenceIndicatorKillChainPhaseArgs.builder()
        .name("string")
        .build())
    .extension("string")
    .tags("string")
    .threatTypes("string")
    .description("string")
    .validateUntilUtc("string")
    .createdBy("string")
    .build());

threat_intelligence_indicator_resource = azure.sentinel.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource",
    pattern="string",
    workspace_id="string",
    validate_from_utc="string",
    display_name="string",
    source="string",
    pattern_type="string",
    external_references=[azure.sentinel.ThreatIntelligenceIndicatorExternalReferenceArgs(
        description="string",
        hashes={
            "string": "string",
        },
        id="string",
        source_name="string",
        url="string",
    )],
    revoked=False,
    language="string",
    object_marking_refs=["string"],
    granular_markings=[azure.sentinel.ThreatIntelligenceIndicatorGranularMarkingArgs(
        language="string",
        marking_ref="string",
        selectors=["string"],
    )],
    confidence=0,
    pattern_version="string",
    kill_chain_phases=[azure.sentinel.ThreatIntelligenceIndicatorKillChainPhaseArgs(
        name="string",
    )],
    extension="string",
    tags=["string"],
    threat_types=["string"],
    description="string",
    validate_until_utc="string",
    created_by="string")

const threatIntelligenceIndicatorResource = new azure.sentinel.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", {
    pattern: "string",
    workspaceId: "string",
    validateFromUtc: "string",
    displayName: "string",
    source: "string",
    patternType: "string",
    externalReferences: [{
        description: "string",
        hashes: {
            string: "string",
        },
        id: "string",
        sourceName: "string",
        url: "string",
    }],
    revoked: false,
    language: "string",
    objectMarkingRefs: ["string"],
    granularMarkings: [{
        language: "string",
        markingRef: "string",
        selectors: ["string"],
    }],
    confidence: 0,
    patternVersion: "string",
    killChainPhases: [{
        name: "string",
    }],
    extension: "string",
    tags: ["string"],
    threatTypes: ["string"],
    description: "string",
    validateUntilUtc: "string",
    createdBy: "string",
});

type: azure:sentinel:ThreatIntelligenceIndicator
properties:
    confidence: 0
    createdBy: string
    description: string
    displayName: string
    extension: string
    externalReferences:
        - description: string
          hashes:
            string: string
          id: string
          sourceName: string
          url: string
    granularMarkings:
        - language: string
          markingRef: string
          selectors:
            - string
    killChainPhases:
        - name: string
    language: string
    objectMarkingRefs:
        - string
    pattern: string
    patternType: string
    patternVersion: string
    revoked: false
    source: string
    tags:
        - string
    threatTypes:
        - string
    validateFromUtc: string
    validateUntilUtc: string
    workspaceId: string

ThreatIntelligenceIndicator Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The ThreatIntelligenceIndicator resource accepts the following input properties:

DisplayName string: The display name of the Threat Intelligence Indicator.
Pattern string: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
PatternType string: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
Source string: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
ValidateFromUtc string: The start of validate date in RFC3339.
WorkspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
Confidence int: Confidence levels of the Threat Intelligence Indicator.
CreatedBy string: The creator of the Threat Intelligence Indicator.
Description string: The description of the Threat Intelligence Indicator.
Extension string: The extension config of the Threat Intelligence Indicator in JSON format.
ExternalReferences List<ThreatIntelligenceIndicatorExternalReference>: One or more external_reference blocks as defined below.
GranularMarkings List<ThreatIntelligenceIndicatorGranularMarking>: One or more granular_marking blocks as defined below.
KillChainPhases List<ThreatIntelligenceIndicatorKillChainPhase>: One or more kill_chain_phase blocks as defined below.
Language string: The language of the Threat Intelligence Indicator.
ObjectMarkingRefs List<string>: Specifies a list of Threat Intelligence marking references.
PatternVersion string: The version of a Threat Intelligence entity.
Revoked bool: Whether the Threat Intelligence entity revoked.
Tags List<string>: Specifies a list of tags of the Threat Intelligence Indicator.
ThreatTypes List<string>: Specifies a list of threat types of this Threat Intelligence Indicator.
ValidateUntilUtc string: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.

DisplayName string: The display name of the Threat Intelligence Indicator.
Pattern string: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
PatternType string: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
Source string: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
ValidateFromUtc string: The start of validate date in RFC3339.
WorkspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
Confidence int: Confidence levels of the Threat Intelligence Indicator.
CreatedBy string: The creator of the Threat Intelligence Indicator.
Description string: The description of the Threat Intelligence Indicator.
Extension string: The extension config of the Threat Intelligence Indicator in JSON format.
ExternalReferences []ThreatIntelligenceIndicatorExternalReferenceArgs: One or more external_reference blocks as defined below.
GranularMarkings []ThreatIntelligenceIndicatorGranularMarkingArgs: One or more granular_marking blocks as defined below.
KillChainPhases []ThreatIntelligenceIndicatorKillChainPhaseArgs: One or more kill_chain_phase blocks as defined below.
Language string: The language of the Threat Intelligence Indicator.
ObjectMarkingRefs []string: Specifies a list of Threat Intelligence marking references.
PatternVersion string: The version of a Threat Intelligence entity.
Revoked bool: Whether the Threat Intelligence entity revoked.
Tags []string: Specifies a list of tags of the Threat Intelligence Indicator.
ThreatTypes []string: Specifies a list of threat types of this Threat Intelligence Indicator.
ValidateUntilUtc string: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.

displayName String: The display name of the Threat Intelligence Indicator.
pattern String: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
patternType String: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
source String: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
validateFromUtc String: The start of validate date in RFC3339.
workspaceId String: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
confidence Integer: Confidence levels of the Threat Intelligence Indicator.
createdBy String: The creator of the Threat Intelligence Indicator.
description String: The description of the Threat Intelligence Indicator.
extension String: The extension config of the Threat Intelligence Indicator in JSON format.
externalReferences List<ThreatIntelligenceIndicatorExternalReference>: One or more external_reference blocks as defined below.
granularMarkings List<ThreatIntelligenceIndicatorGranularMarking>: One or more granular_marking blocks as defined below.
killChainPhases List<ThreatIntelligenceIndicatorKillChainPhase>: One or more kill_chain_phase blocks as defined below.
language String: The language of the Threat Intelligence Indicator.
objectMarkingRefs List<String>: Specifies a list of Threat Intelligence marking references.
patternVersion String: The version of a Threat Intelligence entity.
revoked Boolean: Whether the Threat Intelligence entity revoked.
tags List<String>: Specifies a list of tags of the Threat Intelligence Indicator.
threatTypes List<String>: Specifies a list of threat types of this Threat Intelligence Indicator.
validateUntilUtc String: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.

displayName string: The display name of the Threat Intelligence Indicator.
pattern string: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
patternType string: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
source string: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
validateFromUtc string: The start of validate date in RFC3339.
workspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
confidence number: Confidence levels of the Threat Intelligence Indicator.
createdBy string: The creator of the Threat Intelligence Indicator.
description string: The description of the Threat Intelligence Indicator.
extension string: The extension config of the Threat Intelligence Indicator in JSON format.
externalReferences ThreatIntelligenceIndicatorExternalReference[]: One or more external_reference blocks as defined below.
granularMarkings ThreatIntelligenceIndicatorGranularMarking[]: One or more granular_marking blocks as defined below.
killChainPhases ThreatIntelligenceIndicatorKillChainPhase[]: One or more kill_chain_phase blocks as defined below.
language string: The language of the Threat Intelligence Indicator.
objectMarkingRefs string[]: Specifies a list of Threat Intelligence marking references.
patternVersion string: The version of a Threat Intelligence entity.
revoked boolean: Whether the Threat Intelligence entity revoked.
tags string[]: Specifies a list of tags of the Threat Intelligence Indicator.
threatTypes string[]: Specifies a list of threat types of this Threat Intelligence Indicator.
validateUntilUtc string: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.

display_name str: The display name of the Threat Intelligence Indicator.
pattern str: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
pattern_type str: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
source str: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
validate_from_utc str: The start of validate date in RFC3339.
workspace_id str: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
confidence int: Confidence levels of the Threat Intelligence Indicator.
created_by str: The creator of the Threat Intelligence Indicator.
description str: The description of the Threat Intelligence Indicator.
extension str: The extension config of the Threat Intelligence Indicator in JSON format.
external_references Sequence[ThreatIntelligenceIndicatorExternalReferenceArgs]: One or more external_reference blocks as defined below.
granular_markings Sequence[ThreatIntelligenceIndicatorGranularMarkingArgs]: One or more granular_marking blocks as defined below.
kill_chain_phases Sequence[ThreatIntelligenceIndicatorKillChainPhaseArgs]: One or more kill_chain_phase blocks as defined below.
language str: The language of the Threat Intelligence Indicator.
object_marking_refs Sequence[str]: Specifies a list of Threat Intelligence marking references.
pattern_version str: The version of a Threat Intelligence entity.
revoked bool: Whether the Threat Intelligence entity revoked.
tags Sequence[str]: Specifies a list of tags of the Threat Intelligence Indicator.
threat_types Sequence[str]: Specifies a list of threat types of this Threat Intelligence Indicator.
validate_until_utc str: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.

displayName String: The display name of the Threat Intelligence Indicator.
pattern String: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
patternType String: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
source String: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
validateFromUtc String: The start of validate date in RFC3339.
workspaceId String: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
confidence Number: Confidence levels of the Threat Intelligence Indicator.
createdBy String: The creator of the Threat Intelligence Indicator.
description String: The description of the Threat Intelligence Indicator.
extension String: The extension config of the Threat Intelligence Indicator in JSON format.
externalReferences List<Property Map>: One or more external_reference blocks as defined below.
granularMarkings List<Property Map>: One or more granular_marking blocks as defined below.
killChainPhases List<Property Map>: One or more kill_chain_phase blocks as defined below.
language String: The language of the Threat Intelligence Indicator.
objectMarkingRefs List<String>: Specifies a list of Threat Intelligence marking references.
patternVersion String: The version of a Threat Intelligence entity.
revoked Boolean: Whether the Threat Intelligence entity revoked.
tags List<String>: Specifies a list of tags of the Threat Intelligence Indicator.
threatTypes List<String>: Specifies a list of threat types of this Threat Intelligence Indicator.
validateUntilUtc String: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.

Outputs

All input properties are implicitly available as output properties. Additionally, the ThreatIntelligenceIndicator resource produces the following output properties:

CreatedOn string: The date of this Threat Intelligence Indicator created.
Defanged bool: Whether the Threat Intelligence entity is defanged?
ExternalId string: The external ID of the Threat Intelligence Indicator.
ExternalLastUpdatedTimeUtc string: the External last updated time in UTC.
Guid string: The guid of this Sentinel Threat Intelligence Indicator.
Id string: The provider-assigned unique ID for this managed resource.
IndicatorTypes List<string>: A list of indicator types of this Threat Intelligence Indicator.
LastUpdatedTimeUtc string: The last updated time of the Threat Intelligence Indicator in UTC.
ParsedPatterns List<ThreatIntelligenceIndicatorParsedPattern>: A parsed_pattern block as defined below.

CreatedOn string: The date of this Threat Intelligence Indicator created.
Defanged bool: Whether the Threat Intelligence entity is defanged?
ExternalId string: The external ID of the Threat Intelligence Indicator.
ExternalLastUpdatedTimeUtc string: the External last updated time in UTC.
Guid string: The guid of this Sentinel Threat Intelligence Indicator.
Id string: The provider-assigned unique ID for this managed resource.
IndicatorTypes []string: A list of indicator types of this Threat Intelligence Indicator.
LastUpdatedTimeUtc string: The last updated time of the Threat Intelligence Indicator in UTC.
ParsedPatterns []ThreatIntelligenceIndicatorParsedPattern: A parsed_pattern block as defined below.

createdOn String: The date of this Threat Intelligence Indicator created.
defanged Boolean: Whether the Threat Intelligence entity is defanged?
externalId String: The external ID of the Threat Intelligence Indicator.
externalLastUpdatedTimeUtc String: the External last updated time in UTC.
guid String: The guid of this Sentinel Threat Intelligence Indicator.
id String: The provider-assigned unique ID for this managed resource.
indicatorTypes List<String>: A list of indicator types of this Threat Intelligence Indicator.
lastUpdatedTimeUtc String: The last updated time of the Threat Intelligence Indicator in UTC.
parsedPatterns List<ThreatIntelligenceIndicatorParsedPattern>: A parsed_pattern block as defined below.

createdOn string: The date of this Threat Intelligence Indicator created.
defanged boolean: Whether the Threat Intelligence entity is defanged?
externalId string: The external ID of the Threat Intelligence Indicator.
externalLastUpdatedTimeUtc string: the External last updated time in UTC.
guid string: The guid of this Sentinel Threat Intelligence Indicator.
id string: The provider-assigned unique ID for this managed resource.
indicatorTypes string[]: A list of indicator types of this Threat Intelligence Indicator.
lastUpdatedTimeUtc string: The last updated time of the Threat Intelligence Indicator in UTC.
parsedPatterns ThreatIntelligenceIndicatorParsedPattern[]: A parsed_pattern block as defined below.

created_on str: The date of this Threat Intelligence Indicator created.
defanged bool: Whether the Threat Intelligence entity is defanged?
external_id str: The external ID of the Threat Intelligence Indicator.
external_last_updated_time_utc str: the External last updated time in UTC.
guid str: The guid of this Sentinel Threat Intelligence Indicator.
id str: The provider-assigned unique ID for this managed resource.
indicator_types Sequence[str]: A list of indicator types of this Threat Intelligence Indicator.
last_updated_time_utc str: The last updated time of the Threat Intelligence Indicator in UTC.
parsed_patterns Sequence[ThreatIntelligenceIndicatorParsedPattern]: A parsed_pattern block as defined below.

createdOn String: The date of this Threat Intelligence Indicator created.
defanged Boolean: Whether the Threat Intelligence entity is defanged?
externalId String: The external ID of the Threat Intelligence Indicator.
externalLastUpdatedTimeUtc String: the External last updated time in UTC.
guid String: The guid of this Sentinel Threat Intelligence Indicator.
id String: The provider-assigned unique ID for this managed resource.
indicatorTypes List<String>: A list of indicator types of this Threat Intelligence Indicator.
lastUpdatedTimeUtc String: The last updated time of the Threat Intelligence Indicator in UTC.
parsedPatterns List<Property Map>: A parsed_pattern block as defined below.

Look up Existing ThreatIntelligenceIndicator Resource

Get an existing ThreatIntelligenceIndicator resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ThreatIntelligenceIndicatorState, opts?: CustomResourceOptions): ThreatIntelligenceIndicator

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        confidence: Optional[int] = None,
        created_by: Optional[str] = None,
        created_on: Optional[str] = None,
        defanged: Optional[bool] = None,
        description: Optional[str] = None,
        display_name: Optional[str] = None,
        extension: Optional[str] = None,
        external_id: Optional[str] = None,
        external_last_updated_time_utc: Optional[str] = None,
        external_references: Optional[Sequence[ThreatIntelligenceIndicatorExternalReferenceArgs]] = None,
        granular_markings: Optional[Sequence[ThreatIntelligenceIndicatorGranularMarkingArgs]] = None,
        guid: Optional[str] = None,
        indicator_types: Optional[Sequence[str]] = None,
        kill_chain_phases: Optional[Sequence[ThreatIntelligenceIndicatorKillChainPhaseArgs]] = None,
        language: Optional[str] = None,
        last_updated_time_utc: Optional[str] = None,
        object_marking_refs: Optional[Sequence[str]] = None,
        parsed_patterns: Optional[Sequence[ThreatIntelligenceIndicatorParsedPatternArgs]] = None,
        pattern: Optional[str] = None,
        pattern_type: Optional[str] = None,
        pattern_version: Optional[str] = None,
        revoked: Optional[bool] = None,
        source: Optional[str] = None,
        tags: Optional[Sequence[str]] = None,
        threat_types: Optional[Sequence[str]] = None,
        validate_from_utc: Optional[str] = None,
        validate_until_utc: Optional[str] = None,
        workspace_id: Optional[str] = None) -> ThreatIntelligenceIndicator

func GetThreatIntelligenceIndicator(ctx *Context, name string, id IDInput, state *ThreatIntelligenceIndicatorState, opts ...ResourceOption) (*ThreatIntelligenceIndicator, error)

public static ThreatIntelligenceIndicator Get(string name, Input<string> id, ThreatIntelligenceIndicatorState? state, CustomResourceOptions? opts = null)

public static ThreatIntelligenceIndicator get(String name, Output<String> id, ThreatIntelligenceIndicatorState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Confidence int: Confidence levels of the Threat Intelligence Indicator.
CreatedBy string: The creator of the Threat Intelligence Indicator.
CreatedOn string: The date of this Threat Intelligence Indicator created.
Defanged bool: Whether the Threat Intelligence entity is defanged?
Description string: The description of the Threat Intelligence Indicator.
DisplayName string: The display name of the Threat Intelligence Indicator.
Extension string: The extension config of the Threat Intelligence Indicator in JSON format.
ExternalId string: The external ID of the Threat Intelligence Indicator.
ExternalLastUpdatedTimeUtc string: the External last updated time in UTC.
ExternalReferences List<ThreatIntelligenceIndicatorExternalReference>: One or more external_reference blocks as defined below.
GranularMarkings List<ThreatIntelligenceIndicatorGranularMarking>: One or more granular_marking blocks as defined below.
Guid string: The guid of this Sentinel Threat Intelligence Indicator.
IndicatorTypes List<string>: A list of indicator types of this Threat Intelligence Indicator.
KillChainPhases List<ThreatIntelligenceIndicatorKillChainPhase>: One or more kill_chain_phase blocks as defined below.
Language string: The language of the Threat Intelligence Indicator.
LastUpdatedTimeUtc string: The last updated time of the Threat Intelligence Indicator in UTC.
ObjectMarkingRefs List<string>: Specifies a list of Threat Intelligence marking references.
ParsedPatterns List<ThreatIntelligenceIndicatorParsedPattern>: A parsed_pattern block as defined below.
Pattern string: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
PatternType string: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
PatternVersion string: The version of a Threat Intelligence entity.
Revoked bool: Whether the Threat Intelligence entity revoked.
Source string: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
Tags List<string>: Specifies a list of tags of the Threat Intelligence Indicator.
ThreatTypes List<string>: Specifies a list of threat types of this Threat Intelligence Indicator.
ValidateFromUtc string: The start of validate date in RFC3339.
ValidateUntilUtc string: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
WorkspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.

Confidence int: Confidence levels of the Threat Intelligence Indicator.
CreatedBy string: The creator of the Threat Intelligence Indicator.
CreatedOn string: The date of this Threat Intelligence Indicator created.
Defanged bool: Whether the Threat Intelligence entity is defanged?
Description string: The description of the Threat Intelligence Indicator.
DisplayName string: The display name of the Threat Intelligence Indicator.
Extension string: The extension config of the Threat Intelligence Indicator in JSON format.
ExternalId string: The external ID of the Threat Intelligence Indicator.
ExternalLastUpdatedTimeUtc string: the External last updated time in UTC.
ExternalReferences []ThreatIntelligenceIndicatorExternalReferenceArgs: One or more external_reference blocks as defined below.
GranularMarkings []ThreatIntelligenceIndicatorGranularMarkingArgs: One or more granular_marking blocks as defined below.
Guid string: The guid of this Sentinel Threat Intelligence Indicator.
IndicatorTypes []string: A list of indicator types of this Threat Intelligence Indicator.
KillChainPhases []ThreatIntelligenceIndicatorKillChainPhaseArgs: One or more kill_chain_phase blocks as defined below.
Language string: The language of the Threat Intelligence Indicator.
LastUpdatedTimeUtc string: The last updated time of the Threat Intelligence Indicator in UTC.
ObjectMarkingRefs []string: Specifies a list of Threat Intelligence marking references.
ParsedPatterns []ThreatIntelligenceIndicatorParsedPatternArgs: A parsed_pattern block as defined below.
Pattern string: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
PatternType string: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
PatternVersion string: The version of a Threat Intelligence entity.
Revoked bool: Whether the Threat Intelligence entity revoked.
Source string: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
Tags []string: Specifies a list of tags of the Threat Intelligence Indicator.
ThreatTypes []string: Specifies a list of threat types of this Threat Intelligence Indicator.
ValidateFromUtc string: The start of validate date in RFC3339.
ValidateUntilUtc string: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
WorkspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.

confidence Integer: Confidence levels of the Threat Intelligence Indicator.
createdBy String: The creator of the Threat Intelligence Indicator.
createdOn String: The date of this Threat Intelligence Indicator created.
defanged Boolean: Whether the Threat Intelligence entity is defanged?
description String: The description of the Threat Intelligence Indicator.
displayName String: The display name of the Threat Intelligence Indicator.
extension String: The extension config of the Threat Intelligence Indicator in JSON format.
externalId String: The external ID of the Threat Intelligence Indicator.
externalLastUpdatedTimeUtc String: the External last updated time in UTC.
externalReferences List<ThreatIntelligenceIndicatorExternalReference>: One or more external_reference blocks as defined below.
granularMarkings List<ThreatIntelligenceIndicatorGranularMarking>: One or more granular_marking blocks as defined below.
guid String: The guid of this Sentinel Threat Intelligence Indicator.
indicatorTypes List<String>: A list of indicator types of this Threat Intelligence Indicator.
killChainPhases List<ThreatIntelligenceIndicatorKillChainPhase>: One or more kill_chain_phase blocks as defined below.
language String: The language of the Threat Intelligence Indicator.
lastUpdatedTimeUtc String: The last updated time of the Threat Intelligence Indicator in UTC.
objectMarkingRefs List<String>: Specifies a list of Threat Intelligence marking references.
parsedPatterns List<ThreatIntelligenceIndicatorParsedPattern>: A parsed_pattern block as defined below.
pattern String: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
patternType String: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
patternVersion String: The version of a Threat Intelligence entity.
revoked Boolean: Whether the Threat Intelligence entity revoked.
source String: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
tags List<String>: Specifies a list of tags of the Threat Intelligence Indicator.
threatTypes List<String>: Specifies a list of threat types of this Threat Intelligence Indicator.
validateFromUtc String: The start of validate date in RFC3339.
validateUntilUtc String: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
workspaceId String: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.

confidence number: Confidence levels of the Threat Intelligence Indicator.
createdBy string: The creator of the Threat Intelligence Indicator.
createdOn string: The date of this Threat Intelligence Indicator created.
defanged boolean: Whether the Threat Intelligence entity is defanged?
description string: The description of the Threat Intelligence Indicator.
displayName string: The display name of the Threat Intelligence Indicator.
extension string: The extension config of the Threat Intelligence Indicator in JSON format.
externalId string: The external ID of the Threat Intelligence Indicator.
externalLastUpdatedTimeUtc string: the External last updated time in UTC.
externalReferences ThreatIntelligenceIndicatorExternalReference[]: One or more external_reference blocks as defined below.
granularMarkings ThreatIntelligenceIndicatorGranularMarking[]: One or more granular_marking blocks as defined below.
guid string: The guid of this Sentinel Threat Intelligence Indicator.
indicatorTypes string[]: A list of indicator types of this Threat Intelligence Indicator.
killChainPhases ThreatIntelligenceIndicatorKillChainPhase[]: One or more kill_chain_phase blocks as defined below.
language string: The language of the Threat Intelligence Indicator.
lastUpdatedTimeUtc string: The last updated time of the Threat Intelligence Indicator in UTC.
objectMarkingRefs string[]: Specifies a list of Threat Intelligence marking references.
parsedPatterns ThreatIntelligenceIndicatorParsedPattern[]: A parsed_pattern block as defined below.
pattern string: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
patternType string: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
patternVersion string: The version of a Threat Intelligence entity.
revoked boolean: Whether the Threat Intelligence entity revoked.
source string: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
tags string[]: Specifies a list of tags of the Threat Intelligence Indicator.
threatTypes string[]: Specifies a list of threat types of this Threat Intelligence Indicator.
validateFromUtc string: The start of validate date in RFC3339.
validateUntilUtc string: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
workspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.

confidence int: Confidence levels of the Threat Intelligence Indicator.
created_by str: The creator of the Threat Intelligence Indicator.
created_on str: The date of this Threat Intelligence Indicator created.
defanged bool: Whether the Threat Intelligence entity is defanged?
description str: The description of the Threat Intelligence Indicator.
display_name str: The display name of the Threat Intelligence Indicator.
extension str: The extension config of the Threat Intelligence Indicator in JSON format.
external_id str: The external ID of the Threat Intelligence Indicator.
external_last_updated_time_utc str: the External last updated time in UTC.
external_references Sequence[ThreatIntelligenceIndicatorExternalReferenceArgs]: One or more external_reference blocks as defined below.
granular_markings Sequence[ThreatIntelligenceIndicatorGranularMarkingArgs]: One or more granular_marking blocks as defined below.
guid str: The guid of this Sentinel Threat Intelligence Indicator.
indicator_types Sequence[str]: A list of indicator types of this Threat Intelligence Indicator.
kill_chain_phases Sequence[ThreatIntelligenceIndicatorKillChainPhaseArgs]: One or more kill_chain_phase blocks as defined below.
language str: The language of the Threat Intelligence Indicator.
last_updated_time_utc str: The last updated time of the Threat Intelligence Indicator in UTC.
object_marking_refs Sequence[str]: Specifies a list of Threat Intelligence marking references.
parsed_patterns Sequence[ThreatIntelligenceIndicatorParsedPatternArgs]: A parsed_pattern block as defined below.
pattern str: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
pattern_type str: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
pattern_version str: The version of a Threat Intelligence entity.
revoked bool: Whether the Threat Intelligence entity revoked.
source str: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
tags Sequence[str]: Specifies a list of tags of the Threat Intelligence Indicator.
threat_types Sequence[str]: Specifies a list of threat types of this Threat Intelligence Indicator.
validate_from_utc str: The start of validate date in RFC3339.
validate_until_utc str: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
workspace_id str: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.

confidence Number: Confidence levels of the Threat Intelligence Indicator.
createdBy String: The creator of the Threat Intelligence Indicator.
createdOn String: The date of this Threat Intelligence Indicator created.
defanged Boolean: Whether the Threat Intelligence entity is defanged?
description String: The description of the Threat Intelligence Indicator.
displayName String: The display name of the Threat Intelligence Indicator.
extension String: The extension config of the Threat Intelligence Indicator in JSON format.
externalId String: The external ID of the Threat Intelligence Indicator.
externalLastUpdatedTimeUtc String: the External last updated time in UTC.
externalReferences List<Property Map>: One or more external_reference blocks as defined below.
granularMarkings List<Property Map>: One or more granular_marking blocks as defined below.
guid String: The guid of this Sentinel Threat Intelligence Indicator.
indicatorTypes List<String>: A list of indicator types of this Threat Intelligence Indicator.
killChainPhases List<Property Map>: One or more kill_chain_phase blocks as defined below.
language String: The language of the Threat Intelligence Indicator.
lastUpdatedTimeUtc String: The last updated time of the Threat Intelligence Indicator in UTC.
objectMarkingRefs List<String>: Specifies a list of Threat Intelligence marking references.
parsedPatterns List<Property Map>: A parsed_pattern block as defined below.
pattern String: The pattern used by the Threat Intelligence Indicator. When pattern_type set to file, pattern must be specified with <HashName>:<Value> format, such as MD5:78ecc5c05cd8b79af480df2f8fba0b9d.
patternType String: The type of pattern used by the Threat Intelligence Indicator. Possible values are domain-name, file, ipv4-addr, ipv6-addr and url.
patternVersion String: The version of a Threat Intelligence entity.
revoked Boolean: Whether the Threat Intelligence entity revoked.
source String: Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
tags List<String>: Specifies a list of tags of the Threat Intelligence Indicator.
threatTypes List<String>: Specifies a list of threat types of this Threat Intelligence Indicator.
validateFromUtc String: The start of validate date in RFC3339.
validateUntilUtc String: The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
workspaceId String: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.

Supporting Types

ThreatIntelligenceIndicatorExternalReference, ThreatIntelligenceIndicatorExternalReferenceArgs

Description string: The description of the external reference of the Threat Intelligence Indicator.
Hashes Dictionary<string, string>: The list of hashes of the external reference of the Threat Intelligence Indicator.
Id string: The ID of the Sentinel Threat Intelligence Indicator.
SourceName string: The source name of the external reference of the Threat Intelligence Indicator.
Url string: The url of the external reference of the Threat Intelligence Indicator.

Description string: The description of the external reference of the Threat Intelligence Indicator.
Hashes map[string]string: The list of hashes of the external reference of the Threat Intelligence Indicator.
Id string: The ID of the Sentinel Threat Intelligence Indicator.
SourceName string: The source name of the external reference of the Threat Intelligence Indicator.
Url string: The url of the external reference of the Threat Intelligence Indicator.

description String: The description of the external reference of the Threat Intelligence Indicator.
hashes Map<String,String>: The list of hashes of the external reference of the Threat Intelligence Indicator.
id String: The ID of the Sentinel Threat Intelligence Indicator.
sourceName String: The source name of the external reference of the Threat Intelligence Indicator.
url String: The url of the external reference of the Threat Intelligence Indicator.

description string: The description of the external reference of the Threat Intelligence Indicator.
hashes {[key: string]: string}: The list of hashes of the external reference of the Threat Intelligence Indicator.
id string: The ID of the Sentinel Threat Intelligence Indicator.
sourceName string: The source name of the external reference of the Threat Intelligence Indicator.
url string: The url of the external reference of the Threat Intelligence Indicator.

description str: The description of the external reference of the Threat Intelligence Indicator.
hashes Mapping[str, str]: The list of hashes of the external reference of the Threat Intelligence Indicator.
id str: The ID of the Sentinel Threat Intelligence Indicator.
source_name str: The source name of the external reference of the Threat Intelligence Indicator.
url str: The url of the external reference of the Threat Intelligence Indicator.

description String: The description of the external reference of the Threat Intelligence Indicator.
hashes Map<String>: The list of hashes of the external reference of the Threat Intelligence Indicator.
id String: The ID of the Sentinel Threat Intelligence Indicator.
sourceName String: The source name of the external reference of the Threat Intelligence Indicator.
url String: The url of the external reference of the Threat Intelligence Indicator.

ThreatIntelligenceIndicatorGranularMarking, ThreatIntelligenceIndicatorGranularMarkingArgs

Language string: The language of granular marking of the Threat Intelligence Indicator.
MarkingRef string: The reference of the granular marking of the Threat Intelligence Indicator.
Selectors List<string>: A list of selectors of the granular marking of the Threat Intelligence Indicator.

Language string: The language of granular marking of the Threat Intelligence Indicator.
MarkingRef string: The reference of the granular marking of the Threat Intelligence Indicator.
Selectors []string: A list of selectors of the granular marking of the Threat Intelligence Indicator.

language String: The language of granular marking of the Threat Intelligence Indicator.
markingRef String: The reference of the granular marking of the Threat Intelligence Indicator.
selectors List<String>: A list of selectors of the granular marking of the Threat Intelligence Indicator.

language string: The language of granular marking of the Threat Intelligence Indicator.
markingRef string: The reference of the granular marking of the Threat Intelligence Indicator.
selectors string[]: A list of selectors of the granular marking of the Threat Intelligence Indicator.

language str: The language of granular marking of the Threat Intelligence Indicator.
marking_ref str: The reference of the granular marking of the Threat Intelligence Indicator.
selectors Sequence[str]: A list of selectors of the granular marking of the Threat Intelligence Indicator.

language String: The language of granular marking of the Threat Intelligence Indicator.
markingRef String: The reference of the granular marking of the Threat Intelligence Indicator.
selectors List<String>: A list of selectors of the granular marking of the Threat Intelligence Indicator.

ThreatIntelligenceIndicatorKillChainPhase, ThreatIntelligenceIndicatorKillChainPhaseArgs

Name string: The name which should be used for the Lockheed Martin cyber kill chain phase.

Name string: The name which should be used for the Lockheed Martin cyber kill chain phase.

name String: The name which should be used for the Lockheed Martin cyber kill chain phase.

name string: The name which should be used for the Lockheed Martin cyber kill chain phase.

name str: The name which should be used for the Lockheed Martin cyber kill chain phase.

name String: The name which should be used for the Lockheed Martin cyber kill chain phase.

ThreatIntelligenceIndicatorParsedPattern, ThreatIntelligenceIndicatorParsedPatternArgs

PatternTypeKey string: The type key of parsed pattern.
PatternTypeValues List<ThreatIntelligenceIndicatorParsedPatternPatternTypeValue>: A pattern_type_values block as defined below.

PatternTypeKey string: The type key of parsed pattern.
PatternTypeValues []ThreatIntelligenceIndicatorParsedPatternPatternTypeValue: A pattern_type_values block as defined below.

patternTypeKey String: The type key of parsed pattern.
patternTypeValues List<ThreatIntelligenceIndicatorParsedPatternPatternTypeValue>: A pattern_type_values block as defined below.

patternTypeKey string: The type key of parsed pattern.
patternTypeValues ThreatIntelligenceIndicatorParsedPatternPatternTypeValue[]: A pattern_type_values block as defined below.

pattern_type_key str: The type key of parsed pattern.
pattern_type_values Sequence[ThreatIntelligenceIndicatorParsedPatternPatternTypeValue]: A pattern_type_values block as defined below.

patternTypeKey String: The type key of parsed pattern.
patternTypeValues List<Property Map>: A pattern_type_values block as defined below.

ThreatIntelligenceIndicatorParsedPatternPatternTypeValue, ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs

Value string: The value of the parsed pattern type.
ValueType string: The type of the value of the parsed pattern type value.

Value string: The value of the parsed pattern type.
ValueType string: The type of the value of the parsed pattern type value.

value String: The value of the parsed pattern type.
valueType String: The type of the value of the parsed pattern type value.

value string: The value of the parsed pattern type.
valueType string: The type of the value of the parsed pattern type value.

value str: The value of the parsed pattern type.
value_type str: The type of the value of the parsed pattern type value.

value String: The value of the parsed pattern type.
valueType String: The type of the value of the parsed pattern type value.

Import

Sentinel Threat Intelligence Indicators can be imported using the resource id, e.g.

$ pulumi import azure:sentinel/threatIntelligenceIndicator:ThreatIntelligenceIndicator example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi

pulumi/pulumi-azure

azure.sentinel.ThreatIntelligenceIndicator

On this page

On this page

Example Usage

Create ThreatIntelligenceIndicator Resource

Constructor syntax

Parameters

Constructor example

ThreatIntelligenceIndicator Resource Properties

Inputs

Outputs

Look up Existing ThreatIntelligenceIndicator Resource

Supporting Types

ThreatIntelligenceIndicatorExternalReference, ThreatIntelligenceIndicatorExternalReferenceArgs

ThreatIntelligenceIndicatorGranularMarking, ThreatIntelligenceIndicatorGranularMarkingArgs

ThreatIntelligenceIndicatorKillChainPhase, ThreatIntelligenceIndicatorKillChainPhaseArgs

ThreatIntelligenceIndicatorParsedPattern, ThreatIntelligenceIndicatorParsedPatternArgs

ThreatIntelligenceIndicatorParsedPatternPatternTypeValue, ThreatIntelligenceIndicatorParsedPatternPatternTypeValueArgs

Import

Package Details

On this page

On this page