pulumi-azure-native-kotlin/com.pulumi.azurenative.securityinsights.kotlin/ContentTemplateArgs

ContentTemplateArgs

data class ContentTemplateArgs(val author: Output<MetadataAuthorArgs>? = null, val categories: Output<MetadataCategoriesArgs>? = null, val contentId: Output<String>? = null, val contentKind: Output<Either<String, Kind>>? = null, val contentSchemaVersion: Output<String>? = null, val customVersion: Output<String>? = null, val dependencies: Output<MetadataDependenciesArgs>? = null, val displayName: Output<String>? = null, val firstPublishDate: Output<String>? = null, val icon: Output<String>? = null, val lastPublishDate: Output<String>? = null, val mainTemplate: Output<Any>? = null, val packageId: Output<String>? = null, val packageKind: Output<Either<String, PackageKind>>? = null, val packageName: Output<String>? = null, val previewImages: Output<List<String>>? = null, val previewImagesDark: Output<List<String>>? = null, val providers: Output<List<String>>? = null, val resourceGroupName: Output<String>? = null, val source: Output<MetadataSourceArgs>? = null, val support: Output<MetadataSupportArgs>? = null, val templateId: Output<String>? = null, val threatAnalysisTactics: Output<List<String>>? = null, val threatAnalysisTechniques: Output<List<String>>? = null, val version: Output<String>? = null, val workspaceName: Output<String>? = null) : ConvertibleToJava<ContentTemplateArgs>

Template resource definition. Azure REST API version: 2023-06-01-preview. Other available API versions: 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview.

Example Usage

Get a template.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var contentTemplate = new AzureNative.SecurityInsights.ContentTemplate("contentTemplate", new()
    {
        Author = new AzureNative.SecurityInsights.Inputs.MetadataAuthorArgs
        {
            Email = "support@microsoft.com",
            Name = "Microsoft",
        },
        ContentId = "8365ebfe-a381-45b7-ad08-7d818070e11f",
        ContentKind = "AnalyticsRule",
        DisplayName = "API Protection workbook template",
        MainTemplate =
        {
            { "$schema", "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#" },
            { "contentVersion", "1.0.1" },
            { "resources", new[]
            {
                {
                    { "apiVersion", "2022-04-01-preview" },
                    { "kind", "Scheduled" },
                    { "location", "[parameters('workspace-location')]" },
                    { "name", "8365ebfe-a381-45b7-ad08-7d818070e11f" },
                    { "properties",
                    {
                        { "description", "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user" },
                        { "displayName", "Critical or High Severity Detections by User" },
                        { "enabled", false },
                        { "query", "..." },
                        { "queryFrequency", "PT1H" },
                        { "queryPeriod", "PT1H" },
                        { "severity", "High" },
                        { "status", "Available" },
                        { "suppressionDuration", "PT1H" },
                        { "suppressionEnabled", false },
                        { "triggerOperator", "GreaterThan" },
                        { "triggerThreshold", 0 },
                    } },
                    { "type", "Microsoft.SecurityInsights/AlertRuleTemplates" },
                },
                {
                    { "apiVersion", "2022-01-01-preview" },
                    { "name", "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]" },
                    { "properties",
                    {
                        { "author",
                        {
                            { "email", "support@microsoft.com" },
                            { "name", "Microsoft" },
                        } },
                        { "contentId", "4465ebde-b381-45f7-ad08-7d818070a11c" },
                        { "description", "CrowdStrike Falcon Endpoint Protection Analytics Rule 1" },
                        { "kind", "AnalyticsRule" },
                        { "parentId", "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]" },
                        { "source",
                        {
                            { "kind", "Solution" },
                            { "name", "str" },
                            { "sourceId", "str.azure-sentinel-solution-str" },
                        } },
                        { "support",
                        {
                            { "email", "support@microsoft.com" },
                            { "link", "https://support.microsoft.com/" },
                            { "name", "Microsoft Corporation" },
                            { "tier", "Microsoft" },
                        } },
                        { "version", "1.0.0" },
                    } },
                    { "type", "Microsoft.OperationalInsights/workspaces/providers/metadata" },
                },
            } },
        },
        PackageId = "str.azure-sentinel-solution-str",
        PackageKind = "Solution",
        PackageName = "str",
        ResourceGroupName = "myRg",
        Source = new AzureNative.SecurityInsights.Inputs.MetadataSourceArgs
        {
            Kind = "Solution",
            Name = "str",
            SourceId = "str.azure-sentinel-solution-str",
        },
        Support = new AzureNative.SecurityInsights.Inputs.MetadataSupportArgs
        {
            Email = "support@microsoft.com",
            Link = "https://support.microsoft.com/",
            Name = "Microsoft Corporation",
            Tier = "Microsoft",
        },
        TemplateId = "str.azure-sentinel-solution-str",
        Version = "1.0.1",
        WorkspaceName = "myWorkspace",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewContentTemplate(ctx, "contentTemplate", &securityinsights.ContentTemplateArgs{
			Author: &securityinsights.MetadataAuthorArgs{
				Email: pulumi.String("support@microsoft.com"),
				Name:  pulumi.String("Microsoft"),
			},
			ContentId:   pulumi.String("8365ebfe-a381-45b7-ad08-7d818070e11f"),
			ContentKind: pulumi.String("AnalyticsRule"),
			DisplayName: pulumi.String("API Protection workbook template"),
			MainTemplate: pulumi.Any{
				Schema:         "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
				ContentVersion: "1.0.1",
				Resources: []interface{}{
					map[string]interface{}{
						"apiVersion": "2022-04-01-preview",
						"kind":       "Scheduled",
						"location":   "[parameters('workspace-location')]",
						"name":       "8365ebfe-a381-45b7-ad08-7d818070e11f",
						"properties": map[string]interface{}{
							"description":         "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user",
							"displayName":         "Critical or High Severity Detections by User",
							"enabled":             false,
							"query":               "...",
							"queryFrequency":      "PT1H",
							"queryPeriod":         "PT1H",
							"severity":            "High",
							"status":              "Available",
							"suppressionDuration": "PT1H",
							"suppressionEnabled":  false,
							"triggerOperator":     "GreaterThan",
							"triggerThreshold":    0,
						},
						"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
					},
					map[string]interface{}{
						"apiVersion": "2022-01-01-preview",
						"name":       "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]",
						"properties": map[string]interface{}{
							"author": map[string]interface{}{
								"email": "support@microsoft.com",
								"name":  "Microsoft",
							},
							"contentId":   "4465ebde-b381-45f7-ad08-7d818070a11c",
							"description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1",
							"kind":        "AnalyticsRule",
							"parentId":    "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]",
							"source": map[string]interface{}{
								"kind":     "Solution",
								"name":     "str",
								"sourceId": "str.azure-sentinel-solution-str",
							},
							"support": map[string]interface{}{
								"email": "support@microsoft.com",
								"link":  "https://support.microsoft.com/",
								"name":  "Microsoft Corporation",
								"tier":  "Microsoft",
							},
							"version": "1.0.0",
						},
						"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
					},
				},
			},
			PackageId:         pulumi.String("str.azure-sentinel-solution-str"),
			PackageKind:       pulumi.String("Solution"),
			PackageName:       pulumi.String("str"),
			ResourceGroupName: pulumi.String("myRg"),
			Source: &securityinsights.MetadataSourceArgs{
				Kind:     pulumi.String("Solution"),
				Name:     pulumi.String("str"),
				SourceId: pulumi.String("str.azure-sentinel-solution-str"),
			},
			Support: &securityinsights.MetadataSupportArgs{
				Email: pulumi.String("support@microsoft.com"),
				Link:  pulumi.String("https://support.microsoft.com/"),
				Name:  pulumi.String("Microsoft Corporation"),
				Tier:  pulumi.String("Microsoft"),
			},
			TemplateId:    pulumi.String("str.azure-sentinel-solution-str"),
			Version:       pulumi.String("1.0.1"),
			WorkspaceName: pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ContentTemplate;
import com.pulumi.azurenative.securityinsights.ContentTemplateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var contentTemplate = new ContentTemplate("contentTemplate", ContentTemplateArgs.builder()
            .author(Map.ofEntries(
                Map.entry("email", "support@microsoft.com"),
                Map.entry("name", "Microsoft")
            ))
            .contentId("8365ebfe-a381-45b7-ad08-7d818070e11f")
            .contentKind("AnalyticsRule")
            .displayName("API Protection workbook template")
            .mainTemplate(Map.ofEntries(
                Map.entry("$schema", "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#"),
                Map.entry("contentVersion", "1.0.1"),
                Map.entry("resources",
                    Map.ofEntries(
                        Map.entry("apiVersion", "2022-04-01-preview"),
                        Map.entry("kind", "Scheduled"),
                        Map.entry("location", "[parameters('workspace-location')]"),
                        Map.entry("name", "8365ebfe-a381-45b7-ad08-7d818070e11f"),
                        Map.entry("properties", Map.ofEntries(
                            Map.entry("description", "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user"),
                            Map.entry("displayName", "Critical or High Severity Detections by User"),
                            Map.entry("enabled", false),
                            Map.entry("query", "..."),
                            Map.entry("queryFrequency", "PT1H"),
                            Map.entry("queryPeriod", "PT1H"),
                            Map.entry("severity", "High"),
                            Map.entry("status", "Available"),
                            Map.entry("suppressionDuration", "PT1H"),
                            Map.entry("suppressionEnabled", false),
                            Map.entry("triggerOperator", "GreaterThan"),
                            Map.entry("triggerThreshold", 0)
                        )),
                        Map.entry("type", "Microsoft.SecurityInsights/AlertRuleTemplates")
                    ),
                    Map.ofEntries(
                        Map.entry("apiVersion", "2022-01-01-preview"),
                        Map.entry("name", "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]"),
                        Map.entry("properties", Map.ofEntries(
                            Map.entry("author", Map.ofEntries(
                                Map.entry("email", "support@microsoft.com"),
                                Map.entry("name", "Microsoft")
                            )),
                            Map.entry("contentId", "4465ebde-b381-45f7-ad08-7d818070a11c"),
                            Map.entry("description", "CrowdStrike Falcon Endpoint Protection Analytics Rule 1"),
                            Map.entry("kind", "AnalyticsRule"),
                            Map.entry("parentId", "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]"),
                            Map.entry("source", Map.ofEntries(
                                Map.entry("kind", "Solution"),
                                Map.entry("name", "str"),
                                Map.entry("sourceId", "str.azure-sentinel-solution-str")
                            )),
                            Map.entry("support", Map.ofEntries(
                                Map.entry("email", "support@microsoft.com"),
                                Map.entry("link", "https://support.microsoft.com/"),
                                Map.entry("name", "Microsoft Corporation"),
                                Map.entry("tier", "Microsoft")
                            )),
                            Map.entry("version", "1.0.0")
                        )),
                        Map.entry("type", "Microsoft.OperationalInsights/workspaces/providers/metadata")
                    ))
            ))
            .packageId("str.azure-sentinel-solution-str")
            .packageKind("Solution")
            .packageName("str")
            .resourceGroupName("myRg")
            .source(Map.ofEntries(
                Map.entry("kind", "Solution"),
                Map.entry("name", "str"),
                Map.entry("sourceId", "str.azure-sentinel-solution-str")
            ))
            .support(Map.ofEntries(
                Map.entry("email", "support@microsoft.com"),
                Map.entry("link", "https://support.microsoft.com/"),
                Map.entry("name", "Microsoft Corporation"),
                Map.entry("tier", "Microsoft")
            ))
            .templateId("str.azure-sentinel-solution-str")
            .version("1.0.1")
            .workspaceName("myWorkspace")
            .build());
    }
}
Content copied to clipboard

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:ContentTemplate azuresentinel.azure-sentinel-solution-ciscoumbrella /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
Content copied to clipboard

Constructors

Link copied to clipboard
fun ContentTemplateArgs(author: Output<MetadataAuthorArgs>? = null, categories: Output<MetadataCategoriesArgs>? = null, contentId: Output<String>? = null, contentKind: Output<Either<String, Kind>>? = null, contentSchemaVersion: Output<String>? = null, customVersion: Output<String>? = null, dependencies: Output<MetadataDependenciesArgs>? = null, displayName: Output<String>? = null, firstPublishDate: Output<String>? = null, icon: Output<String>? = null, lastPublishDate: Output<String>? = null, mainTemplate: Output<Any>? = null, packageId: Output<String>? = null, packageKind: Output<Either<String, PackageKind>>? = null, packageName: Output<String>? = null, previewImages: Output<List<String>>? = null, previewImagesDark: Output<List<String>>? = null, providers: Output<List<String>>? = null, resourceGroupName: Output<String>? = null, source: Output<MetadataSourceArgs>? = null, support: Output<MetadataSupportArgs>? = null, templateId: Output<String>? = null, threatAnalysisTactics: Output<List<String>>? = null, threatAnalysisTechniques: Output<List<String>>? = null, version: Output<String>? = null, workspaceName: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): ContentTemplateArgs

Properties

Link copied to clipboard
val author: Output<MetadataAuthorArgs>? = null

The creator of the content item.

Link copied to clipboard
val categories: Output<MetadataCategoriesArgs>? = null

Categories for the item

Link copied to clipboard
val contentId: Output<String>? = null

Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name

Link copied to clipboard
val contentKind: Output<Either<String, Kind>>? = null

The kind of content the template is for.

Link copied to clipboard
val contentSchemaVersion: Output<String>? = null

Schema version of the content. Can be used to distinguish between different flow based on the schema version

Link copied to clipboard
val customVersion: Output<String>? = null

The custom version of the content. A optional free text

Link copied to clipboard
val dependencies: Output<MetadataDependenciesArgs>? = null

Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.

Link copied to clipboard
val displayName: Output<String>? = null

The display name of the template

Link copied to clipboard
val firstPublishDate: Output<String>? = null

first publish date content item

Link copied to clipboard
val icon: Output<String>? = null

the icon identifier. this id can later be fetched from the content metadata

Link copied to clipboard
val lastPublishDate: Output<String>? = null

last publish date for the content item

Link copied to clipboard
val mainTemplate: Output<Any>? = null

The JSON of the ARM template to deploy active content

Link copied to clipboard
val packageId: Output<String>? = null

the package Id contains this template

Link copied to clipboard
val packageKind: Output<Either<String, PackageKind>>? = null

the packageKind of the package contains this template

Link copied to clipboard
val packageName: Output<String>? = null

the name of the package contains this template

Link copied to clipboard
val previewImages: Output<List<String>>? = null

preview image file names. These will be taken from the solution artifacts

Link copied to clipboard
val previewImagesDark: Output<List<String>>? = null

preview image file names. These will be taken from the solution artifacts. used for dark theme support

Link copied to clipboard
val providers: Output<List<String>>? = null

Providers for the content item

Link copied to clipboard
val resourceGroupName: Output<String>? = null

The name of the resource group. The name is case insensitive.

Link copied to clipboard
val source: Output<MetadataSourceArgs>? = null

Source of the content. This is where/how it was created.

Link copied to clipboard
val support: Output<MetadataSupportArgs>? = null

Support information for the template - type, name, contact information

Link copied to clipboard
val templateId: Output<String>? = null

template Id

Link copied to clipboard
val threatAnalysisTactics: Output<List<String>>? = null

the tactics the resource covers

Link copied to clipboard
val threatAnalysisTechniques: Output<List<String>>? = null

the techniques the resource covers, these have to be aligned with the tactics being used

Link copied to clipboard
val version: Output<String>? = null

Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks

Link copied to clipboard
val workspaceName: Output<String>? = null

The name of the workspace.