pulumi-azure-native-kotlin/com.pulumi.azurenative.securityinsights.kotlin/ContentTemplate

ContentTemplate

class ContentTemplate : KotlinCustomResource

Template resource definition. Azure REST API version: 2023-06-01-preview. Other available API versions: 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview.

Example Usage

Get a template.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var contentTemplate = new AzureNative.SecurityInsights.ContentTemplate("contentTemplate", new()
    {
        Author = new AzureNative.SecurityInsights.Inputs.MetadataAuthorArgs
        {
            Email = "support@microsoft.com",
            Name = "Microsoft",
        },
        ContentId = "8365ebfe-a381-45b7-ad08-7d818070e11f",
        ContentKind = "AnalyticsRule",
        DisplayName = "API Protection workbook template",
        MainTemplate =
        {
            { "$schema", "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#" },
            { "contentVersion", "1.0.1" },
            { "resources", new[]
            {
                {
                    { "apiVersion", "2022-04-01-preview" },
                    { "kind", "Scheduled" },
                    { "location", "[parameters('workspace-location')]" },
                    { "name", "8365ebfe-a381-45b7-ad08-7d818070e11f" },
                    { "properties",
                    {
                        { "description", "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user" },
                        { "displayName", "Critical or High Severity Detections by User" },
                        { "enabled", false },
                        { "query", "..." },
                        { "queryFrequency", "PT1H" },
                        { "queryPeriod", "PT1H" },
                        { "severity", "High" },
                        { "status", "Available" },
                        { "suppressionDuration", "PT1H" },
                        { "suppressionEnabled", false },
                        { "triggerOperator", "GreaterThan" },
                        { "triggerThreshold", 0 },
                    } },
                    { "type", "Microsoft.SecurityInsights/AlertRuleTemplates" },
                },
                {
                    { "apiVersion", "2022-01-01-preview" },
                    { "name", "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]" },
                    { "properties",
                    {
                        { "author",
                        {
                            { "email", "support@microsoft.com" },
                            { "name", "Microsoft" },
                        } },
                        { "contentId", "4465ebde-b381-45f7-ad08-7d818070a11c" },
                        { "description", "CrowdStrike Falcon Endpoint Protection Analytics Rule 1" },
                        { "kind", "AnalyticsRule" },
                        { "parentId", "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]" },
                        { "source",
                        {
                            { "kind", "Solution" },
                            { "name", "str" },
                            { "sourceId", "str.azure-sentinel-solution-str" },
                        } },
                        { "support",
                        {
                            { "email", "support@microsoft.com" },
                            { "link", "https://support.microsoft.com/" },
                            { "name", "Microsoft Corporation" },
                            { "tier", "Microsoft" },
                        } },
                        { "version", "1.0.0" },
                    } },
                    { "type", "Microsoft.OperationalInsights/workspaces/providers/metadata" },
                },
            } },
        },
        PackageId = "str.azure-sentinel-solution-str",
        PackageKind = "Solution",
        PackageName = "str",
        ResourceGroupName = "myRg",
        Source = new AzureNative.SecurityInsights.Inputs.MetadataSourceArgs
        {
            Kind = "Solution",
            Name = "str",
            SourceId = "str.azure-sentinel-solution-str",
        },
        Support = new AzureNative.SecurityInsights.Inputs.MetadataSupportArgs
        {
            Email = "support@microsoft.com",
            Link = "https://support.microsoft.com/",
            Name = "Microsoft Corporation",
            Tier = "Microsoft",
        },
        TemplateId = "str.azure-sentinel-solution-str",
        Version = "1.0.1",
        WorkspaceName = "myWorkspace",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewContentTemplate(ctx, "contentTemplate", &securityinsights.ContentTemplateArgs{
			Author: &securityinsights.MetadataAuthorArgs{
				Email: pulumi.String("support@microsoft.com"),
				Name:  pulumi.String("Microsoft"),
			},
			ContentId:   pulumi.String("8365ebfe-a381-45b7-ad08-7d818070e11f"),
			ContentKind: pulumi.String("AnalyticsRule"),
			DisplayName: pulumi.String("API Protection workbook template"),
			MainTemplate: pulumi.Any{
				Schema:         "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
				ContentVersion: "1.0.1",
				Resources: []interface{}{
					map[string]interface{}{
						"apiVersion": "2022-04-01-preview",
						"kind":       "Scheduled",
						"location":   "[parameters('workspace-location')]",
						"name":       "8365ebfe-a381-45b7-ad08-7d818070e11f",
						"properties": map[string]interface{}{
							"description":         "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user",
							"displayName":         "Critical or High Severity Detections by User",
							"enabled":             false,
							"query":               "...",
							"queryFrequency":      "PT1H",
							"queryPeriod":         "PT1H",
							"severity":            "High",
							"status":              "Available",
							"suppressionDuration": "PT1H",
							"suppressionEnabled":  false,
							"triggerOperator":     "GreaterThan",
							"triggerThreshold":    0,
						},
						"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
					},
					map[string]interface{}{
						"apiVersion": "2022-01-01-preview",
						"name":       "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]",
						"properties": map[string]interface{}{
							"author": map[string]interface{}{
								"email": "support@microsoft.com",
								"name":  "Microsoft",
							},
							"contentId":   "4465ebde-b381-45f7-ad08-7d818070a11c",
							"description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1",
							"kind":        "AnalyticsRule",
							"parentId":    "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]",
							"source": map[string]interface{}{
								"kind":     "Solution",
								"name":     "str",
								"sourceId": "str.azure-sentinel-solution-str",
							},
							"support": map[string]interface{}{
								"email": "support@microsoft.com",
								"link":  "https://support.microsoft.com/",
								"name":  "Microsoft Corporation",
								"tier":  "Microsoft",
							},
							"version": "1.0.0",
						},
						"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
					},
				},
			},
			PackageId:         pulumi.String("str.azure-sentinel-solution-str"),
			PackageKind:       pulumi.String("Solution"),
			PackageName:       pulumi.String("str"),
			ResourceGroupName: pulumi.String("myRg"),
			Source: &securityinsights.MetadataSourceArgs{
				Kind:     pulumi.String("Solution"),
				Name:     pulumi.String("str"),
				SourceId: pulumi.String("str.azure-sentinel-solution-str"),
			},
			Support: &securityinsights.MetadataSupportArgs{
				Email: pulumi.String("support@microsoft.com"),
				Link:  pulumi.String("https://support.microsoft.com/"),
				Name:  pulumi.String("Microsoft Corporation"),
				Tier:  pulumi.String("Microsoft"),
			},
			TemplateId:    pulumi.String("str.azure-sentinel-solution-str"),
			Version:       pulumi.String("1.0.1"),
			WorkspaceName: pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ContentTemplate;
import com.pulumi.azurenative.securityinsights.ContentTemplateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var contentTemplate = new ContentTemplate("contentTemplate", ContentTemplateArgs.builder()
            .author(Map.ofEntries(
                Map.entry("email", "support@microsoft.com"),
                Map.entry("name", "Microsoft")
            ))
            .contentId("8365ebfe-a381-45b7-ad08-7d818070e11f")
            .contentKind("AnalyticsRule")
            .displayName("API Protection workbook template")
            .mainTemplate(Map.ofEntries(
                Map.entry("$schema", "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#"),
                Map.entry("contentVersion", "1.0.1"),
                Map.entry("resources",
                    Map.ofEntries(
                        Map.entry("apiVersion", "2022-04-01-preview"),
                        Map.entry("kind", "Scheduled"),
                        Map.entry("location", "[parameters('workspace-location')]"),
                        Map.entry("name", "8365ebfe-a381-45b7-ad08-7d818070e11f"),
                        Map.entry("properties", Map.ofEntries(
                            Map.entry("description", "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user"),
                            Map.entry("displayName", "Critical or High Severity Detections by User"),
                            Map.entry("enabled", false),
                            Map.entry("query", "..."),
                            Map.entry("queryFrequency", "PT1H"),
                            Map.entry("queryPeriod", "PT1H"),
                            Map.entry("severity", "High"),
                            Map.entry("status", "Available"),
                            Map.entry("suppressionDuration", "PT1H"),
                            Map.entry("suppressionEnabled", false),
                            Map.entry("triggerOperator", "GreaterThan"),
                            Map.entry("triggerThreshold", 0)
                        )),
                        Map.entry("type", "Microsoft.SecurityInsights/AlertRuleTemplates")
                    ),
                    Map.ofEntries(
                        Map.entry("apiVersion", "2022-01-01-preview"),
                        Map.entry("name", "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]"),
                        Map.entry("properties", Map.ofEntries(
                            Map.entry("author", Map.ofEntries(
                                Map.entry("email", "support@microsoft.com"),
                                Map.entry("name", "Microsoft")
                            )),
                            Map.entry("contentId", "4465ebde-b381-45f7-ad08-7d818070a11c"),
                            Map.entry("description", "CrowdStrike Falcon Endpoint Protection Analytics Rule 1"),
                            Map.entry("kind", "AnalyticsRule"),
                            Map.entry("parentId", "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]"),
                            Map.entry("source", Map.ofEntries(
                                Map.entry("kind", "Solution"),
                                Map.entry("name", "str"),
                                Map.entry("sourceId", "str.azure-sentinel-solution-str")
                            )),
                            Map.entry("support", Map.ofEntries(
                                Map.entry("email", "support@microsoft.com"),
                                Map.entry("link", "https://support.microsoft.com/"),
                                Map.entry("name", "Microsoft Corporation"),
                                Map.entry("tier", "Microsoft")
                            )),
                            Map.entry("version", "1.0.0")
                        )),
                        Map.entry("type", "Microsoft.OperationalInsights/workspaces/providers/metadata")
                    ))
            ))
            .packageId("str.azure-sentinel-solution-str")
            .packageKind("Solution")
            .packageName("str")
            .resourceGroupName("myRg")
            .source(Map.ofEntries(
                Map.entry("kind", "Solution"),
                Map.entry("name", "str"),
                Map.entry("sourceId", "str.azure-sentinel-solution-str")
            ))
            .support(Map.ofEntries(
                Map.entry("email", "support@microsoft.com"),
                Map.entry("link", "https://support.microsoft.com/"),
                Map.entry("name", "Microsoft Corporation"),
                Map.entry("tier", "Microsoft")
            ))
            .templateId("str.azure-sentinel-solution-str")
            .version("1.0.1")
            .workspaceName("myWorkspace")
            .build());
    }
}
Content copied to clipboard

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:ContentTemplate azuresentinel.azure-sentinel-solution-ciscoumbrella /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
Content copied to clipboard

Properties

Link copied to clipboard
val author: Output<MetadataAuthorResponse>?

The creator of the content item.

Link copied to clipboard
val categories: Output<MetadataCategoriesResponse>?

Categories for the item

Link copied to clipboard
val contentId: Output<String>

Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name

Link copied to clipboard
val contentKind: Output<String>

The kind of content the template is for.

Link copied to clipboard
val contentSchemaVersion: Output<String>?

Schema version of the content. Can be used to distinguish between different flow based on the schema version

Link copied to clipboard
val customVersion: Output<String>?

The custom version of the content. A optional free text

Link copied to clipboard
val dependencies: Output<MetadataDependenciesResponse>?

Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.

Link copied to clipboard
val displayName: Output<String>

The display name of the template

Link copied to clipboard
val etag: Output<String>?

Etag of the azure resource

Link copied to clipboard
val firstPublishDate: Output<String>?

first publish date content item

Link copied to clipboard
val icon: Output<String>?

the icon identifier. this id can later be fetched from the content metadata

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val lastPublishDate: Output<String>?

last publish date for the content item

Link copied to clipboard
val mainTemplate: Output<Any>?

The JSON of the ARM template to deploy active content

Link copied to clipboard
val name: Output<String>

The name of the resource

Link copied to clipboard
val packageId: Output<String>

the package Id contains this template

Link copied to clipboard
val packageKind: Output<String>?

the packageKind of the package contains this template

Link copied to clipboard
val packageName: Output<String>?

the name of the package contains this template

Link copied to clipboard
val previewImages: Output<List<String>>?

preview image file names. These will be taken from the solution artifacts

Link copied to clipboard
val previewImagesDark: Output<List<String>>?

preview image file names. These will be taken from the solution artifacts. used for dark theme support

Link copied to clipboard
val providers: Output<List<String>>?

Providers for the content item

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val source: Output<MetadataSourceResponse>

Source of the content. This is where/how it was created.

Link copied to clipboard
val support: Output<MetadataSupportResponse>?

Support information for the template - type, name, contact information

Link copied to clipboard
val systemData: Output<SystemDataResponse>

Azure Resource Manager metadata containing createdBy and modifiedBy information.

Link copied to clipboard
val threatAnalysisTactics: Output<List<String>>?

the tactics the resource covers

Link copied to clipboard
val threatAnalysisTechniques: Output<List<String>>?

the techniques the resource covers, these have to be aligned with the tactics being used

Link copied to clipboard
val type: Output<String>

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val version: Output<String>

Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks