Threat
data class ThreatIntelligenceIndicatorArgs(val confidence: Output<Int>? = null, val created: Output<String>? = null, val createdByRef: Output<String>? = null, val defanged: Output<Boolean>? = null, val description: Output<String>? = null, val displayName: Output<String>? = null, val extensions: Output<Any>? = null, val externalId: Output<String>? = null, val externalLastUpdatedTimeUtc: Output<String>? = null, val externalReferences: Output<List<ThreatIntelligenceExternalReferenceArgs>>? = null, val granularMarkings: Output<List<ThreatIntelligenceGranularMarkingModelArgs>>? = null, val indicatorTypes: Output<List<String>>? = null, val killChainPhases: Output<List<ThreatIntelligenceKillChainPhaseArgs>>? = null, val kind: Output<String>? = null, val labels: Output<List<String>>? = null, val language: Output<String>? = null, val lastUpdatedTimeUtc: Output<String>? = null, val modified: Output<String>? = null, val name: Output<String>? = null, val objectMarkingRefs: Output<List<String>>? = null, val parsedPattern: Output<List<ThreatIntelligenceParsedPatternArgs>>? = null, val pattern: Output<String>? = null, val patternType: Output<String>? = null, val patternVersion: Output<String>? = null, val resourceGroupName: Output<String>? = null, val revoked: Output<Boolean>? = null, val source: Output<String>? = null, val threatIntelligenceTags: Output<List<String>>? = null, val threatTypes: Output<List<String>>? = null, val validFrom: Output<String>? = null, val validUntil: Output<String>? = null, val workspaceName: Output<String>? = null) : ConvertibleToJava<ThreatIntelligenceIndicatorArgs>
Threat intelligence information object. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2019-01-01-preview. Other available API versions: 2021-04-01, 2021-09-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview.
Example Usage
Update a threat Intelligence indicator
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var threatIntelligenceIndicator = new AzureNative.SecurityInsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator", new()
{
Confidence = 78,
CreatedByRef = "contoso@contoso.com",
Description = "debugging indicators",
DisplayName = "new schema",
ExternalReferences = new[] {},
GranularMarkings = new[] {},
KillChainPhases = new[] {},
Kind = "indicator",
Labels = new[] {},
Modified = "",
Name = "d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
Pattern = "[url:value = 'https://www.contoso.com']",
PatternType = "url",
ResourceGroupName = "myRg",
Revoked = false,
Source = "Azure Sentinel",
ThreatIntelligenceTags = new[]
{
"new schema",
},
ThreatTypes = new[]
{
"compromised",
},
ValidFrom = "2020-04-15T17:44:00.114052Z",
ValidUntil = "",
WorkspaceName = "myWorkspace",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicator", &securityinsights.ThreatIntelligenceIndicatorArgs{
Confidence: pulumi.Int(78),
CreatedByRef: pulumi.String("contoso@contoso.com"),
Description: pulumi.String("debugging indicators"),
DisplayName: pulumi.String("new schema"),
ExternalReferences: securityinsights.ThreatIntelligenceExternalReferenceArray{},
GranularMarkings: securityinsights.ThreatIntelligenceGranularMarkingModelArray{},
KillChainPhases: securityinsights.ThreatIntelligenceKillChainPhaseArray{},
Kind: pulumi.String("indicator"),
Labels: pulumi.StringArray{},
Modified: pulumi.String(""),
Name: pulumi.String("d9cd6f0b-96b9-3984-17cd-a779d1e15a93"),
Pattern: pulumi.String("[url:value = 'https://www.contoso.com']"),
PatternType: pulumi.String("url"),
ResourceGroupName: pulumi.String("myRg"),
Revoked: pulumi.Bool(false),
Source: pulumi.String("Azure Sentinel"),
ThreatIntelligenceTags: pulumi.StringArray{
pulumi.String("new schema"),
},
ThreatTypes: pulumi.StringArray{
pulumi.String("compromised"),
},
ValidFrom: pulumi.String("2020-04-15T17:44:00.114052Z"),
ValidUntil: pulumi.String(""),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicator;
import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicatorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var threatIntelligenceIndicator = new ThreatIntelligenceIndicator("threatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()
.confidence(78)
.createdByRef("contoso@contoso.com")
.description("debugging indicators")
.displayName("new schema")
.externalReferences()
.granularMarkings()
.killChainPhases()
.kind("indicator")
.labels()
.modified("")
.name("d9cd6f0b-96b9-3984-17cd-a779d1e15a93")
.pattern("[url:value = 'https://www.contoso.com']")
.patternType("url")
.resourceGroupName("myRg")
.revoked(false)
.source("Azure Sentinel")
.threatIntelligenceTags("new schema")
.threatTypes("compromised")
.validFrom("2020-04-15T17:44:00.114052Z")
.validUntil("")
.workspaceName("myWorkspace")
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:ThreatIntelligenceIndicator 180105c7-a28d-b1a2-4a78-234f6ec80fd6 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}Content copied to clipboard
Constructors
Link copied to clipboard
fun ThreatIntelligenceIndicatorArgs(confidence: Output<Int>? = null, created: Output<String>? = null, createdByRef: Output<String>? = null, defanged: Output<Boolean>? = null, description: Output<String>? = null, displayName: Output<String>? = null, extensions: Output<Any>? = null, externalId: Output<String>? = null, externalLastUpdatedTimeUtc: Output<String>? = null, externalReferences: Output<List<ThreatIntelligenceExternalReferenceArgs>>? = null, granularMarkings: Output<List<ThreatIntelligenceGranularMarkingModelArgs>>? = null, indicatorTypes: Output<List<String>>? = null, killChainPhases: Output<List<ThreatIntelligenceKillChainPhaseArgs>>? = null, kind: Output<String>? = null, labels: Output<List<String>>? = null, language: Output<String>? = null, lastUpdatedTimeUtc: Output<String>? = null, modified: Output<String>? = null, name: Output<String>? = null, objectMarkingRefs: Output<List<String>>? = null, parsedPattern: Output<List<ThreatIntelligenceParsedPatternArgs>>? = null, pattern: Output<String>? = null, patternType: Output<String>? = null, patternVersion: Output<String>? = null, resourceGroupName: Output<String>? = null, revoked: Output<Boolean>? = null, source: Output<String>? = null, threatIntelligenceTags: Output<List<String>>? = null, threatTypes: Output<List<String>>? = null, validFrom: Output<String>? = null, validUntil: Output<String>? = null, workspaceName: Output<String>? = null)
Functions
Properties
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard