pulumi-azure-native-kotlin/com.pulumi.azurenative.securityinsights.kotlin/ThreatIntelligenceIndicatorArgs

ThreatIntelligenceIndicatorArgs

data class ThreatIntelligenceIndicatorArgs(val confidence: Output<Int>? = null, val created: Output<String>? = null, val createdByRef: Output<String>? = null, val defanged: Output<Boolean>? = null, val description: Output<String>? = null, val displayName: Output<String>? = null, val extensions: Output<Any>? = null, val externalId: Output<String>? = null, val externalLastUpdatedTimeUtc: Output<String>? = null, val externalReferences: Output<List<ThreatIntelligenceExternalReferenceArgs>>? = null, val granularMarkings: Output<List<ThreatIntelligenceGranularMarkingModelArgs>>? = null, val indicatorTypes: Output<List<String>>? = null, val killChainPhases: Output<List<ThreatIntelligenceKillChainPhaseArgs>>? = null, val kind: Output<String>? = null, val labels: Output<List<String>>? = null, val language: Output<String>? = null, val lastUpdatedTimeUtc: Output<String>? = null, val modified: Output<String>? = null, val name: Output<String>? = null, val objectMarkingRefs: Output<List<String>>? = null, val parsedPattern: Output<List<ThreatIntelligenceParsedPatternArgs>>? = null, val pattern: Output<String>? = null, val patternType: Output<String>? = null, val patternVersion: Output<String>? = null, val resourceGroupName: Output<String>? = null, val revoked: Output<Boolean>? = null, val source: Output<String>? = null, val threatIntelligenceTags: Output<List<String>>? = null, val threatTypes: Output<List<String>>? = null, val validFrom: Output<String>? = null, val validUntil: Output<String>? = null, val workspaceName: Output<String>? = null) : ConvertibleToJava<ThreatIntelligenceIndicatorArgs>

Threat intelligence information object. Uses Azure REST API version 2023-02-01. In version 1.x of the Azure Native provider, it used API version 2019-01-01-preview. Other available API versions: 2021-04-01, 2021-09-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01, 2024-04-01-preview, 2024-09-01, 2024-10-01-preview, 2025-01-01-preview, 2025-03-01.

Example Usage

Update a threat Intelligence indicator

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var threatIntelligenceIndicator = new AzureNative.SecurityInsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator", new()
    {
        Confidence = 78,
        CreatedByRef = "contoso@contoso.com",
        Description = "debugging indicators",
        DisplayName = "new schema",
        ExternalReferences = new[] {},
        GranularMarkings = new[] {},
        KillChainPhases = new[] {},
        Kind = "indicator",
        Labels = new[] {},
        Modified = "",
        Name = "d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
        Pattern = "[url:value = 'https://www.contoso.com']",
        PatternType = "url",
        ResourceGroupName = "myRg",
        Revoked = false,
        Source = "Azure Sentinel",
        ThreatIntelligenceTags = new[]
        {
            "new schema",
        },
        ThreatTypes = new[]
        {
            "compromised",
        },
        ValidFrom = "2020-04-15T17:44:00.114052Z",
        ValidUntil = "",
        WorkspaceName = "myWorkspace",
    });
});
Content copied to clipboard
package main
import (
	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicator", &securityinsights.ThreatIntelligenceIndicatorArgs{
			Confidence:         pulumi.Int(78),
			CreatedByRef:       pulumi.String("contoso@contoso.com"),
			Description:        pulumi.String("debugging indicators"),
			DisplayName:        pulumi.String("new schema"),
			ExternalReferences: securityinsights.ThreatIntelligenceExternalReferenceArray{},
			GranularMarkings:   securityinsights.ThreatIntelligenceGranularMarkingModelArray{},
			KillChainPhases:    securityinsights.ThreatIntelligenceKillChainPhaseArray{},
			Kind:               pulumi.String("indicator"),
			Labels:             pulumi.StringArray{},
			Modified:           pulumi.String(""),
			Name:               pulumi.String("d9cd6f0b-96b9-3984-17cd-a779d1e15a93"),
			Pattern:            pulumi.String("[url:value = 'https://www.contoso.com']"),
			PatternType:        pulumi.String("url"),
			ResourceGroupName:  pulumi.String("myRg"),
			Revoked:            pulumi.Bool(false),
			Source:             pulumi.String("Azure Sentinel"),
			ThreatIntelligenceTags: pulumi.StringArray{
				pulumi.String("new schema"),
			},
			ThreatTypes: pulumi.StringArray{
				pulumi.String("compromised"),
			},
			ValidFrom:     pulumi.String("2020-04-15T17:44:00.114052Z"),
			ValidUntil:    pulumi.String(""),
			WorkspaceName: pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicator;
import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicatorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var threatIntelligenceIndicator = new ThreatIntelligenceIndicator("threatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()
            .confidence(78)
            .createdByRef("contoso@contoso.com")
            .description("debugging indicators")
            .displayName("new schema")
            .externalReferences()
            .granularMarkings()
            .killChainPhases()
            .kind("indicator")
            .labels()
            .modified("")
            .name("d9cd6f0b-96b9-3984-17cd-a779d1e15a93")
            .pattern("[url:value = 'https://www.contoso.com']")
            .patternType("url")
            .resourceGroupName("myRg")
            .revoked(false)
            .source("Azure Sentinel")
            .threatIntelligenceTags("new schema")
            .threatTypes("compromised")
            .validFrom("2020-04-15T17:44:00.114052Z")
            .validUntil("")
            .workspaceName("myWorkspace")
            .build());
    }
}
Content copied to clipboard

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:ThreatIntelligenceIndicator 180105c7-a28d-b1a2-4a78-234f6ec80fd6 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(confidence: Output<Int>? = null, created: Output<String>? = null, createdByRef: Output<String>? = null, defanged: Output<Boolean>? = null, description: Output<String>? = null, displayName: Output<String>? = null, extensions: Output<Any>? = null, externalId: Output<String>? = null, externalLastUpdatedTimeUtc: Output<String>? = null, externalReferences: Output<List<ThreatIntelligenceExternalReferenceArgs>>? = null, granularMarkings: Output<List<ThreatIntelligenceGranularMarkingModelArgs>>? = null, indicatorTypes: Output<List<String>>? = null, killChainPhases: Output<List<ThreatIntelligenceKillChainPhaseArgs>>? = null, kind: Output<String>? = null, labels: Output<List<String>>? = null, language: Output<String>? = null, lastUpdatedTimeUtc: Output<String>? = null, modified: Output<String>? = null, name: Output<String>? = null, objectMarkingRefs: Output<List<String>>? = null, parsedPattern: Output<List<ThreatIntelligenceParsedPatternArgs>>? = null, pattern: Output<String>? = null, patternType: Output<String>? = null, patternVersion: Output<String>? = null, resourceGroupName: Output<String>? = null, revoked: Output<Boolean>? = null, source: Output<String>? = null, threatIntelligenceTags: Output<List<String>>? = null, threatTypes: Output<List<String>>? = null, validFrom: Output<String>? = null, validUntil: Output<String>? = null, workspaceName: Output<String>? = null)

Properties

Link copied to clipboard
val confidence: Output<Int>? = null

Confidence of threat intelligence entity

Link copied to clipboard
val created: Output<String>? = null

Created by

Link copied to clipboard
val createdByRef: Output<String>? = null

Created by reference of threat intelligence entity

Link copied to clipboard
val defanged: Output<Boolean>? = null

Is threat intelligence entity defanged

Link copied to clipboard
val description: Output<String>? = null

Description of a threat intelligence entity

Link copied to clipboard
val displayName: Output<String>? = null

Display name of a threat intelligence entity

Link copied to clipboard
val extensions: Output<Any>? = null

Extensions map

Link copied to clipboard
val externalId: Output<String>? = null

External ID of threat intelligence entity

Link copied to clipboard
val externalLastUpdatedTimeUtc: Output<String>? = null

External last updated time in UTC

Link copied to clipboard
val externalReferences: Output<List<ThreatIntelligenceExternalReferenceArgs>>? = null

External References

Link copied to clipboard
val granularMarkings: Output<List<ThreatIntelligenceGranularMarkingModelArgs>>? = null

Granular Markings

Link copied to clipboard
val indicatorTypes: Output<List<String>>? = null

Indicator types of threat intelligence entities

Link copied to clipboard
val killChainPhases: Output<List<ThreatIntelligenceKillChainPhaseArgs>>? = null

Kill chain phases

Link copied to clipboard
val kind: Output<String>? = null

The kind of the threat intelligence entity Expected value is 'indicator'.

Link copied to clipboard
val labels: Output<List<String>>? = null

Labels of threat intelligence entity

Link copied to clipboard
val language: Output<String>? = null

Language of threat intelligence entity

Link copied to clipboard
val lastUpdatedTimeUtc: Output<String>? = null

Last updated time in UTC

Link copied to clipboard
val modified: Output<String>? = null

Modified by

Link copied to clipboard
val name: Output<String>? = null

Threat intelligence indicator name field.

Link copied to clipboard
val objectMarkingRefs: Output<List<String>>? = null

Threat intelligence entity object marking references

Link copied to clipboard
val parsedPattern: Output<List<ThreatIntelligenceParsedPatternArgs>>? = null

Parsed patterns

Link copied to clipboard
val pattern: Output<String>? = null

Pattern of a threat intelligence entity

Link copied to clipboard
val patternType: Output<String>? = null

Pattern type of a threat intelligence entity

Link copied to clipboard
val patternVersion: Output<String>? = null

Pattern version of a threat intelligence entity

Link copied to clipboard
val resourceGroupName: Output<String>? = null

The name of the resource group. The name is case insensitive.

Link copied to clipboard
val revoked: Output<Boolean>? = null

Is threat intelligence entity revoked

Link copied to clipboard
val source: Output<String>? = null

Source of a threat intelligence entity

Link copied to clipboard
val threatIntelligenceTags: Output<List<String>>? = null

List of tags

Link copied to clipboard
val threatTypes: Output<List<String>>? = null

Threat types

Link copied to clipboard
val validFrom: Output<String>? = null

Valid from

Link copied to clipboard
val validUntil: Output<String>? = null

Valid until

Link copied to clipboard
val workspaceName: Output<String>? = null

The name of the workspace.

Functions

Link copied to clipboard
open override fun toJava(): ThreatIntelligenceIndicatorArgs