Hunt
Represents a Hunt in Azure Security Insights. Uses Azure REST API version 2025-01-01-preview. In version 2.x of the Azure Native provider, it used API version 2023-06-01-preview. Other available API versions: 2023-04-01-preview, 2023-05-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-12-01-preview, 2024-01-01-preview, 2024-04-01-preview, 2024-10-01-preview, 2025-04-01-preview. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native securityinsights [ApiVersion]. See the ../../../version-guide/#accessing-any-api-version-via-local-packages for details.
Example Usage
Creates or updates a hunt.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var hunt = new AzureNative.SecurityInsights.Hunt("hunt", new()
{
AttackTactics = new[]
{
AzureNative.SecurityInsights.AttackTactic.Reconnaissance,
},
AttackTechniques = new[]
{
"T1595",
},
Description = "Log4J Hunt Description",
DisplayName = "Log4J new hunt",
HuntId = "163e7b2a-a2ec-4041-aaba-d878a38f265f",
HypothesisStatus = AzureNative.SecurityInsights.HypothesisStatus.Unknown,
Labels = new[]
{
"Label1",
"Label2",
},
Owner = new AzureNative.SecurityInsights.Inputs.HuntOwnerArgs
{
ObjectId = "873b5263-5d34-4149-b356-ad341b01e123",
},
ResourceGroupName = "myRg",
Status = AzureNative.SecurityInsights.Status.New,
WorkspaceName = "myWorkspace",
});
});package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewHunt(ctx, "hunt", &securityinsights.HuntArgs{
AttackTactics: pulumi.StringArray{
pulumi.String(securityinsights.AttackTacticReconnaissance),
},
AttackTechniques: pulumi.StringArray{
pulumi.String("T1595"),
},
Description: pulumi.String("Log4J Hunt Description"),
DisplayName: pulumi.String("Log4J new hunt"),
HuntId: pulumi.String("163e7b2a-a2ec-4041-aaba-d878a38f265f"),
HypothesisStatus: pulumi.String(securityinsights.HypothesisStatusUnknown),
Labels: pulumi.StringArray{
pulumi.String("Label1"),
pulumi.String("Label2"),
},
Owner: &securityinsights.HuntOwnerArgs{
ObjectId: pulumi.String("873b5263-5d34-4149-b356-ad341b01e123"),
},
ResourceGroupName: pulumi.String("myRg"),
Status: pulumi.String(securityinsights.StatusNew),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.Hunt;
import com.pulumi.azurenative.securityinsights.HuntArgs;
import com.pulumi.azurenative.securityinsights.inputs.HuntOwnerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var hunt = new Hunt("hunt", HuntArgs.builder()
.attackTactics("Reconnaissance")
.attackTechniques("T1595")
.description("Log4J Hunt Description")
.displayName("Log4J new hunt")
.huntId("163e7b2a-a2ec-4041-aaba-d878a38f265f")
.hypothesisStatus("Unknown")
.labels(
"Label1",
"Label2")
.owner(HuntOwnerArgs.builder()
.objectId("873b5263-5d34-4149-b356-ad341b01e123")
.build())
.resourceGroupName("myRg")
.status("New")
.workspaceName("myWorkspace")
.build());
}
}Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:Hunt 163e7b2a-a2ec-4041-aaba-d878a38f265f /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}Properties
A list of mitre attack tactics the hunt is associated with
A list of a mitre attack techniques the hunt is associated with
The Azure API version of the resource.
The description of the hunt
The display name of the hunt
The hypothesis status of the hunt.
Describes a user that the hunt is assigned to
Azure Resource Manager metadata containing createdBy and modifiedBy information.