Threat
data class ThreatIntelligenceIndicatorArgs(val confidence: Output<Int>? = null, val created: Output<String>? = null, val createdByRef: Output<String>? = null, val defanged: Output<Boolean>? = null, val description: Output<String>? = null, val displayName: Output<String>? = null, val extensions: Output<Any>? = null, val externalId: Output<String>? = null, val externalLastUpdatedTimeUtc: Output<String>? = null, val externalReferences: Output<List<ThreatIntelligenceExternalReferenceArgs>>? = null, val granularMarkings: Output<List<ThreatIntelligenceGranularMarkingModelArgs>>? = null, val indicatorTypes: Output<List<String>>? = null, val killChainPhases: Output<List<ThreatIntelligenceKillChainPhaseArgs>>? = null, val kind: Output<String>? = null, val labels: Output<List<String>>? = null, val language: Output<String>? = null, val lastUpdatedTimeUtc: Output<String>? = null, val modified: Output<String>? = null, val name: Output<String>? = null, val objectMarkingRefs: Output<List<String>>? = null, val parsedPattern: Output<List<ThreatIntelligenceParsedPatternArgs>>? = null, val pattern: Output<String>? = null, val patternType: Output<String>? = null, val patternVersion: Output<String>? = null, val resourceGroupName: Output<String>? = null, val revoked: Output<Boolean>? = null, val source: Output<String>? = null, val threatIntelligenceTags: Output<List<String>>? = null, val threatTypes: Output<List<String>>? = null, val validFrom: Output<String>? = null, val validUntil: Output<String>? = null, val workspaceName: Output<String>? = null) : ConvertibleToJava<ThreatIntelligenceIndicatorArgs>
Threat intelligence information object. Uses Azure REST API version 2024-09-01. In version 2.x of the Azure Native provider, it used API version 2023-02-01. Other available API versions: 2023-02-01, 2023-03-01-preview, 2023-04-01-preview, 2023-05-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01, 2024-04-01-preview, 2024-10-01-preview, 2025-01-01-preview, 2025-03-01, 2025-04-01-preview. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native securityinsights [ApiVersion]. See the ../../../version-guide/#accessing-any-api-version-via-local-packages for details.
Example Usage
Update a threat Intelligence indicator
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var threatIntelligenceIndicator = new AzureNative.SecurityInsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator", new()
{
Confidence = 78,
CreatedByRef = "contoso@contoso.com",
Description = "debugging indicators",
DisplayName = "new schema",
ExternalReferences = new[] {},
GranularMarkings = new[] {},
KillChainPhases = new[] {},
Kind = "indicator",
Labels = new[] {},
Modified = "",
Name = "d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
Pattern = "[url:value = 'https://www.contoso.com']",
PatternType = "url",
ResourceGroupName = "myRg",
Revoked = false,
Source = "Azure Sentinel",
ThreatIntelligenceTags = new[]
{
"new schema",
},
ThreatTypes = new[]
{
"compromised",
},
ValidFrom = "2020-04-15T17:44:00.114052Z",
ValidUntil = "",
WorkspaceName = "myWorkspace",
});
});Content copied to clipboard
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicator", &securityinsights.ThreatIntelligenceIndicatorArgs{
Confidence: pulumi.Int(78),
CreatedByRef: pulumi.String("contoso@contoso.com"),
Description: pulumi.String("debugging indicators"),
DisplayName: pulumi.String("new schema"),
ExternalReferences: securityinsights.ThreatIntelligenceExternalReferenceArray{},
GranularMarkings: securityinsights.ThreatIntelligenceGranularMarkingModelArray{},
KillChainPhases: securityinsights.ThreatIntelligenceKillChainPhaseArray{},
Kind: pulumi.String("indicator"),
Labels: pulumi.StringArray{},
Modified: pulumi.String(""),
Name: pulumi.String("d9cd6f0b-96b9-3984-17cd-a779d1e15a93"),
Pattern: pulumi.String("[url:value = 'https://www.contoso.com']"),
PatternType: pulumi.String("url"),
ResourceGroupName: pulumi.String("myRg"),
Revoked: pulumi.Bool(false),
Source: pulumi.String("Azure Sentinel"),
ThreatIntelligenceTags: pulumi.StringArray{
pulumi.String("new schema"),
},
ThreatTypes: pulumi.StringArray{
pulumi.String("compromised"),
},
ValidFrom: pulumi.String("2020-04-15T17:44:00.114052Z"),
ValidUntil: pulumi.String(""),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicator;
import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicatorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var threatIntelligenceIndicator = new ThreatIntelligenceIndicator("threatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()
.confidence(78)
.createdByRef("contoso@contoso.com")
.description("debugging indicators")
.displayName("new schema")
.externalReferences()
.granularMarkings()
.killChainPhases()
.kind("indicator")
.labels()
.modified("")
.name("d9cd6f0b-96b9-3984-17cd-a779d1e15a93")
.pattern("[url:value = 'https://www.contoso.com']")
.patternType("url")
.resourceGroupName("myRg")
.revoked(false)
.source("Azure Sentinel")
.threatIntelligenceTags("new schema")
.threatTypes("compromised")
.validFrom("2020-04-15T17:44:00.114052Z")
.validUntil("")
.workspaceName("myWorkspace")
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:ThreatIntelligenceIndicator 180105c7-a28d-b1a2-4a78-234f6ec80fd6 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(confidence: Output<Int>? = null, created: Output<String>? = null, createdByRef: Output<String>? = null, defanged: Output<Boolean>? = null, description: Output<String>? = null, displayName: Output<String>? = null, extensions: Output<Any>? = null, externalId: Output<String>? = null, externalLastUpdatedTimeUtc: Output<String>? = null, externalReferences: Output<List<ThreatIntelligenceExternalReferenceArgs>>? = null, granularMarkings: Output<List<ThreatIntelligenceGranularMarkingModelArgs>>? = null, indicatorTypes: Output<List<String>>? = null, killChainPhases: Output<List<ThreatIntelligenceKillChainPhaseArgs>>? = null, kind: Output<String>? = null, labels: Output<List<String>>? = null, language: Output<String>? = null, lastUpdatedTimeUtc: Output<String>? = null, modified: Output<String>? = null, name: Output<String>? = null, objectMarkingRefs: Output<List<String>>? = null, parsedPattern: Output<List<ThreatIntelligenceParsedPatternArgs>>? = null, pattern: Output<String>? = null, patternType: Output<String>? = null, patternVersion: Output<String>? = null, resourceGroupName: Output<String>? = null, revoked: Output<Boolean>? = null, source: Output<String>? = null, threatIntelligenceTags: Output<List<String>>? = null, threatTypes: Output<List<String>>? = null, validFrom: Output<String>? = null, validUntil: Output<String>? = null, workspaceName: Output<String>? = null)
Properties
Link copied to clipboard
Confidence of threat intelligence entity
Link copied to clipboard
Created by reference of threat intelligence entity
Link copied to clipboard
Description of a threat intelligence entity
Link copied to clipboard
Display name of a threat intelligence entity
Link copied to clipboard
Extensions map
Link copied to clipboard
External ID of threat intelligence entity
Link copied to clipboard
External last updated time in UTC
Link copied to clipboard
External References
Link copied to clipboard
Granular Markings
Link copied to clipboard
Indicator types of threat intelligence entities
Link copied to clipboard
Kill chain phases
Link copied to clipboard
Last updated time in UTC
Link copied to clipboard
Threat intelligence entity object marking references
Link copied to clipboard
Parsed patterns
Link copied to clipboard
Pattern type of a threat intelligence entity
Link copied to clipboard
Pattern version of a threat intelligence entity
Link copied to clipboard
The name of the resource group. The name is case insensitive.
Link copied to clipboard
List of tags
Link copied to clipboard
Threat types
Link copied to clipboard
Valid until
Link copied to clipboard
The name of the workspace.