Threat
data class ThreatIntelligenceIndicatorArgs(val confidence: Output<Int>? = null, val createdBy: Output<String>? = null, val description: Output<String>? = null, val displayName: Output<String>? = null, val extension: Output<String>? = null, val externalReferences: Output<List<ThreatIntelligenceIndicatorExternalReferenceArgs>>? = null, val granularMarkings: Output<List<ThreatIntelligenceIndicatorGranularMarkingArgs>>? = null, val killChainPhases: Output<List<ThreatIntelligenceIndicatorKillChainPhaseArgs>>? = null, val language: Output<String>? = null, val objectMarkingRefs: Output<List<String>>? = null, val pattern: Output<String>? = null, val patternType: Output<String>? = null, val patternVersion: Output<String>? = null, val revoked: Output<Boolean>? = null, val source: Output<String>? = null, val tags: Output<List<String>>? = null, val threatTypes: Output<List<String>>? = null, val validateFromUtc: Output<String>? = null, val validateUntilUtc: Output<String>? = null, val workspaceId: Output<String>? = null) : ConvertibleToJava<ThreatIntelligenceIndicatorArgs>
Manages a Sentinel Threat Intelligence Indicator.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
import com.pulumi.azure.sentinel.ThreatIntelligenceIndicator;
import com.pulumi.azure.sentinel.ThreatIntelligenceIndicatorArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("east us")
.build());
var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.sku("PerGB2018")
.retentionInDays(30)
.build());
var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.workspaceName(exampleAnalyticsWorkspace.name())
.build());
var exampleThreatIntelligenceIndicator = new ThreatIntelligenceIndicator("exampleThreatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()
.workspaceId(exampleAnalyticsWorkspace.id())
.patternType("domain-name")
.pattern("http://example.com")
.source("Microsoft Sentinel")
.validateFromUtc("2022-12-14T16:00:00Z")
.displayName("example-indicator")
.build(), CustomResourceOptions.builder()
.dependsOn(azurerm_sentinel_log_analytics_workspace_onboarding.test())
.build());
}
}Content copied to clipboard
Import
Sentinel Threat Intelligence Indicators can be imported using the resource id, e.g.
$ pulumi import azure:sentinel/threatIntelligenceIndicator:ThreatIntelligenceIndicator example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1Content copied to clipboard
Constructors
Link copied to clipboard
fun ThreatIntelligenceIndicatorArgs(confidence: Output<Int>? = null, createdBy: Output<String>? = null, description: Output<String>? = null, displayName: Output<String>? = null, extension: Output<String>? = null, externalReferences: Output<List<ThreatIntelligenceIndicatorExternalReferenceArgs>>? = null, granularMarkings: Output<List<ThreatIntelligenceIndicatorGranularMarkingArgs>>? = null, killChainPhases: Output<List<ThreatIntelligenceIndicatorKillChainPhaseArgs>>? = null, language: Output<String>? = null, objectMarkingRefs: Output<List<String>>? = null, pattern: Output<String>? = null, patternType: Output<String>? = null, patternVersion: Output<String>? = null, revoked: Output<Boolean>? = null, source: Output<String>? = null, tags: Output<List<String>>? = null, threatTypes: Output<List<String>>? = null, validateFromUtc: Output<String>? = null, validateUntilUtc: Output<String>? = null, workspaceId: Output<String>? = null)
Functions
Properties
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard