Docs Home
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
azure-native.securityinsights.ThreatIntelligenceIndicator
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
Threat intelligence information object. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2019-01-01-preview.
Other available API versions: 2021-04-01, 2021-09-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01, 2024-04-01-preview, 2024-09-01, 2024-10-01-preview, 2025-01-01-preview.
Example Usage
Update a threat Intelligence indicator
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var threatIntelligenceIndicator = new AzureNative.SecurityInsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator", new()
{
Confidence = 78,
CreatedByRef = "contoso@contoso.com",
Description = "debugging indicators",
DisplayName = "new schema",
ExternalReferences = new[] {},
GranularMarkings = new[] {},
KillChainPhases = new[] {},
Kind = "indicator",
Labels = new[] {},
Modified = "",
Name = "d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
Pattern = "[url:value = 'https://www.contoso.com']",
PatternType = "url",
ResourceGroupName = "myRg",
Revoked = false,
Source = "Azure Sentinel",
ThreatIntelligenceTags = new[]
{
"new schema",
},
ThreatTypes = new[]
{
"compromised",
},
ValidFrom = "2020-04-15T17:44:00.114052Z",
ValidUntil = "",
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicator", &securityinsights.ThreatIntelligenceIndicatorArgs{
Confidence: pulumi.Int(78),
CreatedByRef: pulumi.String("contoso@contoso.com"),
Description: pulumi.String("debugging indicators"),
DisplayName: pulumi.String("new schema"),
ExternalReferences: securityinsights.ThreatIntelligenceExternalReferenceArray{},
GranularMarkings: securityinsights.ThreatIntelligenceGranularMarkingModelArray{},
KillChainPhases: securityinsights.ThreatIntelligenceKillChainPhaseArray{},
Kind: pulumi.String("indicator"),
Labels: pulumi.StringArray{},
Modified: pulumi.String(""),
Name: pulumi.String("d9cd6f0b-96b9-3984-17cd-a779d1e15a93"),
Pattern: pulumi.String("[url:value = 'https://www.contoso.com']"),
PatternType: pulumi.String("url"),
ResourceGroupName: pulumi.String("myRg"),
Revoked: pulumi.Bool(false),
Source: pulumi.String("Azure Sentinel"),
ThreatIntelligenceTags: pulumi.StringArray{
pulumi.String("new schema"),
},
ThreatTypes: pulumi.StringArray{
pulumi.String("compromised"),
},
ValidFrom: pulumi.String("2020-04-15T17:44:00.114052Z"),
ValidUntil: pulumi.String(""),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicator;
import com.pulumi.azurenative.securityinsights.ThreatIntelligenceIndicatorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var threatIntelligenceIndicator = new ThreatIntelligenceIndicator("threatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()
.confidence(78)
.createdByRef("contoso@contoso.com")
.description("debugging indicators")
.displayName("new schema")
.externalReferences()
.granularMarkings()
.killChainPhases()
.kind("indicator")
.labels()
.modified("")
.name("d9cd6f0b-96b9-3984-17cd-a779d1e15a93")
.pattern("[url:value = 'https://www.contoso.com']")
.patternType("url")
.resourceGroupName("myRg")
.revoked(false)
.source("Azure Sentinel")
.threatIntelligenceTags("new schema")
.threatTypes("compromised")
.validFrom("2020-04-15T17:44:00.114052Z")
.validUntil("")
.workspaceName("myWorkspace")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const threatIntelligenceIndicator = new azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator", {
confidence: 78,
createdByRef: "contoso@contoso.com",
description: "debugging indicators",
displayName: "new schema",
externalReferences: [],
granularMarkings: [],
killChainPhases: [],
kind: "indicator",
labels: [],
modified: "",
name: "d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
pattern: "[url:value = 'https://www.contoso.com']",
patternType: "url",
resourceGroupName: "myRg",
revoked: false,
source: "Azure Sentinel",
threatIntelligenceTags: ["new schema"],
threatTypes: ["compromised"],
validFrom: "2020-04-15T17:44:00.114052Z",
validUntil: "",
workspaceName: "myWorkspace",
});
import pulumi
import pulumi_azure_native as azure_native
threat_intelligence_indicator = azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicator",
confidence=78,
created_by_ref="contoso@contoso.com",
description="debugging indicators",
display_name="new schema",
external_references=[],
granular_markings=[],
kill_chain_phases=[],
kind="indicator",
labels=[],
modified="",
name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93",
pattern="[url:value = 'https://www.contoso.com']",
pattern_type="url",
resource_group_name="myRg",
revoked=False,
source="Azure Sentinel",
threat_intelligence_tags=["new schema"],
threat_types=["compromised"],
valid_from="2020-04-15T17:44:00.114052Z",
valid_until="",
workspace_name="myWorkspace")
resources:
threatIntelligenceIndicator:
type: azure-native:securityinsights:ThreatIntelligenceIndicator
properties:
confidence: 78
createdByRef: contoso@contoso.com
description: debugging indicators
displayName: new schema
externalReferences: []
granularMarkings: []
killChainPhases: []
kind: indicator
labels: []
modified: ""
name: d9cd6f0b-96b9-3984-17cd-a779d1e15a93
pattern: '[url:value = ''https://www.contoso.com'']'
patternType: url
resourceGroupName: myRg
revoked: false
source: Azure Sentinel
threatIntelligenceTags:
- new schema
threatTypes:
- compromised
validFrom: 2020-04-15T17:44:00.114052Z
validUntil: ""
workspaceName: myWorkspace
Create ThreatIntelligenceIndicator Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ThreatIntelligenceIndicator(name: string, args: ThreatIntelligenceIndicatorArgs, opts?: CustomResourceOptions);@overload
def ThreatIntelligenceIndicator(resource_name: str,
args: ThreatIntelligenceIndicatorArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ThreatIntelligenceIndicator(resource_name: str,
opts: Optional[ResourceOptions] = None,
workspace_name: Optional[str] = None,
resource_group_name: Optional[str] = None,
external_last_updated_time_utc: Optional[str] = None,
external_id: Optional[str] = None,
modified: Optional[str] = None,
extensions: Optional[Any] = None,
name: Optional[str] = None,
confidence: Optional[int] = None,
external_references: Optional[Sequence[ThreatIntelligenceExternalReferenceArgs]] = None,
granular_markings: Optional[Sequence[ThreatIntelligenceGranularMarkingModelArgs]] = None,
indicator_types: Optional[Sequence[str]] = None,
kill_chain_phases: Optional[Sequence[ThreatIntelligenceKillChainPhaseArgs]] = None,
defanged: Optional[bool] = None,
object_marking_refs: Optional[Sequence[str]] = None,
language: Optional[str] = None,
last_updated_time_utc: Optional[str] = None,
display_name: Optional[str] = None,
description: Optional[str] = None,
labels: Optional[Sequence[str]] = None,
parsed_pattern: Optional[Sequence[ThreatIntelligenceParsedPatternArgs]] = None,
pattern: Optional[str] = None,
pattern_type: Optional[str] = None,
pattern_version: Optional[str] = None,
created_by_ref: Optional[str] = None,
revoked: Optional[bool] = None,
source: Optional[str] = None,
threat_intelligence_tags: Optional[Sequence[str]] = None,
threat_types: Optional[Sequence[str]] = None,
valid_from: Optional[str] = None,
valid_until: Optional[str] = None,
created: Optional[str] = None)func NewThreatIntelligenceIndicator(ctx *Context, name string, args ThreatIntelligenceIndicatorArgs, opts ...ResourceOption) (*ThreatIntelligenceIndicator, error)public ThreatIntelligenceIndicator(string name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions? opts = null)
public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args)
public ThreatIntelligenceIndicator(String name, ThreatIntelligenceIndicatorArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:ThreatIntelligenceIndicator
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ThreatIntelligenceIndicatorArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var threatIntelligenceIndicatorResource = new AzureNative.SecurityInsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", new()
{
Kind = "string",
WorkspaceName = "string",
ResourceGroupName = "string",
ExternalLastUpdatedTimeUtc = "string",
ExternalId = "string",
Modified = "string",
Extensions = "any",
Name = "string",
Confidence = 0,
ExternalReferences = new[]
{
new AzureNative.SecurityInsights.Inputs.ThreatIntelligenceExternalReferenceArgs
{
Description = "string",
ExternalId = "string",
Hashes =
{
{ "string", "string" },
},
SourceName = "string",
Url = "string",
},
},
GranularMarkings = new[]
{
new AzureNative.SecurityInsights.Inputs.ThreatIntelligenceGranularMarkingModelArgs
{
Language = "string",
MarkingRef = 0,
Selectors = new[]
{
"string",
},
},
},
IndicatorTypes = new[]
{
"string",
},
KillChainPhases = new[]
{
new AzureNative.SecurityInsights.Inputs.ThreatIntelligenceKillChainPhaseArgs
{
KillChainName = "string",
PhaseName = "string",
},
},
Defanged = false,
ObjectMarkingRefs = new[]
{
"string",
},
Language = "string",
LastUpdatedTimeUtc = "string",
DisplayName = "string",
Description = "string",
Labels = new[]
{
"string",
},
ParsedPattern = new[]
{
new AzureNative.SecurityInsights.Inputs.ThreatIntelligenceParsedPatternArgs
{
PatternTypeKey = "string",
PatternTypeValues = new[]
{
new AzureNative.SecurityInsights.Inputs.ThreatIntelligenceParsedPatternTypeValueArgs
{
Value = "string",
ValueType = "string",
},
},
},
},
Pattern = "string",
PatternType = "string",
PatternVersion = "string",
CreatedByRef = "string",
Revoked = false,
Source = "string",
ThreatIntelligenceTags = new[]
{
"string",
},
ThreatTypes = new[]
{
"string",
},
ValidFrom = "string",
ValidUntil = "string",
Created = "string",
});
example, err := securityinsights.NewThreatIntelligenceIndicator(ctx, "threatIntelligenceIndicatorResource", &securityinsights.ThreatIntelligenceIndicatorArgs{
Kind: pulumi.String("string"),
WorkspaceName: pulumi.String("string"),
ResourceGroupName: pulumi.String("string"),
ExternalLastUpdatedTimeUtc: pulumi.String("string"),
ExternalId: pulumi.String("string"),
Modified: pulumi.String("string"),
Extensions: pulumi.Any("any"),
Name: pulumi.String("string"),
Confidence: pulumi.Int(0),
ExternalReferences: securityinsights.ThreatIntelligenceExternalReferenceArray{
&securityinsights.ThreatIntelligenceExternalReferenceArgs{
Description: pulumi.String("string"),
ExternalId: pulumi.String("string"),
Hashes: pulumi.StringMap{
"string": pulumi.String("string"),
},
SourceName: pulumi.String("string"),
Url: pulumi.String("string"),
},
},
GranularMarkings: securityinsights.ThreatIntelligenceGranularMarkingModelArray{
&securityinsights.ThreatIntelligenceGranularMarkingModelArgs{
Language: pulumi.String("string"),
MarkingRef: pulumi.Int(0),
Selectors: pulumi.StringArray{
pulumi.String("string"),
},
},
},
IndicatorTypes: pulumi.StringArray{
pulumi.String("string"),
},
KillChainPhases: securityinsights.ThreatIntelligenceKillChainPhaseArray{
&securityinsights.ThreatIntelligenceKillChainPhaseArgs{
KillChainName: pulumi.String("string"),
PhaseName: pulumi.String("string"),
},
},
Defanged: pulumi.Bool(false),
ObjectMarkingRefs: pulumi.StringArray{
pulumi.String("string"),
},
Language: pulumi.String("string"),
LastUpdatedTimeUtc: pulumi.String("string"),
DisplayName: pulumi.String("string"),
Description: pulumi.String("string"),
Labels: pulumi.StringArray{
pulumi.String("string"),
},
ParsedPattern: securityinsights.ThreatIntelligenceParsedPatternArray{
&securityinsights.ThreatIntelligenceParsedPatternArgs{
PatternTypeKey: pulumi.String("string"),
PatternTypeValues: securityinsights.ThreatIntelligenceParsedPatternTypeValueArray{
&securityinsights.ThreatIntelligenceParsedPatternTypeValueArgs{
Value: pulumi.String("string"),
ValueType: pulumi.String("string"),
},
},
},
},
Pattern: pulumi.String("string"),
PatternType: pulumi.String("string"),
PatternVersion: pulumi.String("string"),
CreatedByRef: pulumi.String("string"),
Revoked: pulumi.Bool(false),
Source: pulumi.String("string"),
ThreatIntelligenceTags: pulumi.StringArray{
pulumi.String("string"),
},
ThreatTypes: pulumi.StringArray{
pulumi.String("string"),
},
ValidFrom: pulumi.String("string"),
ValidUntil: pulumi.String("string"),
Created: pulumi.String("string"),
})
var threatIntelligenceIndicatorResource = new ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", ThreatIntelligenceIndicatorArgs.builder()
.kind("string")
.workspaceName("string")
.resourceGroupName("string")
.externalLastUpdatedTimeUtc("string")
.externalId("string")
.modified("string")
.extensions("any")
.name("string")
.confidence(0)
.externalReferences(ThreatIntelligenceExternalReferenceArgs.builder()
.description("string")
.externalId("string")
.hashes(Map.of("string", "string"))
.sourceName("string")
.url("string")
.build())
.granularMarkings(ThreatIntelligenceGranularMarkingModelArgs.builder()
.language("string")
.markingRef(0)
.selectors("string")
.build())
.indicatorTypes("string")
.killChainPhases(ThreatIntelligenceKillChainPhaseArgs.builder()
.killChainName("string")
.phaseName("string")
.build())
.defanged(false)
.objectMarkingRefs("string")
.language("string")
.lastUpdatedTimeUtc("string")
.displayName("string")
.description("string")
.labels("string")
.parsedPattern(ThreatIntelligenceParsedPatternArgs.builder()
.patternTypeKey("string")
.patternTypeValues(ThreatIntelligenceParsedPatternTypeValueArgs.builder()
.value("string")
.valueType("string")
.build())
.build())
.pattern("string")
.patternType("string")
.patternVersion("string")
.createdByRef("string")
.revoked(false)
.source("string")
.threatIntelligenceTags("string")
.threatTypes("string")
.validFrom("string")
.validUntil("string")
.created("string")
.build());
threat_intelligence_indicator_resource = azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource",
kind="string",
workspace_name="string",
resource_group_name="string",
external_last_updated_time_utc="string",
external_id="string",
modified="string",
extensions="any",
name="string",
confidence=0,
external_references=[{
"description": "string",
"external_id": "string",
"hashes": {
"string": "string",
},
"source_name": "string",
"url": "string",
}],
granular_markings=[{
"language": "string",
"marking_ref": 0,
"selectors": ["string"],
}],
indicator_types=["string"],
kill_chain_phases=[{
"kill_chain_name": "string",
"phase_name": "string",
}],
defanged=False,
object_marking_refs=["string"],
language="string",
last_updated_time_utc="string",
display_name="string",
description="string",
labels=["string"],
parsed_pattern=[{
"pattern_type_key": "string",
"pattern_type_values": [{
"value": "string",
"value_type": "string",
}],
}],
pattern="string",
pattern_type="string",
pattern_version="string",
created_by_ref="string",
revoked=False,
source="string",
threat_intelligence_tags=["string"],
threat_types=["string"],
valid_from="string",
valid_until="string",
created="string")
const threatIntelligenceIndicatorResource = new azure_native.securityinsights.ThreatIntelligenceIndicator("threatIntelligenceIndicatorResource", {
kind: "string",
workspaceName: "string",
resourceGroupName: "string",
externalLastUpdatedTimeUtc: "string",
externalId: "string",
modified: "string",
extensions: "any",
name: "string",
confidence: 0,
externalReferences: [{
description: "string",
externalId: "string",
hashes: {
string: "string",
},
sourceName: "string",
url: "string",
}],
granularMarkings: [{
language: "string",
markingRef: 0,
selectors: ["string"],
}],
indicatorTypes: ["string"],
killChainPhases: [{
killChainName: "string",
phaseName: "string",
}],
defanged: false,
objectMarkingRefs: ["string"],
language: "string",
lastUpdatedTimeUtc: "string",
displayName: "string",
description: "string",
labels: ["string"],
parsedPattern: [{
patternTypeKey: "string",
patternTypeValues: [{
value: "string",
valueType: "string",
}],
}],
pattern: "string",
patternType: "string",
patternVersion: "string",
createdByRef: "string",
revoked: false,
source: "string",
threatIntelligenceTags: ["string"],
threatTypes: ["string"],
validFrom: "string",
validUntil: "string",
created: "string",
});
type: azure-native:securityinsights:ThreatIntelligenceIndicator
properties:
confidence: 0
created: string
createdByRef: string
defanged: false
description: string
displayName: string
extensions: any
externalId: string
externalLastUpdatedTimeUtc: string
externalReferences:
- description: string
externalId: string
hashes:
string: string
sourceName: string
url: string
granularMarkings:
- language: string
markingRef: 0
selectors:
- string
indicatorTypes:
- string
killChainPhases:
- killChainName: string
phaseName: string
kind: string
labels:
- string
language: string
lastUpdatedTimeUtc: string
modified: string
name: string
objectMarkingRefs:
- string
parsedPattern:
- patternTypeKey: string
patternTypeValues:
- value: string
valueType: string
pattern: string
patternType: string
patternVersion: string
resourceGroupName: string
revoked: false
source: string
threatIntelligenceTags:
- string
threatTypes:
- string
validFrom: string
validUntil: string
workspaceName: string
ThreatIntelligenceIndicator Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ThreatIntelligenceIndicator resource accepts the following input properties:
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Workspace
Name string - The name of the workspace.
- Confidence int
- Confidence of threat intelligence entity
- Created string
- Created by
- Created
By stringRef - Created by reference of threat intelligence entity
- Defanged bool
- Is threat intelligence entity defanged
- Description string
- Description of a threat intelligence entity
- Display
Name string - Display name of a threat intelligence entity
- Extensions object
- Extensions map
- External
Id string - External ID of threat intelligence entity
- External
Last stringUpdated Time Utc - External last updated time in UTC
- External
References List<Pulumi.Azure Native. Security Insights. Inputs. Threat Intelligence External Reference> - External References
- Granular
Markings List<Pulumi.Azure Native. Security Insights. Inputs. Threat Intelligence Granular Marking Model> - Granular Markings
- Indicator
Types List<string> - Indicator types of threat intelligence entities
- Kill
Chain List<Pulumi.Phases Azure Native. Security Insights. Inputs. Threat Intelligence Kill Chain Phase> - Kill chain phases
- Labels List<string>
- Labels of threat intelligence entity
- Language string
- Language of threat intelligence entity
- Last
Updated stringTime Utc - Last updated time in UTC
- Modified string
- Modified by
- Name string
- Threat intelligence indicator name field.
- Object
Marking List<string>Refs - Threat intelligence entity object marking references
- Parsed
Pattern List<Pulumi.Azure Native. Security Insights. Inputs. Threat Intelligence Parsed Pattern> - Parsed patterns
- Pattern string
- Pattern of a threat intelligence entity
- Pattern
Type string - Pattern type of a threat intelligence entity
- Pattern
Version string - Pattern version of a threat intelligence entity
- Revoked bool
- Is threat intelligence entity revoked
- Source string
- Source of a threat intelligence entity
- List<string>
- List of tags
- Threat
Types List<string> - Threat types
- Valid
From string - Valid from
- Valid
Until string - Valid until
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Workspace
Name string - The name of the workspace.
- Confidence int
- Confidence of threat intelligence entity
- Created string
- Created by
- Created
By stringRef - Created by reference of threat intelligence entity
- Defanged bool
- Is threat intelligence entity defanged
- Description string
- Description of a threat intelligence entity
- Display
Name string - Display name of a threat intelligence entity
- Extensions interface{}
- Extensions map
- External
Id string - External ID of threat intelligence entity
- External
Last stringUpdated Time Utc - External last updated time in UTC
- External
References []ThreatIntelligence External Reference Args - External References
- Granular
Markings []ThreatIntelligence Granular Marking Model Args - Granular Markings
- Indicator
Types []string - Indicator types of threat intelligence entities
- Kill
Chain []ThreatPhases Intelligence Kill Chain Phase Args - Kill chain phases
- Labels []string
- Labels of threat intelligence entity
- Language string
- Language of threat intelligence entity
- Last
Updated stringTime Utc - Last updated time in UTC
- Modified string
- Modified by
- Name string
- Threat intelligence indicator name field.
- Object
Marking []stringRefs - Threat intelligence entity object marking references
- Parsed
Pattern []ThreatIntelligence Parsed Pattern Args - Parsed patterns
- Pattern string
- Pattern of a threat intelligence entity
- Pattern
Type string - Pattern type of a threat intelligence entity
- Pattern
Version string - Pattern version of a threat intelligence entity
- Revoked bool
- Is threat intelligence entity revoked
- Source string
- Source of a threat intelligence entity
- []string
- List of tags
- Threat
Types []string - Threat types
- Valid
From string - Valid from
- Valid
Until string - Valid until
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- workspace
Name String - The name of the workspace.
- confidence Integer
- Confidence of threat intelligence entity
- created String
- Created by
- created
By StringRef - Created by reference of threat intelligence entity
- defanged Boolean
- Is threat intelligence entity defanged
- description String
- Description of a threat intelligence entity
- display
Name String - Display name of a threat intelligence entity
- extensions Object
- Extensions map
- external
Id String - External ID of threat intelligence entity
- external
Last StringUpdated Time Utc - External last updated time in UTC
- external
References List<ThreatIntelligence External Reference> - External References
- granular
Markings List<ThreatIntelligence Granular Marking Model> - Granular Markings
- indicator
Types List<String> - Indicator types of threat intelligence entities
- kill
Chain List<ThreatPhases Intelligence Kill Chain Phase> - Kill chain phases
- labels List<String>
- Labels of threat intelligence entity
- language String
- Language of threat intelligence entity
- last
Updated StringTime Utc - Last updated time in UTC
- modified String
- Modified by
- name String
- Threat intelligence indicator name field.
- object
Marking List<String>Refs - Threat intelligence entity object marking references
- parsed
Pattern List<ThreatIntelligence Parsed Pattern> - Parsed patterns
- pattern String
- Pattern of a threat intelligence entity
- pattern
Type String - Pattern type of a threat intelligence entity
- pattern
Version String - Pattern version of a threat intelligence entity
- revoked Boolean
- Is threat intelligence entity revoked
- source String
- Source of a threat intelligence entity
- List<String>
- List of tags
- threat
Types List<String> - Threat types
- valid
From String - Valid from
- valid
Until String - Valid until
- resource
Group stringName - The name of the resource group. The name is case insensitive.
- workspace
Name string - The name of the workspace.
- confidence number
- Confidence of threat intelligence entity
- created string
- Created by
- created
By stringRef - Created by reference of threat intelligence entity
- defanged boolean
- Is threat intelligence entity defanged
- description string
- Description of a threat intelligence entity
- display
Name string - Display name of a threat intelligence entity
- extensions any
- Extensions map
- external
Id string - External ID of threat intelligence entity
- external
Last stringUpdated Time Utc - External last updated time in UTC
- external
References ThreatIntelligence External Reference[] - External References
- granular
Markings ThreatIntelligence Granular Marking Model[] - Granular Markings
- indicator
Types string[] - Indicator types of threat intelligence entities
- kill
Chain ThreatPhases Intelligence Kill Chain Phase[] - Kill chain phases
- labels string[]
- Labels of threat intelligence entity
- language string
- Language of threat intelligence entity
- last
Updated stringTime Utc - Last updated time in UTC
- modified string
- Modified by
- name string
- Threat intelligence indicator name field.
- object
Marking string[]Refs - Threat intelligence entity object marking references
- parsed
Pattern ThreatIntelligence Parsed Pattern[] - Parsed patterns
- pattern string
- Pattern of a threat intelligence entity
- pattern
Type string - Pattern type of a threat intelligence entity
- pattern
Version string - Pattern version of a threat intelligence entity
- revoked boolean
- Is threat intelligence entity revoked
- source string
- Source of a threat intelligence entity
- string[]
- List of tags
- threat
Types string[] - Threat types
- valid
From string - Valid from
- valid
Until string - Valid until
- resource_
group_ strname - The name of the resource group. The name is case insensitive.
- workspace_
name str - The name of the workspace.
- confidence int
- Confidence of threat intelligence entity
- created str
- Created by
- created_
by_ strref - Created by reference of threat intelligence entity
- defanged bool
- Is threat intelligence entity defanged
- description str
- Description of a threat intelligence entity
- display_
name str - Display name of a threat intelligence entity
- extensions Any
- Extensions map
- external_
id str - External ID of threat intelligence entity
- external_
last_ strupdated_ time_ utc - External last updated time in UTC
- external_
references Sequence[ThreatIntelligence External Reference Args] - External References
- granular_
markings Sequence[ThreatIntelligence Granular Marking Model Args] - Granular Markings
- indicator_
types Sequence[str] - Indicator types of threat intelligence entities
- kill_
chain_ Sequence[Threatphases Intelligence Kill Chain Phase Args] - Kill chain phases
- labels Sequence[str]
- Labels of threat intelligence entity
- language str
- Language of threat intelligence entity
- last_
updated_ strtime_ utc - Last updated time in UTC
- modified str
- Modified by
- name str
- Threat intelligence indicator name field.
- object_
marking_ Sequence[str]refs - Threat intelligence entity object marking references
- parsed_
pattern Sequence[ThreatIntelligence Parsed Pattern Args] - Parsed patterns
- pattern str
- Pattern of a threat intelligence entity
- pattern_
type str - Pattern type of a threat intelligence entity
- pattern_
version str - Pattern version of a threat intelligence entity
- revoked bool
- Is threat intelligence entity revoked
- source str
- Source of a threat intelligence entity
- Sequence[str]
- List of tags
- threat_
types Sequence[str] - Threat types
- valid_
from str - Valid from
- valid_
until str - Valid until
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- workspace
Name String - The name of the workspace.
- confidence Number
- Confidence of threat intelligence entity
- created String
- Created by
- created
By StringRef - Created by reference of threat intelligence entity
- defanged Boolean
- Is threat intelligence entity defanged
- description String
- Description of a threat intelligence entity
- display
Name String - Display name of a threat intelligence entity
- extensions Any
- Extensions map
- external
Id String - External ID of threat intelligence entity
- external
Last StringUpdated Time Utc - External last updated time in UTC
- external
References List<Property Map> - External References
- granular
Markings List<Property Map> - Granular Markings
- indicator
Types List<String> - Indicator types of threat intelligence entities
- kill
Chain List<Property Map>Phases - Kill chain phases
- labels List<String>
- Labels of threat intelligence entity
- language String
- Language of threat intelligence entity
- last
Updated StringTime Utc - Last updated time in UTC
- modified String
- Modified by
- name String
- Threat intelligence indicator name field.
- object
Marking List<String>Refs - Threat intelligence entity object marking references
- parsed
Pattern List<Property Map> - Parsed patterns
- pattern String
- Pattern of a threat intelligence entity
- pattern
Type String - Pattern type of a threat intelligence entity
- pattern
Version String - Pattern version of a threat intelligence entity
- revoked Boolean
- Is threat intelligence entity revoked
- source String
- Source of a threat intelligence entity
- List<String>
- List of tags
- threat
Types List<String> - Threat types
- valid
From String - Valid from
- valid
Until String - Valid until
Outputs
All input properties are implicitly available as output properties. Additionally, the ThreatIntelligenceIndicator resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- System
Data Pulumi.Azure Native. Security Insights. Outputs. System Data Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
- Etag of the azure resource
- Id string
- The provider-assigned unique ID for this managed resource.
- System
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
- Etag of the azure resource
- id String
- The provider-assigned unique ID for this managed resource.
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
- Etag of the azure resource
- id string
- The provider-assigned unique ID for this managed resource.
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag string
- Etag of the azure resource
- id str
- The provider-assigned unique ID for this managed resource.
- system_
data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type str
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag str
- Etag of the azure resource
- id String
- The provider-assigned unique ID for this managed resource.
- system
Data Property Map - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
- Etag of the azure resource
Supporting Types
SystemDataResponse, SystemDataResponseArgs
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
- created
At string - The timestamp of resource creation (UTC).
- created
By string - The identity that created the resource.
- created
By stringType - The type of identity that created the resource.
- last
Modified stringAt - The timestamp of resource last modification (UTC)
- last
Modified stringBy - The identity that last modified the resource.
- last
Modified stringBy Type - The type of identity that last modified the resource.
- created_
at str - The timestamp of resource creation (UTC).
- created_
by str - The identity that created the resource.
- created_
by_ strtype - The type of identity that created the resource.
- last_
modified_ strat - The timestamp of resource last modification (UTC)
- last_
modified_ strby - The identity that last modified the resource.
- last_
modified_ strby_ type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
ThreatIntelligenceExternalReference, ThreatIntelligenceExternalReferenceArgs
- Description string
- External reference description
- External
Id string - External reference ID
- Hashes Dictionary<string, string>
- External reference hashes
- Source
Name string - External reference source name
- Url string
- External reference URL
- Description string
- External reference description
- External
Id string - External reference ID
- Hashes map[string]string
- External reference hashes
- Source
Name string - External reference source name
- Url string
- External reference URL
- description String
- External reference description
- external
Id String - External reference ID
- hashes Map<String,String>
- External reference hashes
- source
Name String - External reference source name
- url String
- External reference URL
- description string
- External reference description
- external
Id string - External reference ID
- hashes {[key: string]: string}
- External reference hashes
- source
Name string - External reference source name
- url string
- External reference URL
- description str
- External reference description
- external_
id str - External reference ID
- hashes Mapping[str, str]
- External reference hashes
- source_
name str - External reference source name
- url str
- External reference URL
- description String
- External reference description
- external
Id String - External reference ID
- hashes Map<String>
- External reference hashes
- source
Name String - External reference source name
- url String
- External reference URL
ThreatIntelligenceGranularMarkingModel, ThreatIntelligenceGranularMarkingModelArgs
- Language string
- Language granular marking model
- Marking
Ref int - marking reference granular marking model
- Selectors List<string>
- granular marking model selectors
- Language string
- Language granular marking model
- Marking
Ref int - marking reference granular marking model
- Selectors []string
- granular marking model selectors
- language String
- Language granular marking model
- marking
Ref Integer - marking reference granular marking model
- selectors List<String>
- granular marking model selectors
- language string
- Language granular marking model
- marking
Ref number - marking reference granular marking model
- selectors string[]
- granular marking model selectors
- language str
- Language granular marking model
- marking_
ref int - marking reference granular marking model
- selectors Sequence[str]
- granular marking model selectors
- language String
- Language granular marking model
- marking
Ref Number - marking reference granular marking model
- selectors List<String>
- granular marking model selectors
ThreatIntelligenceKillChainPhase, ThreatIntelligenceKillChainPhaseArgs
- Kill
Chain stringName - Kill chainName name
- Phase
Name string - Phase name
- Kill
Chain stringName - Kill chainName name
- Phase
Name string - Phase name
- kill
Chain StringName - Kill chainName name
- phase
Name String - Phase name
- kill
Chain stringName - Kill chainName name
- phase
Name string - Phase name
- kill_
chain_ strname - Kill chainName name
- phase_
name str - Phase name
- kill
Chain StringName - Kill chainName name
- phase
Name String - Phase name
ThreatIntelligenceParsedPattern, ThreatIntelligenceParsedPatternArgs
- Pattern
Type stringKey - Pattern type key
- Pattern
Type List<Pulumi.Values Azure Native. Security Insights. Inputs. Threat Intelligence Parsed Pattern Type Value> - Pattern type keys
- Pattern
Type stringKey - Pattern type key
- Pattern
Type []ThreatValues Intelligence Parsed Pattern Type Value - Pattern type keys
- pattern
Type StringKey - Pattern type key
- pattern
Type List<ThreatValues Intelligence Parsed Pattern Type Value> - Pattern type keys
- pattern
Type stringKey - Pattern type key
- pattern
Type ThreatValues Intelligence Parsed Pattern Type Value[] - Pattern type keys
- pattern_
type_ strkey - Pattern type key
- pattern_
type_ Sequence[Threatvalues Intelligence Parsed Pattern Type Value] - Pattern type keys
- pattern
Type StringKey - Pattern type key
- pattern
Type List<Property Map>Values - Pattern type keys
ThreatIntelligenceParsedPatternTypeValue, ThreatIntelligenceParsedPatternTypeValueArgs
- value str
- Value of parsed pattern
- value_
type str - Type of the value
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:ThreatIntelligenceIndicator 180105c7-a28d-b1a2-4a78-234f6ec80fd6 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi