bookmarks
Creates, updates, deletes, gets or lists a bookmarks resource.
Overview
| Name | bookmarks |
| Type | Resource |
| Id | azure.sentinel.bookmarks |
Fields
- vw_bookmarks
- bookmarks
| Name | Datatype | Description |
|---|---|---|
bookmarkId | text | field from the properties object |
created | text | field from the properties object |
created_by | text | field from the properties object |
display_name | text | field from the properties object |
etag | text | Etag of the azure resource |
event_time | text | field from the properties object |
incident_info | text | field from the properties object |
labels | text | field from the properties object |
notes | text | field from the properties object |
query | text | field from the properties object |
query_end_time | text | field from the properties object |
query_result | text | field from the properties object |
query_start_time | text | field from the properties object |
resourceGroupName | text | field from the properties object |
subscriptionId | text | field from the properties object |
updated | text | field from the properties object |
updated_by | text | field from the properties object |
workspaceName | text | field from the properties object |
| Name | Datatype | Description |
|---|---|---|
etag | string | Etag of the azure resource |
properties | object | Describes bookmark properties |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | bookmarkId, resourceGroupName, subscriptionId, workspaceName | Gets a bookmark. |
list | SELECT | resourceGroupName, subscriptionId, workspaceName | Gets all bookmarks. |
create_or_update | INSERT | bookmarkId, resourceGroupName, subscriptionId, workspaceName | Creates or updates the bookmark. |
delete | DELETE | bookmarkId, resourceGroupName, subscriptionId, workspaceName | Delete the bookmark. |
SELECT examples
Gets all bookmarks.
- vw_bookmarks
- bookmarks
SELECT
bookmarkId,
created,
created_by,
display_name,
etag,
event_time,
incident_info,
labels,
notes,
query,
query_end_time,
query_result,
query_start_time,
resourceGroupName,
subscriptionId,
updated,
updated_by,
workspaceName
FROM azure.sentinel.vw_bookmarks
WHERE resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';
SELECT
etag,
properties
FROM azure.sentinel.bookmarks
WHERE resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';
INSERT example
Use the following StackQL query and manifest file to create a new bookmarks resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO azure.sentinel.bookmarks (
bookmarkId,
resourceGroupName,
subscriptionId,
workspaceName,
etag,
properties
)
SELECT
'{{ bookmarkId }}',
'{{ resourceGroupName }}',
'{{ subscriptionId }}',
'{{ workspaceName }}',
'{{ etag }}',
'{{ properties }}'
;
- name: your_resource_model_name
props:
- name: etag
value: string
- name: properties
value:
- name: created
value: string
- name: createdBy
value:
- name: email
value: string
- name: name
value: string
- name: objectId
value: string
- name: displayName
value: string
- name: labels
value:
- []
- name: notes
value: string
- name: query
value: string
- name: queryResult
value: string
- name: updated
value: string
- name: eventTime
value: string
- name: queryStartTime
value: string
- name: queryEndTime
value: string
- name: incidentInfo
value:
- name: incidentId
value: string
- name: severity
value: []
- name: title
value: string
- name: relationName
value: string
DELETE example
Deletes the specified bookmarks resource.
/*+ delete */
DELETE FROM azure.sentinel.bookmarks
WHERE bookmarkId = '{{ bookmarkId }}'
AND resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';