threat_intelligence_indicator_indicators

Creates, updates, deletes, gets or lists a threat_intelligence_indicator_indicators resource.

Overview

Name	`threat_intelligence_indicator_indicators`
Type	Resource
Id	`azure.sentinel.threat_intelligence_indicator_indicators`

Fields

SELECT not supported for this resource, use SHOW METHODS to view available operations for the resource.

Methods

Name	Accessible by	Required Params	Description
`create`	`INSERT`	`resourceGroupName, subscriptionId, workspaceName`	Create a new threat intelligence indicator.

`INSERT` example

Use the following StackQL query and manifest file to create a new threat_intelligence_indicator_indicators resource.

All Properties
Manifest

/*+ create */
INSERT INTO azure.sentinel.threat_intelligence_indicator_indicators (
resourceGroupName,
subscriptionId,
workspaceName,
kind,
properties
)
SELECT 
'{{ resourceGroupName }}',
'{{ subscriptionId }}',
'{{ workspaceName }}',
'{{ kind }}',
'{{ properties }}'
;

- name: your_resource_model_name
  props:
    - name: kind
      value: []
    - name: properties
      value:
        - name: additionalData
          value: object
        - name: friendlyName
          value: string
        - name: threatIntelligenceTags
          value:
            - string
        - name: lastUpdatedTimeUtc
          value: string
        - name: source
          value: string
        - name: displayName
          value: string
        - name: description
          value: string
        - name: indicatorTypes
          value:
            - string
        - name: pattern
          value: string
        - name: patternType
          value: string
        - name: patternVersion
          value: string
        - name: killChainPhases
          value:
            - - name: killChainName
                value: string
              - name: phaseName
                value: string
        - name: parsedPattern
          value:
            - - name: patternTypeKey
                value: string
              - name: patternTypeValues
                value:
                  - - name: valueType
                      value: string
                    - name: value
                      value: string
        - name: externalId
          value: string
        - name: createdByRef
          value: string
        - name: defanged
          value: boolean
        - name: externalLastUpdatedTimeUtc
          value: string
        - name: externalReferences
          value:
            - - name: description
                value: string
              - name: externalId
                value: string
              - name: sourceName
                value: string
              - name: url
                value: string
              - name: hashes
                value: object
        - name: granularMarkings
          value:
            - - name: language
                value: string
              - name: markingRef
                value: integer
              - name: selectors
                value:
                  - string
        - name: labels
          value:
            - string
        - name: revoked
          value: boolean
        - name: confidence
          value: integer
        - name: objectMarkingRefs
          value:
            - string
        - name: language
          value: string
        - name: threatTypes
          value:
            - string
        - name: validFrom
          value: string
        - name: validUntil
          value: string
        - name: created
          value: string
        - name: modified
          value: string
        - name: extensions
          value: object

Overview​

Fields​

Methods​

INSERT example​

Overview

Fields

Methods

`INSERT` example