threat_intelligence_indicators
Creates, updates, deletes, gets or lists a threat_intelligence_indicators resource.
Overview
| Name | threat_intelligence_indicators |
| Type | Resource |
| Id | azure.sentinel.threat_intelligence_indicators |
Fields
| Name | Datatype | Description |
|---|---|---|
etag | string | Etag of the azure resource |
kind | string | The kind of the threat intelligence entity |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | name, resourceGroupName, subscriptionId, workspaceName | View a threat intelligence indicator by name. |
list | SELECT | resourceGroupName, subscriptionId, workspaceName | Get all threat intelligence indicators. |
create | INSERT | name, resourceGroupName, subscriptionId, workspaceName | Update a threat Intelligence indicator. |
delete | DELETE | name, resourceGroupName, subscriptionId, workspaceName | Delete a threat intelligence indicator. |
append_tags | EXEC | name, resourceGroupName, subscriptionId, workspaceName | Append tags to a threat intelligence indicator. |
query_indicators | EXEC | resourceGroupName, subscriptionId, workspaceName | Query threat intelligence indicators as per filtering criteria. |
SELECT examples
Get all threat intelligence indicators.
SELECT
etag,
kind
FROM azure.sentinel.threat_intelligence_indicators
WHERE resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';
INSERT example
Use the following StackQL query and manifest file to create a new threat_intelligence_indicators resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO azure.sentinel.threat_intelligence_indicators (
name,
resourceGroupName,
subscriptionId,
workspaceName,
kind,
properties
)
SELECT
'{{ name }}',
'{{ resourceGroupName }}',
'{{ subscriptionId }}',
'{{ workspaceName }}',
'{{ kind }}',
'{{ properties }}'
;
- name: your_resource_model_name
props:
- name: kind
value: []
- name: properties
value:
- name: additionalData
value: object
- name: friendlyName
value: string
- name: threatIntelligenceTags
value:
- string
- name: lastUpdatedTimeUtc
value: string
- name: source
value: string
- name: displayName
value: string
- name: description
value: string
- name: indicatorTypes
value:
- string
- name: pattern
value: string
- name: patternType
value: string
- name: patternVersion
value: string
- name: killChainPhases
value:
- - name: killChainName
value: string
- name: phaseName
value: string
- name: parsedPattern
value:
- - name: patternTypeKey
value: string
- name: patternTypeValues
value:
- - name: valueType
value: string
- name: value
value: string
- name: externalId
value: string
- name: createdByRef
value: string
- name: defanged
value: boolean
- name: externalLastUpdatedTimeUtc
value: string
- name: externalReferences
value:
- - name: description
value: string
- name: externalId
value: string
- name: sourceName
value: string
- name: url
value: string
- name: hashes
value: object
- name: granularMarkings
value:
- - name: language
value: string
- name: markingRef
value: integer
- name: selectors
value:
- string
- name: labels
value:
- string
- name: revoked
value: boolean
- name: confidence
value: integer
- name: objectMarkingRefs
value:
- string
- name: language
value: string
- name: threatTypes
value:
- string
- name: validFrom
value: string
- name: validUntil
value: string
- name: created
value: string
- name: modified
value: string
- name: extensions
value: object
DELETE example
Deletes the specified threat_intelligence_indicators resource.
/*+ delete */
DELETE FROM azure.sentinel.threat_intelligence_indicators
WHERE name = '{{ name }}'
AND resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';