watchlists
Creates, updates, deletes, gets or lists a watchlists resource.
Overview
| Name | watchlists |
| Type | Resource |
| Id | azure.sentinel.watchlists |
Fields
- vw_watchlists
- watchlists
| Name | Datatype | Description |
|---|---|---|
description | text | field from the properties object |
content_type | text | field from the properties object |
created | text | field from the properties object |
created_by | text | field from the properties object |
default_duration | text | field from the properties object |
display_name | text | field from the properties object |
etag | text | Etag of the azure resource |
is_deleted | text | field from the properties object |
items_search_key | text | field from the properties object |
labels | text | field from the properties object |
number_of_lines_to_skip | text | field from the properties object |
provider | text | field from the properties object |
raw_content | text | field from the properties object |
resourceGroupName | text | field from the properties object |
source | text | field from the properties object |
subscriptionId | text | field from the properties object |
tenant_id | text | field from the properties object |
updated | text | field from the properties object |
updated_by | text | field from the properties object |
upload_status | text | field from the properties object |
watchlistAlias | text | field from the properties object |
watchlist_alias | text | field from the properties object |
watchlist_id | text | field from the properties object |
watchlist_type | text | field from the properties object |
workspaceName | text | field from the properties object |
| Name | Datatype | Description |
|---|---|---|
etag | string | Etag of the azure resource |
properties | object | Describes watchlist properties |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | resourceGroupName, subscriptionId, watchlistAlias, workspaceName | Get a watchlist, without its watchlist items. |
list | SELECT | resourceGroupName, subscriptionId, workspaceName | Get all watchlists, without watchlist items. |
create_or_update | INSERT | resourceGroupName, subscriptionId, watchlistAlias, workspaceName | Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with rawContent and contentType properties. |
delete | DELETE | resourceGroupName, subscriptionId, watchlistAlias, workspaceName | Delete a watchlist. |
SELECT examples
Get all watchlists, without watchlist items.
- vw_watchlists
- watchlists
SELECT
description,
content_type,
created,
created_by,
default_duration,
display_name,
etag,
is_deleted,
items_search_key,
labels,
number_of_lines_to_skip,
provider,
raw_content,
resourceGroupName,
source,
subscriptionId,
tenant_id,
updated,
updated_by,
upload_status,
watchlistAlias,
watchlist_alias,
watchlist_id,
watchlist_type,
workspaceName
FROM azure.sentinel.vw_watchlists
WHERE resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';
SELECT
etag,
properties
FROM azure.sentinel.watchlists
WHERE resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';
INSERT example
Use the following StackQL query and manifest file to create a new watchlists resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO azure.sentinel.watchlists (
resourceGroupName,
subscriptionId,
watchlistAlias,
workspaceName,
etag,
properties
)
SELECT
'{{ resourceGroupName }}',
'{{ subscriptionId }}',
'{{ watchlistAlias }}',
'{{ workspaceName }}',
'{{ etag }}',
'{{ properties }}'
;
- name: your_resource_model_name
props:
- name: etag
value: string
- name: properties
value:
- name: watchlistId
value: string
- name: displayName
value: string
- name: provider
value: string
- name: source
value: string
- name: created
value: string
- name: updated
value: string
- name: createdBy
value:
- name: email
value: string
- name: name
value: string
- name: objectId
value: string
- name: description
value: string
- name: watchlistType
value: string
- name: watchlistAlias
value: string
- name: isDeleted
value: boolean
- name: labels
value:
- []
- name: defaultDuration
value: string
- name: tenantId
value: string
- name: numberOfLinesToSkip
value: integer
- name: rawContent
value: string
- name: itemsSearchKey
value: string
- name: contentType
value: string
- name: uploadStatus
value: string
DELETE example
Deletes the specified watchlists resource.
/*+ delete */
DELETE FROM azure.sentinel.watchlists
WHERE resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND watchlistAlias = '{{ watchlistAlias }}'
AND workspaceName = '{{ workspaceName }}';