import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Sentinel Metadata. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", { * name: "example-workspace", * location: example.location, * resourceGroupName: example.name, * sku: "pergb2018", * }); * const exampleAnalyticsSolution = new azure.operationalinsights.AnalyticsSolution("example", { * solutionName: "SecurityInsights", * location: example.location, * resourceGroupName: example.name, * workspaceResourceId: exampleAnalyticsWorkspace.id, * workspaceName: exampleAnalyticsWorkspace.name, * plan: { * publisher: "Microsoft", * product: "OMSGallery/SecurityInsights", * }, * }); * const exampleAlertRuleNrt = new azure.sentinel.AlertRuleNrt("example", { * name: "example", * logAnalyticsWorkspaceId: exampleAnalyticsSolution.workspaceResourceId, * displayName: "example", * severity: "High", * query: `AzureActivity | * where OperationName == \\"Create or Update Virtual Machine\\" or OperationName ==\\"Create Deployment\\" | * where ActivityStatus == \\"Succeeded\\" | * make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller * `, * }); * const exampleMetadata = new azure.sentinel.Metadata("example", { * name: "exampl", * workspaceId: exampleAnalyticsSolution.workspaceResourceId, * contentId: exampleAlertRuleNrt.name, * kind: "AnalyticsRule", * parentId: exampleAlertRuleNrt.id, * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.OperationalInsights` - 2022-10-01-preview * * ## Import * * Sentinel Metadata can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:sentinel/metadata:Metadata example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/metadata/metadata1 * ``` */ export declare class Metadata extends pulumi.CustomResource { /** * Get an existing Metadata resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: MetadataState, opts?: pulumi.CustomResourceOptions): Metadata; /** * Returns true if the given object is an instance of Metadata. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Metadata; /** * An `author` blocks as defined below. */ readonly author: pulumi.Output; /** * A `category` block as defined below. */ readonly category: pulumi.Output; /** * The ID of the content. Used to identify dependencies and content from solutions or community. */ readonly contentId: pulumi.Output; /** * Schema version of the content. Can be used to distinguish between flow based on the schema version. */ readonly contentSchemaVersion: pulumi.Output; /** * The Custom version of the content. */ readonly customVersion: pulumi.Output; /** * A JSON formatted `dependency` block as defined below. Dependency for the content item, what other content items it requires to work. */ readonly dependency: pulumi.Output; /** * The first publish date of solution content item. */ readonly firstPublishDate: pulumi.Output; /** * The ID of the icon, this id can be fetched from the solution template. */ readonly iconId: pulumi.Output; /** * The kind of content the metadata is for. Possible values are `AnalyticsRule`, `AnalyticsRuleTemplate`, `AutomationRule`, `AzureFunction`, `DataConnector`, `DataType`, `HuntingQuery`, `InvestigationQuery`, `LogicAppsCustomConnector`, `Parser`, `Playbook`, `PlaybookTemplate`, `Solution`, `Watchlist`, `WatchlistTemplate`, `Workbook` and `WorkbookTemplate`. */ readonly kind: pulumi.Output; /** * The last publish date of solution content item. */ readonly lastPublishDate: pulumi.Output; /** * The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created. */ readonly name: pulumi.Output; /** * The ID of the parent resource ID of the content item, which the metadata belongs to. */ readonly parentId: pulumi.Output; /** * Specifies a list of preview image file names. These will be taken from solution artifacts. */ readonly previewImages: pulumi.Output; /** * Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts. */ readonly previewImagesDarks: pulumi.Output; /** * Specifies a list of providers for the solution content item. */ readonly providers: pulumi.Output; /** * A `source` block as defined below. */ readonly source: pulumi.Output; /** * A `support` block as defined below. */ readonly support: pulumi.Output; /** * Specifies a list of tactics the resource covers. Possible values are `Reconnaissance`, `ResourceDevelopment`, `InitialAccess`, `Execution`, `Persistence`, `PrivilegeEscalation`, `DefenseEvasion`, `CredentialAccess`, `Discovery`, `LateralMovement`, `Collection`, `CommandAndControl`, `Exfiltration`, `Impact`, `ImpairProcessControl` and `InhibitResponseFunction`. */ readonly threatAnalysisTactics: pulumi.Output; /** * Specifies a list of techniques the resource covers. */ readonly threatAnalysisTechniques: pulumi.Output; /** * Version of the content. */ readonly version: pulumi.Output; /** * The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created. */ readonly workspaceId: pulumi.Output; /** * Create a Metadata resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: MetadataArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Metadata resources. */ export interface MetadataState { /** * An `author` blocks as defined below. */ author?: pulumi.Input; /** * A `category` block as defined below. */ category?: pulumi.Input; /** * The ID of the content. Used to identify dependencies and content from solutions or community. */ contentId?: pulumi.Input; /** * Schema version of the content. Can be used to distinguish between flow based on the schema version. */ contentSchemaVersion?: pulumi.Input; /** * The Custom version of the content. */ customVersion?: pulumi.Input; /** * A JSON formatted `dependency` block as defined below. Dependency for the content item, what other content items it requires to work. */ dependency?: pulumi.Input; /** * The first publish date of solution content item. */ firstPublishDate?: pulumi.Input; /** * The ID of the icon, this id can be fetched from the solution template. */ iconId?: pulumi.Input; /** * The kind of content the metadata is for. Possible values are `AnalyticsRule`, `AnalyticsRuleTemplate`, `AutomationRule`, `AzureFunction`, `DataConnector`, `DataType`, `HuntingQuery`, `InvestigationQuery`, `LogicAppsCustomConnector`, `Parser`, `Playbook`, `PlaybookTemplate`, `Solution`, `Watchlist`, `WatchlistTemplate`, `Workbook` and `WorkbookTemplate`. */ kind?: pulumi.Input; /** * The last publish date of solution content item. */ lastPublishDate?: pulumi.Input; /** * The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created. */ name?: pulumi.Input; /** * The ID of the parent resource ID of the content item, which the metadata belongs to. */ parentId?: pulumi.Input; /** * Specifies a list of preview image file names. These will be taken from solution artifacts. */ previewImages?: pulumi.Input[]>; /** * Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts. */ previewImagesDarks?: pulumi.Input[]>; /** * Specifies a list of providers for the solution content item. */ providers?: pulumi.Input[]>; /** * A `source` block as defined below. */ source?: pulumi.Input; /** * A `support` block as defined below. */ support?: pulumi.Input; /** * Specifies a list of tactics the resource covers. Possible values are `Reconnaissance`, `ResourceDevelopment`, `InitialAccess`, `Execution`, `Persistence`, `PrivilegeEscalation`, `DefenseEvasion`, `CredentialAccess`, `Discovery`, `LateralMovement`, `Collection`, `CommandAndControl`, `Exfiltration`, `Impact`, `ImpairProcessControl` and `InhibitResponseFunction`. */ threatAnalysisTactics?: pulumi.Input[]>; /** * Specifies a list of techniques the resource covers. */ threatAnalysisTechniques?: pulumi.Input[]>; /** * Version of the content. */ version?: pulumi.Input; /** * The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created. */ workspaceId?: pulumi.Input; } /** * The set of arguments for constructing a Metadata resource. */ export interface MetadataArgs { /** * An `author` blocks as defined below. */ author?: pulumi.Input; /** * A `category` block as defined below. */ category?: pulumi.Input; /** * The ID of the content. Used to identify dependencies and content from solutions or community. */ contentId: pulumi.Input; /** * Schema version of the content. Can be used to distinguish between flow based on the schema version. */ contentSchemaVersion?: pulumi.Input; /** * The Custom version of the content. */ customVersion?: pulumi.Input; /** * A JSON formatted `dependency` block as defined below. Dependency for the content item, what other content items it requires to work. */ dependency?: pulumi.Input; /** * The first publish date of solution content item. */ firstPublishDate?: pulumi.Input; /** * The ID of the icon, this id can be fetched from the solution template. */ iconId?: pulumi.Input; /** * The kind of content the metadata is for. Possible values are `AnalyticsRule`, `AnalyticsRuleTemplate`, `AutomationRule`, `AzureFunction`, `DataConnector`, `DataType`, `HuntingQuery`, `InvestigationQuery`, `LogicAppsCustomConnector`, `Parser`, `Playbook`, `PlaybookTemplate`, `Solution`, `Watchlist`, `WatchlistTemplate`, `Workbook` and `WorkbookTemplate`. */ kind: pulumi.Input; /** * The last publish date of solution content item. */ lastPublishDate?: pulumi.Input; /** * The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created. */ name?: pulumi.Input; /** * The ID of the parent resource ID of the content item, which the metadata belongs to. */ parentId: pulumi.Input; /** * Specifies a list of preview image file names. These will be taken from solution artifacts. */ previewImages?: pulumi.Input[]>; /** * Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts. */ previewImagesDarks?: pulumi.Input[]>; /** * Specifies a list of providers for the solution content item. */ providers?: pulumi.Input[]>; /** * A `source` block as defined below. */ source?: pulumi.Input; /** * A `support` block as defined below. */ support?: pulumi.Input; /** * Specifies a list of tactics the resource covers. Possible values are `Reconnaissance`, `ResourceDevelopment`, `InitialAccess`, `Execution`, `Persistence`, `PrivilegeEscalation`, `DefenseEvasion`, `CredentialAccess`, `Discovery`, `LateralMovement`, `Collection`, `CommandAndControl`, `Exfiltration`, `Impact`, `ImpairProcessControl` and `InhibitResponseFunction`. */ threatAnalysisTactics?: pulumi.Input[]>; /** * Specifies a list of techniques the resource covers. */ threatAnalysisTechniques?: pulumi.Input[]>; /** * Version of the content. */ version?: pulumi.Input; /** * The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created. */ workspaceId: pulumi.Input; }