import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Sentinel Threat Intelligence Indicator. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-rg", * location: "east us", * }); * const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", { * name: "example-law", * location: example.location, * resourceGroupName: example.name, * sku: "PerGB2018", * retentionInDays: 30, * }); * const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", {workspaceId: exampleAnalyticsWorkspace.id}); * const exampleThreatIntelligenceIndicator = new azure.sentinel.ThreatIntelligenceIndicator("example", { * workspaceId: exampleLogAnalyticsWorkspaceOnboarding.workspaceId, * patternType: "domain-name", * pattern: "http://example.com", * source: "Microsoft Sentinel", * validateFromUtc: "2022-12-14T16:00:00Z", * displayName: "example-indicator", * }); * ``` * * ## Import * * Sentinel Threat Intelligence Indicators can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:sentinel/threatIntelligenceIndicator:ThreatIntelligenceIndicator example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1 * ``` */ export declare class ThreatIntelligenceIndicator extends pulumi.CustomResource { /** * Get an existing ThreatIntelligenceIndicator resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ThreatIntelligenceIndicatorState, opts?: pulumi.CustomResourceOptions): ThreatIntelligenceIndicator; /** * Returns true if the given object is an instance of ThreatIntelligenceIndicator. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ThreatIntelligenceIndicator; /** * Confidence levels of the Threat Intelligence Indicator. */ readonly confidence: pulumi.Output; /** * The creator of the Threat Intelligence Indicator. */ readonly createdBy: pulumi.Output; /** * The date of this Threat Intelligence Indicator created. */ readonly createdOn: pulumi.Output; /** * Whether the Threat Intelligence entity is defanged? */ readonly defanged: pulumi.Output; /** * The description of the Threat Intelligence Indicator. */ readonly description: pulumi.Output; /** * The display name of the Threat Intelligence Indicator. */ readonly displayName: pulumi.Output; /** * The extension config of the Threat Intelligence Indicator in JSON format. */ readonly extension: pulumi.Output; /** * The external ID of the Threat Intelligence Indicator. */ readonly externalId: pulumi.Output; /** * the External last updated time in UTC. */ readonly externalLastUpdatedTimeUtc: pulumi.Output; /** * One or more `externalReference` blocks as defined below. */ readonly externalReferences: pulumi.Output; /** * One or more `granularMarking` blocks as defined below. */ readonly granularMarkings: pulumi.Output; /** * The guid of this Sentinel Threat Intelligence Indicator. */ readonly guid: pulumi.Output; /** * A list of indicator types of this Threat Intelligence Indicator. */ readonly indicatorTypes: pulumi.Output; /** * One or more `killChainPhase` blocks as defined below. */ readonly killChainPhases: pulumi.Output; /** * The language of the Threat Intelligence Indicator. */ readonly language: pulumi.Output; /** * The last updated time of the Threat Intelligence Indicator in UTC. */ readonly lastUpdatedTimeUtc: pulumi.Output; /** * Specifies a list of Threat Intelligence marking references. */ readonly objectMarkingRefs: pulumi.Output; /** * A `parsedPattern` block as defined below. */ readonly parsedPatterns: pulumi.Output; /** * The pattern used by the Threat Intelligence Indicator. When `patternType` set to `file`, `pattern` must be specified with `:` format, such as `MD5:78ecc5c05cd8b79af480df2f8fba0b9d`. */ readonly pattern: pulumi.Output; /** * The type of pattern used by the Threat Intelligence Indicator. Possible values are `domain-name`, `file`, `ipv4-addr`, `ipv6-addr` and `url`. */ readonly patternType: pulumi.Output; /** * The version of a Threat Intelligence entity. */ readonly patternVersion: pulumi.Output; /** * Whether the Threat Intelligence entity revoked. */ readonly revoked: pulumi.Output; /** * Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created. */ readonly source: pulumi.Output; /** * Specifies a list of tags of the Threat Intelligence Indicator. */ readonly tags: pulumi.Output; /** * Specifies a list of threat types of this Threat Intelligence Indicator. */ readonly threatTypes: pulumi.Output; /** * The start of validate date in RFC3339. */ readonly validateFromUtc: pulumi.Output; /** * The end of validate date of the Threat Intelligence Indicator in RFC3339 format. */ readonly validateUntilUtc: pulumi.Output; /** * The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created. */ readonly workspaceId: pulumi.Output; /** * Create a ThreatIntelligenceIndicator resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ThreatIntelligenceIndicatorArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ThreatIntelligenceIndicator resources. */ export interface ThreatIntelligenceIndicatorState { /** * Confidence levels of the Threat Intelligence Indicator. */ confidence?: pulumi.Input; /** * The creator of the Threat Intelligence Indicator. */ createdBy?: pulumi.Input; /** * The date of this Threat Intelligence Indicator created. */ createdOn?: pulumi.Input; /** * Whether the Threat Intelligence entity is defanged? */ defanged?: pulumi.Input; /** * The description of the Threat Intelligence Indicator. */ description?: pulumi.Input; /** * The display name of the Threat Intelligence Indicator. */ displayName?: pulumi.Input; /** * The extension config of the Threat Intelligence Indicator in JSON format. */ extension?: pulumi.Input; /** * The external ID of the Threat Intelligence Indicator. */ externalId?: pulumi.Input; /** * the External last updated time in UTC. */ externalLastUpdatedTimeUtc?: pulumi.Input; /** * One or more `externalReference` blocks as defined below. */ externalReferences?: pulumi.Input[]>; /** * One or more `granularMarking` blocks as defined below. */ granularMarkings?: pulumi.Input[]>; /** * The guid of this Sentinel Threat Intelligence Indicator. */ guid?: pulumi.Input; /** * A list of indicator types of this Threat Intelligence Indicator. */ indicatorTypes?: pulumi.Input[]>; /** * One or more `killChainPhase` blocks as defined below. */ killChainPhases?: pulumi.Input[]>; /** * The language of the Threat Intelligence Indicator. */ language?: pulumi.Input; /** * The last updated time of the Threat Intelligence Indicator in UTC. */ lastUpdatedTimeUtc?: pulumi.Input; /** * Specifies a list of Threat Intelligence marking references. */ objectMarkingRefs?: pulumi.Input[]>; /** * A `parsedPattern` block as defined below. */ parsedPatterns?: pulumi.Input[]>; /** * The pattern used by the Threat Intelligence Indicator. When `patternType` set to `file`, `pattern` must be specified with `:` format, such as `MD5:78ecc5c05cd8b79af480df2f8fba0b9d`. */ pattern?: pulumi.Input; /** * The type of pattern used by the Threat Intelligence Indicator. Possible values are `domain-name`, `file`, `ipv4-addr`, `ipv6-addr` and `url`. */ patternType?: pulumi.Input; /** * The version of a Threat Intelligence entity. */ patternVersion?: pulumi.Input; /** * Whether the Threat Intelligence entity revoked. */ revoked?: pulumi.Input; /** * Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created. */ source?: pulumi.Input; /** * Specifies a list of tags of the Threat Intelligence Indicator. */ tags?: pulumi.Input[]>; /** * Specifies a list of threat types of this Threat Intelligence Indicator. */ threatTypes?: pulumi.Input[]>; /** * The start of validate date in RFC3339. */ validateFromUtc?: pulumi.Input; /** * The end of validate date of the Threat Intelligence Indicator in RFC3339 format. */ validateUntilUtc?: pulumi.Input; /** * The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created. */ workspaceId?: pulumi.Input; } /** * The set of arguments for constructing a ThreatIntelligenceIndicator resource. */ export interface ThreatIntelligenceIndicatorArgs { /** * Confidence levels of the Threat Intelligence Indicator. */ confidence?: pulumi.Input; /** * The creator of the Threat Intelligence Indicator. */ createdBy?: pulumi.Input; /** * The description of the Threat Intelligence Indicator. */ description?: pulumi.Input; /** * The display name of the Threat Intelligence Indicator. */ displayName: pulumi.Input; /** * The extension config of the Threat Intelligence Indicator in JSON format. */ extension?: pulumi.Input; /** * One or more `externalReference` blocks as defined below. */ externalReferences?: pulumi.Input[]>; /** * One or more `granularMarking` blocks as defined below. */ granularMarkings?: pulumi.Input[]>; /** * One or more `killChainPhase` blocks as defined below. */ killChainPhases?: pulumi.Input[]>; /** * The language of the Threat Intelligence Indicator. */ language?: pulumi.Input; /** * Specifies a list of Threat Intelligence marking references. */ objectMarkingRefs?: pulumi.Input[]>; /** * The pattern used by the Threat Intelligence Indicator. When `patternType` set to `file`, `pattern` must be specified with `:` format, such as `MD5:78ecc5c05cd8b79af480df2f8fba0b9d`. */ pattern: pulumi.Input; /** * The type of pattern used by the Threat Intelligence Indicator. Possible values are `domain-name`, `file`, `ipv4-addr`, `ipv6-addr` and `url`. */ patternType: pulumi.Input; /** * The version of a Threat Intelligence entity. */ patternVersion?: pulumi.Input; /** * Whether the Threat Intelligence entity revoked. */ revoked?: pulumi.Input; /** * Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created. */ source: pulumi.Input; /** * Specifies a list of tags of the Threat Intelligence Indicator. */ tags?: pulumi.Input[]>; /** * Specifies a list of threat types of this Threat Intelligence Indicator. */ threatTypes?: pulumi.Input[]>; /** * The start of validate date in RFC3339. */ validateFromUtc: pulumi.Input; /** * The end of validate date of the Threat Intelligence Indicator in RFC3339 format. */ validateUntilUtc?: pulumi.Input; /** * The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created. */ workspaceId: pulumi.Input; }