Docs Home
Packages
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi
azure-native.securityinsights.Watchlist
Explore with Pulumi AI
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi
Represents a Watchlist in Azure Security Insights. API Version: 2021-03-01-preview.
Example Usage
Creates or updates a watchlist and bulk creates watchlist items.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var watchlist = new AzureNative.SecurityInsights.Watchlist("watchlist", new()
{
ContentType = "text/csv",
Description = "Watchlist from CSV content",
DisplayName = "High Value Assets Watchlist",
ItemsSearchKey = "header1",
NumberOfLinesToSkip = 1,
OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
Provider = "Microsoft",
RawContent = @"This line will be skipped
header1,header2
value1,value2",
ResourceGroupName = "myRg",
Source = "Local file",
WatchlistAlias = "highValueAsset",
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewWatchlist(ctx, "watchlist", &securityinsights.WatchlistArgs{
ContentType: pulumi.String("text/csv"),
Description: pulumi.String("Watchlist from CSV content"),
DisplayName: pulumi.String("High Value Assets Watchlist"),
ItemsSearchKey: pulumi.String("header1"),
NumberOfLinesToSkip: pulumi.Int(1),
OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
Provider: pulumi.String("Microsoft"),
RawContent: pulumi.String("This line will be skipped\nheader1,header2\nvalue1,value2"),
ResourceGroupName: pulumi.String("myRg"),
Source: pulumi.String("Local file"),
WatchlistAlias: pulumi.String("highValueAsset"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.Watchlist;
import com.pulumi.azurenative.securityinsights.WatchlistArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var watchlist = new Watchlist("watchlist", WatchlistArgs.builder()
.contentType("text/csv")
.description("Watchlist from CSV content")
.displayName("High Value Assets Watchlist")
.itemsSearchKey("header1")
.numberOfLinesToSkip(1)
.operationalInsightsResourceProvider("Microsoft.OperationalInsights")
.provider("Microsoft")
.rawContent("""
This line will be skipped
header1,header2
value1,value2 """)
.resourceGroupName("myRg")
.source("Local file")
.watchlistAlias("highValueAsset")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
watchlist = azure_native.securityinsights.Watchlist("watchlist",
content_type="text/csv",
description="Watchlist from CSV content",
display_name="High Value Assets Watchlist",
items_search_key="header1",
number_of_lines_to_skip=1,
operational_insights_resource_provider="Microsoft.OperationalInsights",
provider="Microsoft",
raw_content="""This line will be skipped
header1,header2
value1,value2""",
resource_group_name="myRg",
source="Local file",
watchlist_alias="highValueAsset",
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const watchlist = new azure_native.securityinsights.Watchlist("watchlist", {
contentType: "text/csv",
description: "Watchlist from CSV content",
displayName: "High Value Assets Watchlist",
itemsSearchKey: "header1",
numberOfLinesToSkip: 1,
operationalInsightsResourceProvider: "Microsoft.OperationalInsights",
provider: "Microsoft",
rawContent: `This line will be skipped
header1,header2
value1,value2`,
resourceGroupName: "myRg",
source: "Local file",
watchlistAlias: "highValueAsset",
workspaceName: "myWorkspace",
});
resources:
watchlist:
type: azure-native:securityinsights:Watchlist
properties:
contentType: text/csv
description: Watchlist from CSV content
displayName: High Value Assets Watchlist
itemsSearchKey: header1
numberOfLinesToSkip: 1
operationalInsightsResourceProvider: Microsoft.OperationalInsights
provider: Microsoft
rawContent: |-
This line will be skipped
header1,header2
value1,value2
resourceGroupName: myRg
source: Local file
watchlistAlias: highValueAsset
workspaceName: myWorkspace
Creates or updates a watchlist.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var watchlist = new AzureNative.SecurityInsights.Watchlist("watchlist", new()
{
Description = "Watchlist from CSV content",
DisplayName = "High Value Assets Watchlist",
ItemsSearchKey = "header1",
OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
Provider = "Microsoft",
ResourceGroupName = "myRg",
Source = "Local file",
WatchlistAlias = "highValueAsset",
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewWatchlist(ctx, "watchlist", &securityinsights.WatchlistArgs{
Description: pulumi.String("Watchlist from CSV content"),
DisplayName: pulumi.String("High Value Assets Watchlist"),
ItemsSearchKey: pulumi.String("header1"),
OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
Provider: pulumi.String("Microsoft"),
ResourceGroupName: pulumi.String("myRg"),
Source: pulumi.String("Local file"),
WatchlistAlias: pulumi.String("highValueAsset"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.Watchlist;
import com.pulumi.azurenative.securityinsights.WatchlistArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var watchlist = new Watchlist("watchlist", WatchlistArgs.builder()
.description("Watchlist from CSV content")
.displayName("High Value Assets Watchlist")
.itemsSearchKey("header1")
.operationalInsightsResourceProvider("Microsoft.OperationalInsights")
.provider("Microsoft")
.resourceGroupName("myRg")
.source("Local file")
.watchlistAlias("highValueAsset")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
watchlist = azure_native.securityinsights.Watchlist("watchlist",
description="Watchlist from CSV content",
display_name="High Value Assets Watchlist",
items_search_key="header1",
operational_insights_resource_provider="Microsoft.OperationalInsights",
provider="Microsoft",
resource_group_name="myRg",
source="Local file",
watchlist_alias="highValueAsset",
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const watchlist = new azure_native.securityinsights.Watchlist("watchlist", {
description: "Watchlist from CSV content",
displayName: "High Value Assets Watchlist",
itemsSearchKey: "header1",
operationalInsightsResourceProvider: "Microsoft.OperationalInsights",
provider: "Microsoft",
resourceGroupName: "myRg",
source: "Local file",
watchlistAlias: "highValueAsset",
workspaceName: "myWorkspace",
});
resources:
watchlist:
type: azure-native:securityinsights:Watchlist
properties:
description: Watchlist from CSV content
displayName: High Value Assets Watchlist
itemsSearchKey: header1
operationalInsightsResourceProvider: Microsoft.OperationalInsights
provider: Microsoft
resourceGroupName: myRg
source: Local file
watchlistAlias: highValueAsset
workspaceName: myWorkspace
Create Watchlist Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Watchlist(name: string, args: WatchlistArgs, opts?: CustomResourceOptions);@overload
def Watchlist(resource_name: str,
args: WatchlistArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Watchlist(resource_name: str,
opts: Optional[ResourceOptions] = None,
items_search_key: Optional[str] = None,
workspace_name: Optional[str] = None,
source: Optional[Union[str, Source]] = None,
resource_group_name: Optional[str] = None,
provider: Optional[str] = None,
display_name: Optional[str] = None,
operational_insights_resource_provider: Optional[str] = None,
raw_content: Optional[str] = None,
updated: Optional[str] = None,
number_of_lines_to_skip: Optional[int] = None,
is_deleted: Optional[bool] = None,
description: Optional[str] = None,
content_type: Optional[str] = None,
default_duration: Optional[str] = None,
created_by: Optional[WatchlistUserInfoArgs] = None,
tenant_id: Optional[str] = None,
labels: Optional[Sequence[str]] = None,
updated_by: Optional[WatchlistUserInfoArgs] = None,
upload_status: Optional[str] = None,
watchlist_alias: Optional[str] = None,
watchlist_id: Optional[str] = None,
watchlist_items_count: Optional[int] = None,
watchlist_type: Optional[str] = None,
created: Optional[str] = None)func NewWatchlist(ctx *Context, name string, args WatchlistArgs, opts ...ResourceOption) (*Watchlist, error)public Watchlist(string name, WatchlistArgs args, CustomResourceOptions? opts = null)
public Watchlist(String name, WatchlistArgs args)
public Watchlist(String name, WatchlistArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:Watchlist
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WatchlistArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WatchlistArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WatchlistArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WatchlistArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WatchlistArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var watchlistResource = new AzureNative.Securityinsights.Watchlist("watchlistResource", new()
{
ItemsSearchKey = "string",
WorkspaceName = "string",
Source = "string",
ResourceGroupName = "string",
Provider = "string",
DisplayName = "string",
OperationalInsightsResourceProvider = "string",
RawContent = "string",
Updated = "string",
NumberOfLinesToSkip = 0,
IsDeleted = false,
Description = "string",
ContentType = "string",
DefaultDuration = "string",
CreatedBy =
{
{ "objectId", "string" },
},
TenantId = "string",
Labels = new[]
{
"string",
},
UpdatedBy =
{
{ "objectId", "string" },
},
UploadStatus = "string",
WatchlistAlias = "string",
WatchlistId = "string",
WatchlistItemsCount = 0,
WatchlistType = "string",
Created = "string",
});
example, err := securityinsights.NewWatchlist(ctx, "watchlistResource", &securityinsights.WatchlistArgs{
ItemsSearchKey: "string",
WorkspaceName: "string",
Source: "string",
ResourceGroupName: "string",
Provider: "string",
DisplayName: "string",
OperationalInsightsResourceProvider: "string",
RawContent: "string",
Updated: "string",
NumberOfLinesToSkip: 0,
IsDeleted: false,
Description: "string",
ContentType: "string",
DefaultDuration: "string",
CreatedBy: map[string]interface{}{
"objectId": "string",
},
TenantId: "string",
Labels: []string{
"string",
},
UpdatedBy: map[string]interface{}{
"objectId": "string",
},
UploadStatus: "string",
WatchlistAlias: "string",
WatchlistId: "string",
WatchlistItemsCount: 0,
WatchlistType: "string",
Created: "string",
})
var watchlistResource = new Watchlist("watchlistResource", WatchlistArgs.builder()
.itemsSearchKey("string")
.workspaceName("string")
.source("string")
.resourceGroupName("string")
.provider("string")
.displayName("string")
.operationalInsightsResourceProvider("string")
.rawContent("string")
.updated("string")
.numberOfLinesToSkip(0)
.isDeleted(false)
.description("string")
.contentType("string")
.defaultDuration("string")
.createdBy(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.tenantId("string")
.labels("string")
.updatedBy(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.uploadStatus("string")
.watchlistAlias("string")
.watchlistId("string")
.watchlistItemsCount(0)
.watchlistType("string")
.created("string")
.build());
watchlist_resource = azure_native.securityinsights.Watchlist("watchlistResource",
items_search_key=string,
workspace_name=string,
source=string,
resource_group_name=string,
provider=string,
display_name=string,
operational_insights_resource_provider=string,
raw_content=string,
updated=string,
number_of_lines_to_skip=0,
is_deleted=False,
description=string,
content_type=string,
default_duration=string,
created_by={
objectId: string,
},
tenant_id=string,
labels=[string],
updated_by={
objectId: string,
},
upload_status=string,
watchlist_alias=string,
watchlist_id=string,
watchlist_items_count=0,
watchlist_type=string,
created=string)
const watchlistResource = new azure_native.securityinsights.Watchlist("watchlistResource", {
itemsSearchKey: "string",
workspaceName: "string",
source: "string",
resourceGroupName: "string",
provider: "string",
displayName: "string",
operationalInsightsResourceProvider: "string",
rawContent: "string",
updated: "string",
numberOfLinesToSkip: 0,
isDeleted: false,
description: "string",
contentType: "string",
defaultDuration: "string",
createdBy: {
objectId: "string",
},
tenantId: "string",
labels: ["string"],
updatedBy: {
objectId: "string",
},
uploadStatus: "string",
watchlistAlias: "string",
watchlistId: "string",
watchlistItemsCount: 0,
watchlistType: "string",
created: "string",
});
type: azure-native:securityinsights:Watchlist
properties:
contentType: string
created: string
createdBy:
objectId: string
defaultDuration: string
description: string
displayName: string
isDeleted: false
itemsSearchKey: string
labels:
- string
numberOfLinesToSkip: 0
operationalInsightsResourceProvider: string
provider: string
rawContent: string
resourceGroupName: string
source: string
tenantId: string
updated: string
updatedBy:
objectId: string
uploadStatus: string
watchlistAlias: string
watchlistId: string
watchlistItemsCount: 0
watchlistType: string
workspaceName: string
Watchlist Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Watchlist resource accepts the following input properties:
- Display
Name string - The display name of the watchlist
- Items
Search stringKey - The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.
- Operational
Insights stringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- Provider string
- The provider of the watchlist
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Source
string | Pulumi.
Azure Native. Security Insights. Source - The source of the watchlist
- Workspace
Name string - The name of the workspace.
- Content
Type string - The content type of the raw content. Example : text/csv or text/tsv
- Created string
- The time the watchlist was created
- Created
By Pulumi.Azure Native. Security Insights. Inputs. Watchlist User Info - Describes a user that created the watchlist
- Default
Duration string - The default duration of a watchlist (in ISO 8601 duration format)
- Description string
- A description of the watchlist
- Is
Deleted bool - A flag that indicates if the watchlist is deleted or not
- Labels List<string>
- List of labels relevant to this watchlist
- Number
Of intLines To Skip - The number of lines in a csv/tsv content to skip before the header
- Raw
Content string - The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint
- Tenant
Id string - The tenantId where the watchlist belongs to
- Updated string
- The last time the watchlist was updated
- Updated
By Pulumi.Azure Native. Security Insights. Inputs. Watchlist User Info - Describes a user that updated the watchlist
- Upload
Status string - The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted
- Watchlist
Alias string - The alias of the watchlist
- Watchlist
Id string - The id (a Guid) of the watchlist
- Watchlist
Items intCount - The number of Watchlist Items in the Watchlist
- Watchlist
Type string - The type of the watchlist
- Display
Name string - The display name of the watchlist
- Items
Search stringKey - The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.
- Operational
Insights stringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- Provider string
- The provider of the watchlist
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Source string | Source
- The source of the watchlist
- Workspace
Name string - The name of the workspace.
- Content
Type string - The content type of the raw content. Example : text/csv or text/tsv
- Created string
- The time the watchlist was created
- Created
By WatchlistUser Info Args - Describes a user that created the watchlist
- Default
Duration string - The default duration of a watchlist (in ISO 8601 duration format)
- Description string
- A description of the watchlist
- Is
Deleted bool - A flag that indicates if the watchlist is deleted or not
- Labels []string
- List of labels relevant to this watchlist
- Number
Of intLines To Skip - The number of lines in a csv/tsv content to skip before the header
- Raw
Content string - The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint
- Tenant
Id string - The tenantId where the watchlist belongs to
- Updated string
- The last time the watchlist was updated
- Updated
By WatchlistUser Info Args - Describes a user that updated the watchlist
- Upload
Status string - The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted
- Watchlist
Alias string - The alias of the watchlist
- Watchlist
Id string - The id (a Guid) of the watchlist
- Watchlist
Items intCount - The number of Watchlist Items in the Watchlist
- Watchlist
Type string - The type of the watchlist
- display
Name String - The display name of the watchlist
- items
Search StringKey - The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.
- operational
Insights StringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- provider String
- The provider of the watchlist
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- source String | Source
- The source of the watchlist
- workspace
Name String - The name of the workspace.
- content
Type String - The content type of the raw content. Example : text/csv or text/tsv
- created String
- The time the watchlist was created
- created
By WatchlistUser Info - Describes a user that created the watchlist
- default
Duration String - The default duration of a watchlist (in ISO 8601 duration format)
- description String
- A description of the watchlist
- is
Deleted Boolean - A flag that indicates if the watchlist is deleted or not
- labels List<String>
- List of labels relevant to this watchlist
- number
Of IntegerLines To Skip - The number of lines in a csv/tsv content to skip before the header
- raw
Content String - The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint
- tenant
Id String - The tenantId where the watchlist belongs to
- updated String
- The last time the watchlist was updated
- updated
By WatchlistUser Info - Describes a user that updated the watchlist
- upload
Status String - The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted
- watchlist
Alias String - The alias of the watchlist
- watchlist
Id String - The id (a Guid) of the watchlist
- watchlist
Items IntegerCount - The number of Watchlist Items in the Watchlist
- watchlist
Type String - The type of the watchlist
- display
Name string - The display name of the watchlist
- items
Search stringKey - The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.
- operational
Insights stringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- provider string
- The provider of the watchlist
- resource
Group stringName - The name of the resource group. The name is case insensitive.
- source string | Source
- The source of the watchlist
- workspace
Name string - The name of the workspace.
- content
Type string - The content type of the raw content. Example : text/csv or text/tsv
- created string
- The time the watchlist was created
- created
By WatchlistUser Info - Describes a user that created the watchlist
- default
Duration string - The default duration of a watchlist (in ISO 8601 duration format)
- description string
- A description of the watchlist
- is
Deleted boolean - A flag that indicates if the watchlist is deleted or not
- labels string[]
- List of labels relevant to this watchlist
- number
Of numberLines To Skip - The number of lines in a csv/tsv content to skip before the header
- raw
Content string - The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint
- tenant
Id string - The tenantId where the watchlist belongs to
- updated string
- The last time the watchlist was updated
- updated
By WatchlistUser Info - Describes a user that updated the watchlist
- upload
Status string - The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted
- watchlist
Alias string - The alias of the watchlist
- watchlist
Id string - The id (a Guid) of the watchlist
- watchlist
Items numberCount - The number of Watchlist Items in the Watchlist
- watchlist
Type string - The type of the watchlist
- display_
name str - The display name of the watchlist
- items_
search_ strkey - The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.
- operational_
insights_ strresource_ provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- provider str
- The provider of the watchlist
- resource_
group_ strname - The name of the resource group. The name is case insensitive.
- source str | Source
- The source of the watchlist
- workspace_
name str - The name of the workspace.
- content_
type str - The content type of the raw content. Example : text/csv or text/tsv
- created str
- The time the watchlist was created
- created_
by WatchlistUser Info Args - Describes a user that created the watchlist
- default_
duration str - The default duration of a watchlist (in ISO 8601 duration format)
- description str
- A description of the watchlist
- is_
deleted bool - A flag that indicates if the watchlist is deleted or not
- labels Sequence[str]
- List of labels relevant to this watchlist
- number_
of_ intlines_ to_ skip - The number of lines in a csv/tsv content to skip before the header
- raw_
content str - The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint
- tenant_
id str - The tenantId where the watchlist belongs to
- updated str
- The last time the watchlist was updated
- updated_
by WatchlistUser Info Args - Describes a user that updated the watchlist
- upload_
status str - The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted
- watchlist_
alias str - The alias of the watchlist
- watchlist_
id str - The id (a Guid) of the watchlist
- watchlist_
items_ intcount - The number of Watchlist Items in the Watchlist
- watchlist_
type str - The type of the watchlist
- display
Name String - The display name of the watchlist
- items
Search StringKey - The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.
- operational
Insights StringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- provider String
- The provider of the watchlist
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- source String | "Local file" | "Remote storage"
- The source of the watchlist
- workspace
Name String - The name of the workspace.
- content
Type String - The content type of the raw content. Example : text/csv or text/tsv
- created String
- The time the watchlist was created
- created
By Property Map - Describes a user that created the watchlist
- default
Duration String - The default duration of a watchlist (in ISO 8601 duration format)
- description String
- A description of the watchlist
- is
Deleted Boolean - A flag that indicates if the watchlist is deleted or not
- labels List<String>
- List of labels relevant to this watchlist
- number
Of NumberLines To Skip - The number of lines in a csv/tsv content to skip before the header
- raw
Content String - The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint
- tenant
Id String - The tenantId where the watchlist belongs to
- updated String
- The last time the watchlist was updated
- updated
By Property Map - Describes a user that updated the watchlist
- upload
Status String - The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted
- watchlist
Alias String - The alias of the watchlist
- watchlist
Id String - The id (a Guid) of the watchlist
- watchlist
Items NumberCount - The number of Watchlist Items in the Watchlist
- watchlist
Type String - The type of the watchlist
Outputs
All input properties are implicitly available as output properties. Additionally, the Watchlist resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Azure resource name
- System
Data Pulumi.Azure Native. Security Insights. Outputs. System Data Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- Azure resource type
- Etag string
- Etag of the azure resource
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Azure resource name
- System
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- Azure resource type
- Etag string
- Etag of the azure resource
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Azure resource name
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- Azure resource type
- etag String
- Etag of the azure resource
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Azure resource name
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type string
- Azure resource type
- etag string
- Etag of the azure resource
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Azure resource name
- system_
data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type str
- Azure resource type
- etag str
- Etag of the azure resource
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Azure resource name
- system
Data Property Map - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- Azure resource type
- etag String
- Etag of the azure resource
Supporting Types
Source, SourceArgs
- Local_
file - Local file
- Remote_
storage - Remote storage
- Source_Local_
file - Local file
- Source_Remote_
storage - Remote storage
- Local_
file - Local file
- Remote_
storage - Remote storage
- Local_
file - Local file
- Remote_
storage - Remote storage
- LOCAL_FILE
- Local file
- REMOTE_STORAGE
- Remote storage
- "Local file"
- Local file
- "Remote storage"
- Remote storage
SystemDataResponse, SystemDataResponseArgs
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
- created
At string - The timestamp of resource creation (UTC).
- created
By string - The identity that created the resource.
- created
By stringType - The type of identity that created the resource.
- last
Modified stringAt - The timestamp of resource last modification (UTC)
- last
Modified stringBy - The identity that last modified the resource.
- last
Modified stringBy Type - The type of identity that last modified the resource.
- created_
at str - The timestamp of resource creation (UTC).
- created_
by str - The identity that created the resource.
- created_
by_ strtype - The type of identity that created the resource.
- last_
modified_ strat - The timestamp of resource last modification (UTC)
- last_
modified_ strby - The identity that last modified the resource.
- last_
modified_ strby_ type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
WatchlistUserInfo, WatchlistUserInfoArgs
- Object
Id string - The object id of the user.
- Object
Id string - The object id of the user.
- object
Id String - The object id of the user.
- object
Id string - The object id of the user.
- object_
id str - The object id of the user.
- object
Id String - The object id of the user.
WatchlistUserInfoResponse, WatchlistUserInfoResponseArgs
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:Watchlist highValueAsset /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v1 pulumi/pulumi-azure-native
- License
- Apache-2.0
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi