threat_intelligence_indicator_indicators
Creates, updates, deletes, gets or lists a threat_intelligence_indicator_indicators resource.
Overview
| Name | threat_intelligence_indicator_indicators |
| Type | Resource |
| Id | azure.sentinel.threat_intelligence_indicator_indicators |
Fields
The following fields are returned by SELECT queries:
SELECT not supported for this resource, use SHOW METHODS to view available operations for the resource.
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
create | insert | subscriptionId, resourceGroupName, workspaceName | Create a new threat intelligence indicator. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
resourceGroupName | string | The name of the resource group. The name is case insensitive. |
subscriptionId | string | The ID of the target subscription. |
workspaceName | string | The name of the workspace. |
INSERT examples
- create
- Manifest
Create a new threat intelligence indicator.
INSERT INTO azure.sentinel.threat_intelligence_indicator_indicators (
data__kind,
data__properties,
subscriptionId,
resourceGroupName,
workspaceName
)
SELECT
'{{ kind }}',
'{{ properties }}',
'{{ subscriptionId }}',
'{{ resourceGroupName }}',
'{{ workspaceName }}'
RETURNING
etag,
kind
;
# Description fields are for documentation purposes
- name: threat_intelligence_indicator_indicators
props:
- name: subscriptionId
value: string
description: Required parameter for the threat_intelligence_indicator_indicators resource.
- name: resourceGroupName
value: string
description: Required parameter for the threat_intelligence_indicator_indicators resource.
- name: workspaceName
value: string
description: Required parameter for the threat_intelligence_indicator_indicators resource.
- name: kind
value: string
description: |
The kind of the entity.
valid_values: ['indicator']
- name: properties
value: object
description: |
Threat Intelligence Entity properties