Skip to main content

vw_watchlist_items

Creates, updates, deletes, gets or lists a vw_watchlist_items resource.

Overview

Namevw_watchlist_items
TypeView
Idazure.sentinel.vw_watchlist_items

Fields

See the SQL Definition (view DDL) for fields returned by this view.

SQL Definition

SELECT
etag as etag,
JSON_EXTRACT(properties, '$.watchlistItemType') as "watchlist_item_type",
JSON_EXTRACT(properties, '$.watchlistItemId') as "watchlist_item_id",
JSON_EXTRACT(properties, '$.tenantId') as "tenant_id",
JSON_EXTRACT(properties, '$.isDeleted') as "is_deleted",
JSON_EXTRACT(properties, '$.created') as "created",
JSON_EXTRACT(properties, '$.updated') as "updated",
JSON_EXTRACT(properties, '$.createdBy') as "created_by",
JSON_EXTRACT(properties, '$.updatedBy') as "updated_by",
JSON_EXTRACT(properties, '$.itemsKeyValue') as "items_key_value",
JSON_EXTRACT(properties, '$.entityMapping') as "entity_mapping",
subscriptionId,
resourceGroupName,
workspaceName,
watchlistAlias,
watchlistItemId
FROM azure.sentinel.watchlist_items
WHERE subscriptionId = 'replace-me' AND resourceGroupName = 'replace-me' AND workspaceName = 'replace-me' AND watchlistAlias = 'replace-me';