vw_watchlists
Creates, updates, deletes, gets or lists a vw_watchlists resource.
Overview
| Name | vw_watchlists |
| Type | View |
| Id | azure.sentinel.vw_watchlists |
Fields
See the SQL Definition (view DDL) for fields returned by this view.
SQL Definition
- Sqlite3
- Postgres
SELECT
etag as etag,
JSON_EXTRACT(properties, '$.watchlistId') as "watchlist_id",
JSON_EXTRACT(properties, '$.displayName') as "display_name",
JSON_EXTRACT(properties, '$.provider') as "provider",
JSON_EXTRACT(properties, '$.source') as "source",
JSON_EXTRACT(properties, '$.created') as "created",
JSON_EXTRACT(properties, '$.updated') as "updated",
JSON_EXTRACT(properties, '$.createdBy') as "created_by",
JSON_EXTRACT(properties, '$.updatedBy') as "updated_by",
JSON_EXTRACT(properties, '$.description') as "description",
JSON_EXTRACT(properties, '$.watchlistType') as "watchlist_type",
JSON_EXTRACT(properties, '$.watchlistAlias') as "watchlist_alias",
JSON_EXTRACT(properties, '$.isDeleted') as "is_deleted",
JSON_EXTRACT(properties, '$.labels') as "labels",
JSON_EXTRACT(properties, '$.defaultDuration') as "default_duration",
JSON_EXTRACT(properties, '$.tenantId') as "tenant_id",
JSON_EXTRACT(properties, '$.numberOfLinesToSkip') as "number_of_lines_to_skip",
JSON_EXTRACT(properties, '$.rawContent') as "raw_content",
JSON_EXTRACT(properties, '$.itemsSearchKey') as "items_search_key",
JSON_EXTRACT(properties, '$.contentType') as "content_type",
JSON_EXTRACT(properties, '$.uploadStatus') as "upload_status",
subscriptionId,
resourceGroupName,
workspaceName,
watchlistAlias
FROM azure.sentinel.watchlists
WHERE subscriptionId = 'replace-me' AND resourceGroupName = 'replace-me' AND workspaceName = 'replace-me';
SELECT
etag as etag,
json_extract_path_text(properties, '$.watchlistId') as "watchlist_id",
json_extract_path_text(properties, '$.displayName') as "display_name",
json_extract_path_text(properties, '$.provider') as "provider",
json_extract_path_text(properties, '$.source') as "source",
json_extract_path_text(properties, '$.created') as "created",
json_extract_path_text(properties, '$.updated') as "updated",
json_extract_path_text(properties, '$.createdBy') as "created_by",
json_extract_path_text(properties, '$.updatedBy') as "updated_by",
json_extract_path_text(properties, '$.description') as "description",
json_extract_path_text(properties, '$.watchlistType') as "watchlist_type",
json_extract_path_text(properties, '$.watchlistAlias') as "watchlist_alias",
json_extract_path_text(properties, '$.isDeleted') as "is_deleted",
json_extract_path_text(properties, '$.labels') as "labels",
json_extract_path_text(properties, '$.defaultDuration') as "default_duration",
json_extract_path_text(properties, '$.tenantId') as "tenant_id",
json_extract_path_text(properties, '$.numberOfLinesToSkip') as "number_of_lines_to_skip",
json_extract_path_text(properties, '$.rawContent') as "raw_content",
json_extract_path_text(properties, '$.itemsSearchKey') as "items_search_key",
json_extract_path_text(properties, '$.contentType') as "content_type",
json_extract_path_text(properties, '$.uploadStatus') as "upload_status",
subscriptionId,
resourceGroupName,
workspaceName,
watchlistAlias
FROM azure.sentinel.watchlists
WHERE subscriptionId = 'replace-me' AND resourceGroupName = 'replace-me' AND workspaceName = 'replace-me';