Skip to main content

watchlist_items

Creates, updates, deletes, gets or lists a watchlist_items resource.

Overview

Namewatchlist_items
TypeResource
Idazure.sentinel.watchlist_items

Fields

The following fields are returned by SELECT queries:

NameDatatypeDescription
etagstringEtag of the azure resource
propertiesobjectWatchlist Item properties

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
getselectsubscriptionId, resourceGroupName, workspaceName, watchlistAlias, watchlistItemIdGet a watchlist item.
listselectsubscriptionId, resourceGroupName, workspaceName, watchlistAlias$skipTokenGet all watchlist Items.
create_or_updateinsertsubscriptionId, resourceGroupName, workspaceName, watchlistAlias, watchlistItemIdCreate or update a watchlist item.
deletedeletesubscriptionId, resourceGroupName, workspaceName, watchlistAlias, watchlistItemIdDelete a watchlist item.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
resourceGroupNamestringThe name of the resource group. The name is case insensitive.
subscriptionIdstringThe ID of the target subscription.
watchlistAliasstringThe watchlist alias
watchlistItemIdstringThe watchlist item id (GUID)
workspaceNamestringThe name of the workspace.
$skipTokenstringSkiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

SELECT examples

Get a watchlist item.

SELECT
etag,
properties
FROM azure.sentinel.watchlist_items
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND watchlistAlias = '{{ watchlistAlias }}' -- required
AND watchlistItemId = '{{ watchlistItemId }}' -- required
;

INSERT examples

Create or update a watchlist item.

INSERT INTO azure.sentinel.watchlist_items (
data__etag,
data__properties,
subscriptionId,
resourceGroupName,
workspaceName,
watchlistAlias,
watchlistItemId
)
SELECT 
'{{ etag }}',
'{{ properties }}',
'{{ subscriptionId }}',
'{{ resourceGroupName }}',
'{{ workspaceName }}',
'{{ watchlistAlias }}',
'{{ watchlistItemId }}'
RETURNING
etag,
properties
;

DELETE examples

Delete a watchlist item.

DELETE FROM azure.sentinel.watchlist_items
WHERE subscriptionId = '{{ subscriptionId }}' --required
AND resourceGroupName = '{{ resourceGroupName }}' --required
AND workspaceName = '{{ workspaceName }}' --required
AND watchlistAlias = '{{ watchlistAlias }}' --required
AND watchlistItemId = '{{ watchlistItemId }}' --required
;