Docs
Packages
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi
azure-native.securityinsights.ContentTemplate
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi
Template resource definition. Azure REST API version: 2023-06-01-preview.
Other available API versions: 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01.
Example Usage
Get a template.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var contentTemplate = new AzureNative.SecurityInsights.ContentTemplate("contentTemplate", new()
{
Author = new AzureNative.SecurityInsights.Inputs.MetadataAuthorArgs
{
Email = "support@microsoft.com",
Name = "Microsoft",
},
ContentId = "8365ebfe-a381-45b7-ad08-7d818070e11f",
ContentKind = AzureNative.SecurityInsights.Kind.AnalyticsRule,
DisplayName = "API Protection workbook template",
MainTemplate = new Dictionary<string, object?>
{
["$schema"] = "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
["contentVersion"] = "1.0.1",
["resources"] = new[]
{
new Dictionary<string, object?>
{
["apiVersion"] = "2022-04-01-preview",
["kind"] = "Scheduled",
["location"] = "[parameters('workspace-location')]",
["name"] = "8365ebfe-a381-45b7-ad08-7d818070e11f",
["properties"] = new Dictionary<string, object?>
{
["description"] = "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user",
["displayName"] = "Critical or High Severity Detections by User",
["enabled"] = false,
["query"] = "...",
["queryFrequency"] = "PT1H",
["queryPeriod"] = "PT1H",
["severity"] = "High",
["status"] = "Available",
["suppressionDuration"] = "PT1H",
["suppressionEnabled"] = false,
["triggerOperator"] = "GreaterThan",
["triggerThreshold"] = 0,
},
["type"] = "Microsoft.SecurityInsights/AlertRuleTemplates",
},
new Dictionary<string, object?>
{
["apiVersion"] = "2022-01-01-preview",
["name"] = "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]",
["properties"] = new Dictionary<string, object?>
{
["author"] = new Dictionary<string, object?>
{
["email"] = "support@microsoft.com",
["name"] = "Microsoft",
},
["contentId"] = "4465ebde-b381-45f7-ad08-7d818070a11c",
["description"] = "CrowdStrike Falcon Endpoint Protection Analytics Rule 1",
["kind"] = "AnalyticsRule",
["parentId"] = "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]",
["source"] = new Dictionary<string, object?>
{
["kind"] = "Solution",
["name"] = "str",
["sourceId"] = "str.azure-sentinel-solution-str",
},
["support"] = new Dictionary<string, object?>
{
["email"] = "support@microsoft.com",
["link"] = "https://support.microsoft.com/",
["name"] = "Microsoft Corporation",
["tier"] = "Microsoft",
},
["version"] = "1.0.0",
},
["type"] = "Microsoft.OperationalInsights/workspaces/providers/metadata",
},
},
},
PackageId = "str.azure-sentinel-solution-str",
PackageKind = AzureNative.SecurityInsights.PackageKind.Solution,
PackageName = "str",
ResourceGroupName = "myRg",
Source = new AzureNative.SecurityInsights.Inputs.MetadataSourceArgs
{
Kind = AzureNative.SecurityInsights.SourceKind.Solution,
Name = "str",
SourceId = "str.azure-sentinel-solution-str",
},
Support = new AzureNative.SecurityInsights.Inputs.MetadataSupportArgs
{
Email = "support@microsoft.com",
Link = "https://support.microsoft.com/",
Name = "Microsoft Corporation",
Tier = AzureNative.SecurityInsights.SupportTier.Microsoft,
},
TemplateId = "str.azure-sentinel-solution-str",
Version = "1.0.1",
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewContentTemplate(ctx, "contentTemplate", &securityinsights.ContentTemplateArgs{
Author: &securityinsights.MetadataAuthorArgs{
Email: pulumi.String("support@microsoft.com"),
Name: pulumi.String("Microsoft"),
},
ContentId: pulumi.String("8365ebfe-a381-45b7-ad08-7d818070e11f"),
ContentKind: pulumi.String(securityinsights.KindAnalyticsRule),
DisplayName: pulumi.String("API Protection workbook template"),
MainTemplate: pulumi.Any(map[string]interface{}{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.1",
"resources": []interface{}{
map[string]interface{}{
"apiVersion": "2022-04-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"name": "8365ebfe-a381-45b7-ad08-7d818070e11f",
"properties": map[string]interface{}{
"description": "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user",
"displayName": "Critical or High Severity Detections by User",
"enabled": false,
"query": "...",
"queryFrequency": "PT1H",
"queryPeriod": "PT1H",
"severity": "High",
"status": "Available",
"suppressionDuration": "PT1H",
"suppressionEnabled": false,
"triggerOperator": "GreaterThan",
"triggerThreshold": 0,
},
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
},
map[string]interface{}{
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]",
"properties": map[string]interface{}{
"author": map[string]interface{}{
"email": "support@microsoft.com",
"name": "Microsoft",
},
"contentId": "4465ebde-b381-45f7-ad08-7d818070a11c",
"description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1",
"kind": "AnalyticsRule",
"parentId": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]",
"source": map[string]interface{}{
"kind": "Solution",
"name": "str",
"sourceId": "str.azure-sentinel-solution-str",
},
"support": map[string]interface{}{
"email": "support@microsoft.com",
"link": "https://support.microsoft.com/",
"name": "Microsoft Corporation",
"tier": "Microsoft",
},
"version": "1.0.0",
},
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
},
},
}),
PackageId: pulumi.String("str.azure-sentinel-solution-str"),
PackageKind: pulumi.String(securityinsights.PackageKindSolution),
PackageName: pulumi.String("str"),
ResourceGroupName: pulumi.String("myRg"),
Source: &securityinsights.MetadataSourceArgs{
Kind: pulumi.String(securityinsights.SourceKindSolution),
Name: pulumi.String("str"),
SourceId: pulumi.String("str.azure-sentinel-solution-str"),
},
Support: &securityinsights.MetadataSupportArgs{
Email: pulumi.String("support@microsoft.com"),
Link: pulumi.String("https://support.microsoft.com/"),
Name: pulumi.String("Microsoft Corporation"),
Tier: pulumi.String(securityinsights.SupportTierMicrosoft),
},
TemplateId: pulumi.String("str.azure-sentinel-solution-str"),
Version: pulumi.String("1.0.1"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ContentTemplate;
import com.pulumi.azurenative.securityinsights.ContentTemplateArgs;
import com.pulumi.azurenative.securityinsights.inputs.MetadataAuthorArgs;
import com.pulumi.azurenative.securityinsights.inputs.MetadataSourceArgs;
import com.pulumi.azurenative.securityinsights.inputs.MetadataSupportArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var contentTemplate = new ContentTemplate("contentTemplate", ContentTemplateArgs.builder()
.author(MetadataAuthorArgs.builder()
.email("support@microsoft.com")
.name("Microsoft")
.build())
.contentId("8365ebfe-a381-45b7-ad08-7d818070e11f")
.contentKind("AnalyticsRule")
.displayName("API Protection workbook template")
.mainTemplate(Map.ofEntries(
Map.entry("$schema", "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#"),
Map.entry("contentVersion", "1.0.1"),
Map.entry("resources",
Map.ofEntries(
Map.entry("apiVersion", "2022-04-01-preview"),
Map.entry("kind", "Scheduled"),
Map.entry("location", "[parameters('workspace-location')]"),
Map.entry("name", "8365ebfe-a381-45b7-ad08-7d818070e11f"),
Map.entry("properties", Map.ofEntries(
Map.entry("description", "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user"),
Map.entry("displayName", "Critical or High Severity Detections by User"),
Map.entry("enabled", false),
Map.entry("query", "..."),
Map.entry("queryFrequency", "PT1H"),
Map.entry("queryPeriod", "PT1H"),
Map.entry("severity", "High"),
Map.entry("status", "Available"),
Map.entry("suppressionDuration", "PT1H"),
Map.entry("suppressionEnabled", false),
Map.entry("triggerOperator", "GreaterThan"),
Map.entry("triggerThreshold", 0)
)),
Map.entry("type", "Microsoft.SecurityInsights/AlertRuleTemplates")
),
Map.ofEntries(
Map.entry("apiVersion", "2022-01-01-preview"),
Map.entry("name", "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]"),
Map.entry("properties", Map.ofEntries(
Map.entry("author", Map.ofEntries(
Map.entry("email", "support@microsoft.com"),
Map.entry("name", "Microsoft")
)),
Map.entry("contentId", "4465ebde-b381-45f7-ad08-7d818070a11c"),
Map.entry("description", "CrowdStrike Falcon Endpoint Protection Analytics Rule 1"),
Map.entry("kind", "AnalyticsRule"),
Map.entry("parentId", "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]"),
Map.entry("source", Map.ofEntries(
Map.entry("kind", "Solution"),
Map.entry("name", "str"),
Map.entry("sourceId", "str.azure-sentinel-solution-str")
)),
Map.entry("support", Map.ofEntries(
Map.entry("email", "support@microsoft.com"),
Map.entry("link", "https://support.microsoft.com/"),
Map.entry("name", "Microsoft Corporation"),
Map.entry("tier", "Microsoft")
)),
Map.entry("version", "1.0.0")
)),
Map.entry("type", "Microsoft.OperationalInsights/workspaces/providers/metadata")
))
))
.packageId("str.azure-sentinel-solution-str")
.packageKind("Solution")
.packageName("str")
.resourceGroupName("myRg")
.source(MetadataSourceArgs.builder()
.kind("Solution")
.name("str")
.sourceId("str.azure-sentinel-solution-str")
.build())
.support(MetadataSupportArgs.builder()
.email("support@microsoft.com")
.link("https://support.microsoft.com/")
.name("Microsoft Corporation")
.tier("Microsoft")
.build())
.templateId("str.azure-sentinel-solution-str")
.version("1.0.1")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
content_template = azure_native.securityinsights.ContentTemplate("contentTemplate",
author=azure_native.securityinsights.MetadataAuthorArgs(
email="support@microsoft.com",
name="Microsoft",
),
content_id="8365ebfe-a381-45b7-ad08-7d818070e11f",
content_kind=azure_native.securityinsights.Kind.ANALYTICS_RULE,
display_name="API Protection workbook template",
main_template={
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.1",
"resources": [
{
"apiVersion": "2022-04-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"name": "8365ebfe-a381-45b7-ad08-7d818070e11f",
"properties": {
"description": "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user",
"displayName": "Critical or High Severity Detections by User",
"enabled": False,
"query": "...",
"queryFrequency": "PT1H",
"queryPeriod": "PT1H",
"severity": "High",
"status": "Available",
"suppressionDuration": "PT1H",
"suppressionEnabled": False,
"triggerOperator": "GreaterThan",
"triggerThreshold": 0,
},
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
},
{
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]",
"properties": {
"author": {
"email": "support@microsoft.com",
"name": "Microsoft",
},
"contentId": "4465ebde-b381-45f7-ad08-7d818070a11c",
"description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1",
"kind": "AnalyticsRule",
"parentId": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]",
"source": {
"kind": "Solution",
"name": "str",
"sourceId": "str.azure-sentinel-solution-str",
},
"support": {
"email": "support@microsoft.com",
"link": "https://support.microsoft.com/",
"name": "Microsoft Corporation",
"tier": "Microsoft",
},
"version": "1.0.0",
},
"type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
},
],
},
package_id="str.azure-sentinel-solution-str",
package_kind=azure_native.securityinsights.PackageKind.SOLUTION,
package_name="str",
resource_group_name="myRg",
source=azure_native.securityinsights.MetadataSourceArgs(
kind=azure_native.securityinsights.SourceKind.SOLUTION,
name="str",
source_id="str.azure-sentinel-solution-str",
),
support=azure_native.securityinsights.MetadataSupportArgs(
email="support@microsoft.com",
link="https://support.microsoft.com/",
name="Microsoft Corporation",
tier=azure_native.securityinsights.SupportTier.MICROSOFT,
),
template_id="str.azure-sentinel-solution-str",
version="1.0.1",
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const contentTemplate = new azure_native.securityinsights.ContentTemplate("contentTemplate", {
author: {
email: "support@microsoft.com",
name: "Microsoft",
},
contentId: "8365ebfe-a381-45b7-ad08-7d818070e11f",
contentKind: azure_native.securityinsights.Kind.AnalyticsRule,
displayName: "API Protection workbook template",
mainTemplate: {
$schema: "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
contentVersion: "1.0.1",
resources: [
{
apiVersion: "2022-04-01-preview",
kind: "Scheduled",
location: "[parameters('workspace-location')]",
name: "8365ebfe-a381-45b7-ad08-7d818070e11f",
properties: {
description: "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user",
displayName: "Critical or High Severity Detections by User",
enabled: false,
query: "...",
queryFrequency: "PT1H",
queryPeriod: "PT1H",
severity: "High",
status: "Available",
suppressionDuration: "PT1H",
suppressionEnabled: false,
triggerOperator: "GreaterThan",
triggerThreshold: 0,
},
type: "Microsoft.SecurityInsights/AlertRuleTemplates",
},
{
apiVersion: "2022-01-01-preview",
name: "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]",
properties: {
author: {
email: "support@microsoft.com",
name: "Microsoft",
},
contentId: "4465ebde-b381-45f7-ad08-7d818070a11c",
description: "CrowdStrike Falcon Endpoint Protection Analytics Rule 1",
kind: "AnalyticsRule",
parentId: "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]",
source: {
kind: "Solution",
name: "str",
sourceId: "str.azure-sentinel-solution-str",
},
support: {
email: "support@microsoft.com",
link: "https://support.microsoft.com/",
name: "Microsoft Corporation",
tier: "Microsoft",
},
version: "1.0.0",
},
type: "Microsoft.OperationalInsights/workspaces/providers/metadata",
},
],
},
packageId: "str.azure-sentinel-solution-str",
packageKind: azure_native.securityinsights.PackageKind.Solution,
packageName: "str",
resourceGroupName: "myRg",
source: {
kind: azure_native.securityinsights.SourceKind.Solution,
name: "str",
sourceId: "str.azure-sentinel-solution-str",
},
support: {
email: "support@microsoft.com",
link: "https://support.microsoft.com/",
name: "Microsoft Corporation",
tier: azure_native.securityinsights.SupportTier.Microsoft,
},
templateId: "str.azure-sentinel-solution-str",
version: "1.0.1",
workspaceName: "myWorkspace",
});
resources:
contentTemplate:
type: azure-native:securityinsights:ContentTemplate
properties:
author:
email: support@microsoft.com
name: Microsoft
contentId: 8365ebfe-a381-45b7-ad08-7d818070e11f
contentKind: AnalyticsRule
displayName: API Protection workbook template
mainTemplate:
$schema: https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#
contentVersion: 1.0.1
resources:
- apiVersion: 2022-04-01-preview
kind: Scheduled
location: '[parameters(''workspace-location'')]'
name: 8365ebfe-a381-45b7-ad08-7d818070e11f
properties:
description: Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user
displayName: Critical or High Severity Detections by User
enabled: false
query: '...'
queryFrequency: PT1H
queryPeriod: PT1H
severity: High
status: Available
suppressionDuration: PT1H
suppressionEnabled: false
triggerOperator: GreaterThan
triggerThreshold: 0
type: Microsoft.SecurityInsights/AlertRuleTemplates
- apiVersion: 2022-01-01-preview
name: '[concat(parameters(''workspace''),''/Microsoft.SecurityInsights/'',concat(''AnalyticsRule-'', last(split([resourceId(''Microsoft.SecurityInsights/AlertRuleTemplates'', 8365ebfe-a381-45b7-ad08-7d818070e11f)],''/''))))]'
properties:
author:
email: support@microsoft.com
name: Microsoft
contentId: 4465ebde-b381-45f7-ad08-7d818070a11c
description: CrowdStrike Falcon Endpoint Protection Analytics Rule 1
kind: AnalyticsRule
parentId: '[resourceId(''Microsoft.SecurityInsights/AlertRuleTemplates'', 8365ebfe-a381-45b7-ad08-7d818070e11f)]'
source:
kind: Solution
name: str
sourceId: str.azure-sentinel-solution-str
support:
email: support@microsoft.com
link: https://support.microsoft.com/
name: Microsoft Corporation
tier: Microsoft
version: 1.0.0
type: Microsoft.OperationalInsights/workspaces/providers/metadata
packageId: str.azure-sentinel-solution-str
packageKind: Solution
packageName: str
resourceGroupName: myRg
source:
kind: Solution
name: str
sourceId: str.azure-sentinel-solution-str
support:
email: support@microsoft.com
link: https://support.microsoft.com/
name: Microsoft Corporation
tier: Microsoft
templateId: str.azure-sentinel-solution-str
version: 1.0.1
workspaceName: myWorkspace
Create ContentTemplate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ContentTemplate(name: string, args: ContentTemplateArgs, opts?: CustomResourceOptions);@overload
def ContentTemplate(resource_name: str,
args: ContentTemplateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ContentTemplate(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
content_id: Optional[str] = None,
package_id: Optional[str] = None,
version: Optional[str] = None,
source: Optional[MetadataSourceArgs] = None,
content_kind: Optional[Union[str, Kind]] = None,
workspace_name: Optional[str] = None,
display_name: Optional[str] = None,
package_kind: Optional[Union[str, PackageKind]] = None,
last_publish_date: Optional[str] = None,
author: Optional[MetadataAuthorArgs] = None,
providers: Optional[Sequence[str]] = None,
dependencies: Optional[MetadataDependenciesArgs] = None,
categories: Optional[MetadataCategoriesArgs] = None,
custom_version: Optional[str] = None,
icon: Optional[str] = None,
preview_images_dark: Optional[Sequence[str]] = None,
preview_images: Optional[Sequence[str]] = None,
main_template: Optional[Any] = None,
content_schema_version: Optional[str] = None,
support: Optional[MetadataSupportArgs] = None,
template_id: Optional[str] = None,
threat_analysis_tactics: Optional[Sequence[str]] = None,
threat_analysis_techniques: Optional[Sequence[str]] = None,
package_name: Optional[str] = None,
first_publish_date: Optional[str] = None)func NewContentTemplate(ctx *Context, name string, args ContentTemplateArgs, opts ...ResourceOption) (*ContentTemplate, error)public ContentTemplate(string name, ContentTemplateArgs args, CustomResourceOptions? opts = null)
public ContentTemplate(String name, ContentTemplateArgs args)
public ContentTemplate(String name, ContentTemplateArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:ContentTemplate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ContentTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ContentTemplateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ContentTemplateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ContentTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ContentTemplateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var contentTemplateResource = new AzureNative.SecurityInsights.ContentTemplate("contentTemplateResource", new()
{
ResourceGroupName = "string",
ContentId = "string",
PackageId = "string",
Version = "string",
Source = new AzureNative.SecurityInsights.Inputs.MetadataSourceArgs
{
Kind = "string",
Name = "string",
SourceId = "string",
},
ContentKind = "string",
WorkspaceName = "string",
DisplayName = "string",
PackageKind = "string",
LastPublishDate = "string",
Author = new AzureNative.SecurityInsights.Inputs.MetadataAuthorArgs
{
Email = "string",
Link = "string",
Name = "string",
},
Providers = new[]
{
"string",
},
Dependencies = new AzureNative.SecurityInsights.Inputs.MetadataDependenciesArgs
{
ContentId = "string",
Criteria = new[]
{
metadataDependencies,
},
Kind = "string",
Name = "string",
Operator = "string",
Version = "string",
},
Categories = new AzureNative.SecurityInsights.Inputs.MetadataCategoriesArgs
{
Domains = new[]
{
"string",
},
Verticals = new[]
{
"string",
},
},
CustomVersion = "string",
Icon = "string",
PreviewImagesDark = new[]
{
"string",
},
PreviewImages = new[]
{
"string",
},
MainTemplate = "any",
ContentSchemaVersion = "string",
Support = new AzureNative.SecurityInsights.Inputs.MetadataSupportArgs
{
Tier = "string",
Email = "string",
Link = "string",
Name = "string",
},
TemplateId = "string",
ThreatAnalysisTactics = new[]
{
"string",
},
ThreatAnalysisTechniques = new[]
{
"string",
},
PackageName = "string",
FirstPublishDate = "string",
});
example, err := securityinsights.NewContentTemplate(ctx, "contentTemplateResource", &securityinsights.ContentTemplateArgs{
ResourceGroupName: pulumi.String("string"),
ContentId: pulumi.String("string"),
PackageId: pulumi.String("string"),
Version: pulumi.String("string"),
Source: &securityinsights.MetadataSourceArgs{
Kind: pulumi.String("string"),
Name: pulumi.String("string"),
SourceId: pulumi.String("string"),
},
ContentKind: pulumi.String("string"),
WorkspaceName: pulumi.String("string"),
DisplayName: pulumi.String("string"),
PackageKind: pulumi.String("string"),
LastPublishDate: pulumi.String("string"),
Author: &securityinsights.MetadataAuthorArgs{
Email: pulumi.String("string"),
Link: pulumi.String("string"),
Name: pulumi.String("string"),
},
Providers: pulumi.StringArray{
pulumi.String("string"),
},
Dependencies: &securityinsights.MetadataDependenciesArgs{
ContentId: pulumi.String("string"),
Criteria: securityinsights.MetadataDependenciesArray{
metadataDependencies,
},
Kind: pulumi.String("string"),
Name: pulumi.String("string"),
Operator: pulumi.String("string"),
Version: pulumi.String("string"),
},
Categories: &securityinsights.MetadataCategoriesArgs{
Domains: pulumi.StringArray{
pulumi.String("string"),
},
Verticals: pulumi.StringArray{
pulumi.String("string"),
},
},
CustomVersion: pulumi.String("string"),
Icon: pulumi.String("string"),
PreviewImagesDark: pulumi.StringArray{
pulumi.String("string"),
},
PreviewImages: pulumi.StringArray{
pulumi.String("string"),
},
MainTemplate: pulumi.Any("any"),
ContentSchemaVersion: pulumi.String("string"),
Support: &securityinsights.MetadataSupportArgs{
Tier: pulumi.String("string"),
Email: pulumi.String("string"),
Link: pulumi.String("string"),
Name: pulumi.String("string"),
},
TemplateId: pulumi.String("string"),
ThreatAnalysisTactics: pulumi.StringArray{
pulumi.String("string"),
},
ThreatAnalysisTechniques: pulumi.StringArray{
pulumi.String("string"),
},
PackageName: pulumi.String("string"),
FirstPublishDate: pulumi.String("string"),
})
var contentTemplateResource = new ContentTemplate("contentTemplateResource", ContentTemplateArgs.builder()
.resourceGroupName("string")
.contentId("string")
.packageId("string")
.version("string")
.source(MetadataSourceArgs.builder()
.kind("string")
.name("string")
.sourceId("string")
.build())
.contentKind("string")
.workspaceName("string")
.displayName("string")
.packageKind("string")
.lastPublishDate("string")
.author(MetadataAuthorArgs.builder()
.email("string")
.link("string")
.name("string")
.build())
.providers("string")
.dependencies(MetadataDependenciesArgs.builder()
.contentId("string")
.criteria(metadataDependencies)
.kind("string")
.name("string")
.operator("string")
.version("string")
.build())
.categories(MetadataCategoriesArgs.builder()
.domains("string")
.verticals("string")
.build())
.customVersion("string")
.icon("string")
.previewImagesDark("string")
.previewImages("string")
.mainTemplate("any")
.contentSchemaVersion("string")
.support(MetadataSupportArgs.builder()
.tier("string")
.email("string")
.link("string")
.name("string")
.build())
.templateId("string")
.threatAnalysisTactics("string")
.threatAnalysisTechniques("string")
.packageName("string")
.firstPublishDate("string")
.build());
content_template_resource = azure_native.securityinsights.ContentTemplate("contentTemplateResource",
resource_group_name="string",
content_id="string",
package_id="string",
version="string",
source=azure_native.securityinsights.MetadataSourceArgs(
kind="string",
name="string",
source_id="string",
),
content_kind="string",
workspace_name="string",
display_name="string",
package_kind="string",
last_publish_date="string",
author=azure_native.securityinsights.MetadataAuthorArgs(
email="string",
link="string",
name="string",
),
providers=["string"],
dependencies=azure_native.securityinsights.MetadataDependenciesArgs(
content_id="string",
criteria=[metadata_dependencies],
kind="string",
name="string",
operator="string",
version="string",
),
categories=azure_native.securityinsights.MetadataCategoriesArgs(
domains=["string"],
verticals=["string"],
),
custom_version="string",
icon="string",
preview_images_dark=["string"],
preview_images=["string"],
main_template="any",
content_schema_version="string",
support=azure_native.securityinsights.MetadataSupportArgs(
tier="string",
email="string",
link="string",
name="string",
),
template_id="string",
threat_analysis_tactics=["string"],
threat_analysis_techniques=["string"],
package_name="string",
first_publish_date="string")
const contentTemplateResource = new azure_native.securityinsights.ContentTemplate("contentTemplateResource", {
resourceGroupName: "string",
contentId: "string",
packageId: "string",
version: "string",
source: {
kind: "string",
name: "string",
sourceId: "string",
},
contentKind: "string",
workspaceName: "string",
displayName: "string",
packageKind: "string",
lastPublishDate: "string",
author: {
email: "string",
link: "string",
name: "string",
},
providers: ["string"],
dependencies: {
contentId: "string",
criteria: [metadataDependencies],
kind: "string",
name: "string",
operator: "string",
version: "string",
},
categories: {
domains: ["string"],
verticals: ["string"],
},
customVersion: "string",
icon: "string",
previewImagesDark: ["string"],
previewImages: ["string"],
mainTemplate: "any",
contentSchemaVersion: "string",
support: {
tier: "string",
email: "string",
link: "string",
name: "string",
},
templateId: "string",
threatAnalysisTactics: ["string"],
threatAnalysisTechniques: ["string"],
packageName: "string",
firstPublishDate: "string",
});
type: azure-native:securityinsights:ContentTemplate
properties:
author:
email: string
link: string
name: string
categories:
domains:
- string
verticals:
- string
contentId: string
contentKind: string
contentSchemaVersion: string
customVersion: string
dependencies:
contentId: string
criteria:
- ${metadataDependencies}
kind: string
name: string
operator: string
version: string
displayName: string
firstPublishDate: string
icon: string
lastPublishDate: string
mainTemplate: any
packageId: string
packageKind: string
packageName: string
previewImages:
- string
previewImagesDark:
- string
providers:
- string
resourceGroupName: string
source:
kind: string
name: string
sourceId: string
support:
email: string
link: string
name: string
tier: string
templateId: string
threatAnalysisTactics:
- string
threatAnalysisTechniques:
- string
version: string
workspaceName: string
ContentTemplate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ContentTemplate resource accepts the following input properties:
- Content
Id string - Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name
- Content
Kind string | Pulumi.Azure Native. Security Insights. Kind - The kind of content the template is for.
- Display
Name string - The display name of the template
- Package
Id string - the package Id contains this template
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Source
Pulumi.
Azure Native. Security Insights. Inputs. Metadata Source - Source of the content. This is where/how it was created.
- Version string
- Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks
- Workspace
Name string - The name of the workspace.
-
Pulumi.
Azure Native. Security Insights. Inputs. Metadata Author - The creator of the content item.
- Categories
Pulumi.
Azure Native. Security Insights. Inputs. Metadata Categories - Categories for the item
- Content
Schema stringVersion - Schema version of the content. Can be used to distinguish between different flow based on the schema version
- Custom
Version string - The custom version of the content. A optional free text
- Dependencies
Pulumi.
Azure Native. Security Insights. Inputs. Metadata Dependencies - Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.
- First
Publish stringDate - first publish date content item
- Icon string
- the icon identifier. this id can later be fetched from the content metadata
- Last
Publish stringDate - last publish date for the content item
- Main
Template object - The JSON of the ARM template to deploy active content
- Package
Kind string | Pulumi.Azure Native. Security Insights. Package Kind - the packageKind of the package contains this template
- Package
Name string - the name of the package contains this template
- Preview
Images List<string> - preview image file names. These will be taken from the solution artifacts
- Preview
Images List<string>Dark - preview image file names. These will be taken from the solution artifacts. used for dark theme support
- Providers List<string>
- Providers for the content item
- Support
Pulumi.
Azure Native. Security Insights. Inputs. Metadata Support - Support information for the template - type, name, contact information
- Template
Id string - template Id
- Threat
Analysis List<string>Tactics - the tactics the resource covers
- Threat
Analysis List<string>Techniques - the techniques the resource covers, these have to be aligned with the tactics being used
- Content
Id string - Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name
- Content
Kind string | Kind - The kind of content the template is for.
- Display
Name string - The display name of the template
- Package
Id string - the package Id contains this template
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Source
Metadata
Source Args - Source of the content. This is where/how it was created.
- Version string
- Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks
- Workspace
Name string - The name of the workspace.
-
Metadata
Author Args - The creator of the content item.
- Categories
Metadata
Categories Args - Categories for the item
- Content
Schema stringVersion - Schema version of the content. Can be used to distinguish between different flow based on the schema version
- Custom
Version string - The custom version of the content. A optional free text
- Dependencies
Metadata
Dependencies Args - Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.
- First
Publish stringDate - first publish date content item
- Icon string
- the icon identifier. this id can later be fetched from the content metadata
- Last
Publish stringDate - last publish date for the content item
- Main
Template interface{} - The JSON of the ARM template to deploy active content
- Package
Kind string | PackageKind - the packageKind of the package contains this template
- Package
Name string - the name of the package contains this template
- Preview
Images []string - preview image file names. These will be taken from the solution artifacts
- Preview
Images []stringDark - preview image file names. These will be taken from the solution artifacts. used for dark theme support
- Providers []string
- Providers for the content item
- Support
Metadata
Support Args - Support information for the template - type, name, contact information
- Template
Id string - template Id
- Threat
Analysis []stringTactics - the tactics the resource covers
- Threat
Analysis []stringTechniques - the techniques the resource covers, these have to be aligned with the tactics being used
- content
Id String - Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name
- content
Kind String | Kind - The kind of content the template is for.
- display
Name String - The display name of the template
- package
Id String - the package Id contains this template
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- source
Metadata
Source - Source of the content. This is where/how it was created.
- version String
- Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks
- workspace
Name String - The name of the workspace.
-
Metadata
Author - The creator of the content item.
- categories
Metadata
Categories - Categories for the item
- content
Schema StringVersion - Schema version of the content. Can be used to distinguish between different flow based on the schema version
- custom
Version String - The custom version of the content. A optional free text
- dependencies
Metadata
Dependencies - Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.
- first
Publish StringDate - first publish date content item
- icon String
- the icon identifier. this id can later be fetched from the content metadata
- last
Publish StringDate - last publish date for the content item
- main
Template Object - The JSON of the ARM template to deploy active content
- package
Kind String | PackageKind - the packageKind of the package contains this template
- package
Name String - the name of the package contains this template
- preview
Images List<String> - preview image file names. These will be taken from the solution artifacts
- preview
Images List<String>Dark - preview image file names. These will be taken from the solution artifacts. used for dark theme support
- providers List<String>
- Providers for the content item
- support
Metadata
Support - Support information for the template - type, name, contact information
- template
Id String - template Id
- threat
Analysis List<String>Tactics - the tactics the resource covers
- threat
Analysis List<String>Techniques - the techniques the resource covers, these have to be aligned with the tactics being used
- content
Id string - Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name
- content
Kind string | Kind - The kind of content the template is for.
- display
Name string - The display name of the template
- package
Id string - the package Id contains this template
- resource
Group stringName - The name of the resource group. The name is case insensitive.
- source
Metadata
Source - Source of the content. This is where/how it was created.
- version string
- Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks
- workspace
Name string - The name of the workspace.
-
Metadata
Author - The creator of the content item.
- categories
Metadata
Categories - Categories for the item
- content
Schema stringVersion - Schema version of the content. Can be used to distinguish between different flow based on the schema version
- custom
Version string - The custom version of the content. A optional free text
- dependencies
Metadata
Dependencies - Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.
- first
Publish stringDate - first publish date content item
- icon string
- the icon identifier. this id can later be fetched from the content metadata
- last
Publish stringDate - last publish date for the content item
- main
Template any - The JSON of the ARM template to deploy active content
- package
Kind string | PackageKind - the packageKind of the package contains this template
- package
Name string - the name of the package contains this template
- preview
Images string[] - preview image file names. These will be taken from the solution artifacts
- preview
Images string[]Dark - preview image file names. These will be taken from the solution artifacts. used for dark theme support
- providers string[]
- Providers for the content item
- support
Metadata
Support - Support information for the template - type, name, contact information
- template
Id string - template Id
- threat
Analysis string[]Tactics - the tactics the resource covers
- threat
Analysis string[]Techniques - the techniques the resource covers, these have to be aligned with the tactics being used
- content_
id str - Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name
- content_
kind str | Kind - The kind of content the template is for.
- display_
name str - The display name of the template
- package_
id str - the package Id contains this template
- resource_
group_ strname - The name of the resource group. The name is case insensitive.
- source
Metadata
Source Args - Source of the content. This is where/how it was created.
- version str
- Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks
- workspace_
name str - The name of the workspace.
-
Metadata
Author Args - The creator of the content item.
- categories
Metadata
Categories Args - Categories for the item
- content_
schema_ strversion - Schema version of the content. Can be used to distinguish between different flow based on the schema version
- custom_
version str - The custom version of the content. A optional free text
- dependencies
Metadata
Dependencies Args - Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.
- first_
publish_ strdate - first publish date content item
- icon str
- the icon identifier. this id can later be fetched from the content metadata
- last_
publish_ strdate - last publish date for the content item
- main_
template Any - The JSON of the ARM template to deploy active content
- package_
kind str | PackageKind - the packageKind of the package contains this template
- package_
name str - the name of the package contains this template
- preview_
images Sequence[str] - preview image file names. These will be taken from the solution artifacts
- preview_
images_ Sequence[str]dark - preview image file names. These will be taken from the solution artifacts. used for dark theme support
- providers Sequence[str]
- Providers for the content item
- support
Metadata
Support Args - Support information for the template - type, name, contact information
- template_
id str - template Id
- threat_
analysis_ Sequence[str]tactics - the tactics the resource covers
- threat_
analysis_ Sequence[str]techniques - the techniques the resource covers, these have to be aligned with the tactics being used
- content
Id String - Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name
- content
Kind String | "DataConnector" | "Data Type" | "Workbook" | "Workbook Template" | "Playbook" | "Playbook Template" | "Analytics Rule Template" | "Analytics Rule" | "Hunting Query" | "Investigation Query" | "Parser" | "Watchlist" | "Watchlist Template" | "Solution" | "Azure Function" | "Logic Apps Custom Connector" | "Automation Rule" - The kind of content the template is for.
- display
Name String - The display name of the template
- package
Id String - the package Id contains this template
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- source Property Map
- Source of the content. This is where/how it was created.
- version String
- Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks
- workspace
Name String - The name of the workspace.
- Property Map
- The creator of the content item.
- categories Property Map
- Categories for the item
- content
Schema StringVersion - Schema version of the content. Can be used to distinguish between different flow based on the schema version
- custom
Version String - The custom version of the content. A optional free text
- dependencies Property Map
- Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.
- first
Publish StringDate - first publish date content item
- icon String
- the icon identifier. this id can later be fetched from the content metadata
- last
Publish StringDate - last publish date for the content item
- main
Template Any - The JSON of the ARM template to deploy active content
- package
Kind String | "Solution" | "Standalone" - the packageKind of the package contains this template
- package
Name String - the name of the package contains this template
- preview
Images List<String> - preview image file names. These will be taken from the solution artifacts
- preview
Images List<String>Dark - preview image file names. These will be taken from the solution artifacts. used for dark theme support
- providers List<String>
- Providers for the content item
- support Property Map
- Support information for the template - type, name, contact information
- template
Id String - template Id
- threat
Analysis List<String>Tactics - the tactics the resource covers
- threat
Analysis List<String>Techniques - the techniques the resource covers, these have to be aligned with the tactics being used
Outputs
All input properties are implicitly available as output properties. Additionally, the ContentTemplate resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name of the resource
- System
Data Pulumi.Azure Native. Security Insights. Outputs. System Data Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
- Etag of the azure resource
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name of the resource
- System
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
- Etag of the azure resource
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name of the resource
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
- Etag of the azure resource
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The name of the resource
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag string
- Etag of the azure resource
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The name of the resource
- system_
data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type str
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag str
- Etag of the azure resource
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name of the resource
- system
Data Property Map - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
- Etag of the azure resource
Supporting Types
Kind, KindArgs
- Data
Connector - DataConnector
- Data
Type - DataType
- Workbook
- Workbook
- Workbook
Template - WorkbookTemplate
- Playbook
- Playbook
- Playbook
Template - PlaybookTemplate
- Analytics
Rule Template - AnalyticsRuleTemplate
- Analytics
Rule - AnalyticsRule
- Hunting
Query - HuntingQuery
- Investigation
Query - InvestigationQuery
- Parser
- Parser
- Watchlist
- Watchlist
- Watchlist
Template - WatchlistTemplate
- Solution
- Solution
- Azure
Function - AzureFunction
- Logic
Apps Custom Connector - LogicAppsCustomConnector
- Automation
Rule - AutomationRule
- Kind
Data Connector - DataConnector
- Kind
Data Type - DataType
- Kind
Workbook - Workbook
- Kind
Workbook Template - WorkbookTemplate
- Kind
Playbook - Playbook
- Kind
Playbook Template - PlaybookTemplate
- Kind
Analytics Rule Template - AnalyticsRuleTemplate
- Kind
Analytics Rule - AnalyticsRule
- Kind
Hunting Query - HuntingQuery
- Kind
Investigation Query - InvestigationQuery
- Kind
Parser - Parser
- Kind
Watchlist - Watchlist
- Kind
Watchlist Template - WatchlistTemplate
- Kind
Solution - Solution
- Kind
Azure Function - AzureFunction
- Kind
Logic Apps Custom Connector - LogicAppsCustomConnector
- Kind
Automation Rule - AutomationRule
- Data
Connector - DataConnector
- Data
Type - DataType
- Workbook
- Workbook
- Workbook
Template - WorkbookTemplate
- Playbook
- Playbook
- Playbook
Template - PlaybookTemplate
- Analytics
Rule Template - AnalyticsRuleTemplate
- Analytics
Rule - AnalyticsRule
- Hunting
Query - HuntingQuery
- Investigation
Query - InvestigationQuery
- Parser
- Parser
- Watchlist
- Watchlist
- Watchlist
Template - WatchlistTemplate
- Solution
- Solution
- Azure
Function - AzureFunction
- Logic
Apps Custom Connector - LogicAppsCustomConnector
- Automation
Rule - AutomationRule
- Data
Connector - DataConnector
- Data
Type - DataType
- Workbook
- Workbook
- Workbook
Template - WorkbookTemplate
- Playbook
- Playbook
- Playbook
Template - PlaybookTemplate
- Analytics
Rule Template - AnalyticsRuleTemplate
- Analytics
Rule - AnalyticsRule
- Hunting
Query - HuntingQuery
- Investigation
Query - InvestigationQuery
- Parser
- Parser
- Watchlist
- Watchlist
- Watchlist
Template - WatchlistTemplate
- Solution
- Solution
- Azure
Function - AzureFunction
- Logic
Apps Custom Connector - LogicAppsCustomConnector
- Automation
Rule - AutomationRule
- DATA_CONNECTOR
- DataConnector
- DATA_TYPE
- DataType
- WORKBOOK
- Workbook
- WORKBOOK_TEMPLATE
- WorkbookTemplate
- PLAYBOOK
- Playbook
- PLAYBOOK_TEMPLATE
- PlaybookTemplate
- ANALYTICS_RULE_TEMPLATE
- AnalyticsRuleTemplate
- ANALYTICS_RULE
- AnalyticsRule
- HUNTING_QUERY
- HuntingQuery
- INVESTIGATION_QUERY
- InvestigationQuery
- PARSER
- Parser
- WATCHLIST
- Watchlist
- WATCHLIST_TEMPLATE
- WatchlistTemplate
- SOLUTION
- Solution
- AZURE_FUNCTION
- AzureFunction
- LOGIC_APPS_CUSTOM_CONNECTOR
- LogicAppsCustomConnector
- AUTOMATION_RULE
- AutomationRule
- "Data
Connector" - DataConnector
- "Data
Type" - DataType
- "Workbook"
- Workbook
- "Workbook
Template" - WorkbookTemplate
- "Playbook"
- Playbook
- "Playbook
Template" - PlaybookTemplate
- "Analytics
Rule Template" - AnalyticsRuleTemplate
- "Analytics
Rule" - AnalyticsRule
- "Hunting
Query" - HuntingQuery
- "Investigation
Query" - InvestigationQuery
- "Parser"
- Parser
- "Watchlist"
- Watchlist
- "Watchlist
Template" - WatchlistTemplate
- "Solution"
- Solution
- "Azure
Function" - AzureFunction
- "Logic
Apps Custom Connector" - LogicAppsCustomConnector
- "Automation
Rule" - AutomationRule
MetadataAuthor, MetadataAuthorArgs
MetadataAuthorResponse, MetadataAuthorResponseArgs
MetadataCategories, MetadataCategoriesArgs
MetadataCategoriesResponse, MetadataCategoriesResponseArgs
MetadataDependencies, MetadataDependenciesArgs
- Content
Id string - Id of the content item we depend on
- Criteria
List<Pulumi.
Azure Native. Security Insights. Inputs. Metadata Dependencies> - This is the list of dependencies we must fulfill, according to the AND/OR operator
- Kind
string | Pulumi.
Azure Native. Security Insights. Kind - Type of the content item we depend on
- Name string
- Name of the content item
- Operator
string | Pulumi.
Azure Native. Security Insights. Operator - Operator used for list of dependencies in criteria array.
- Version string
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
- Content
Id string - Id of the content item we depend on
- Criteria
[]Metadata
Dependencies - This is the list of dependencies we must fulfill, according to the AND/OR operator
- Kind string | Kind
- Type of the content item we depend on
- Name string
- Name of the content item
- Operator string | Operator
- Operator used for list of dependencies in criteria array.
- Version string
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
- content
Id String - Id of the content item we depend on
- criteria
List<Metadata
Dependencies> - This is the list of dependencies we must fulfill, according to the AND/OR operator
- kind String | Kind
- Type of the content item we depend on
- name String
- Name of the content item
- operator String | Operator
- Operator used for list of dependencies in criteria array.
- version String
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
- content
Id string - Id of the content item we depend on
- criteria
Metadata
Dependencies[] - This is the list of dependencies we must fulfill, according to the AND/OR operator
- kind string | Kind
- Type of the content item we depend on
- name string
- Name of the content item
- operator string | Operator
- Operator used for list of dependencies in criteria array.
- version string
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
- content_
id str - Id of the content item we depend on
- criteria
Sequence[Metadata
Dependencies] - This is the list of dependencies we must fulfill, according to the AND/OR operator
- kind str | Kind
- Type of the content item we depend on
- name str
- Name of the content item
- operator str | Operator
- Operator used for list of dependencies in criteria array.
- version str
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
- content
Id String - Id of the content item we depend on
- criteria List<Property Map>
- This is the list of dependencies we must fulfill, according to the AND/OR operator
- kind
String | "Data
Connector" | "Data Type" | "Workbook" | "Workbook Template" | "Playbook" | "Playbook Template" | "Analytics Rule Template" | "Analytics Rule" | "Hunting Query" | "Investigation Query" | "Parser" | "Watchlist" | "Watchlist Template" | "Solution" | "Azure Function" | "Logic Apps Custom Connector" | "Automation Rule" - Type of the content item we depend on
- name String
- Name of the content item
- operator String | "AND" | "OR"
- Operator used for list of dependencies in criteria array.
- version String
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
MetadataDependenciesResponse, MetadataDependenciesResponseArgs
- Content
Id string - Id of the content item we depend on
- Criteria
List<Pulumi.
Azure Native. Security Insights. Inputs. Metadata Dependencies Response> - This is the list of dependencies we must fulfill, according to the AND/OR operator
- Kind string
- Type of the content item we depend on
- Name string
- Name of the content item
- Operator string
- Operator used for list of dependencies in criteria array.
- Version string
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
- Content
Id string - Id of the content item we depend on
- Criteria
[]Metadata
Dependencies Response - This is the list of dependencies we must fulfill, according to the AND/OR operator
- Kind string
- Type of the content item we depend on
- Name string
- Name of the content item
- Operator string
- Operator used for list of dependencies in criteria array.
- Version string
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
- content
Id String - Id of the content item we depend on
- criteria
List<Metadata
Dependencies Response> - This is the list of dependencies we must fulfill, according to the AND/OR operator
- kind String
- Type of the content item we depend on
- name String
- Name of the content item
- operator String
- Operator used for list of dependencies in criteria array.
- version String
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
- content
Id string - Id of the content item we depend on
- criteria
Metadata
Dependencies Response[] - This is the list of dependencies we must fulfill, according to the AND/OR operator
- kind string
- Type of the content item we depend on
- name string
- Name of the content item
- operator string
- Operator used for list of dependencies in criteria array.
- version string
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
- content_
id str - Id of the content item we depend on
- criteria
Sequence[Metadata
Dependencies Response] - This is the list of dependencies we must fulfill, according to the AND/OR operator
- kind str
- Type of the content item we depend on
- name str
- Name of the content item
- operator str
- Operator used for list of dependencies in criteria array.
- version str
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
- content
Id String - Id of the content item we depend on
- criteria List<Property Map>
- This is the list of dependencies we must fulfill, according to the AND/OR operator
- kind String
- Type of the content item we depend on
- name String
- Name of the content item
- operator String
- Operator used for list of dependencies in criteria array.
- version String
- Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.
MetadataSource, MetadataSourceArgs
- Kind
string | Pulumi.
Azure Native. Security Insights. Source Kind - Source type of the content
- Name string
- Name of the content source. The repo name, solution name, LA workspace name etc.
- Source
Id string - ID of the content source. The solution ID, workspace ID, etc
- Kind
string | Source
Kind - Source type of the content
- Name string
- Name of the content source. The repo name, solution name, LA workspace name etc.
- Source
Id string - ID of the content source. The solution ID, workspace ID, etc
- kind
String | Source
Kind - Source type of the content
- name String
- Name of the content source. The repo name, solution name, LA workspace name etc.
- source
Id String - ID of the content source. The solution ID, workspace ID, etc
- kind
string | Source
Kind - Source type of the content
- name string
- Name of the content source. The repo name, solution name, LA workspace name etc.
- source
Id string - ID of the content source. The solution ID, workspace ID, etc
- kind
str | Source
Kind - Source type of the content
- name str
- Name of the content source. The repo name, solution name, LA workspace name etc.
- source_
id str - ID of the content source. The solution ID, workspace ID, etc
- kind
String | "Local
Workspace" | "Community" | "Solution" | "Source Repository" - Source type of the content
- name String
- Name of the content source. The repo name, solution name, LA workspace name etc.
- source
Id String - ID of the content source. The solution ID, workspace ID, etc
MetadataSourceResponse, MetadataSourceResponseArgs
MetadataSupport, MetadataSupportArgs
- Tier
string | Pulumi.
Azure Native. Security Insights. Support Tier - Type of support for content item
- Email string
- Email of support contact
- Link string
- Link for support help, like to support page to open a ticket etc.
- Name string
- Name of the support contact. Company or person.
- Tier
string | Support
Tier - Type of support for content item
- Email string
- Email of support contact
- Link string
- Link for support help, like to support page to open a ticket etc.
- Name string
- Name of the support contact. Company or person.
- tier
String | Support
Tier - Type of support for content item
- email String
- Email of support contact
- link String
- Link for support help, like to support page to open a ticket etc.
- name String
- Name of the support contact. Company or person.
- tier
string | Support
Tier - Type of support for content item
- email string
- Email of support contact
- link string
- Link for support help, like to support page to open a ticket etc.
- name string
- Name of the support contact. Company or person.
- tier
str | Support
Tier - Type of support for content item
- email str
- Email of support contact
- link str
- Link for support help, like to support page to open a ticket etc.
- name str
- Name of the support contact. Company or person.
- tier String | "Microsoft" | "Partner" | "Community"
- Type of support for content item
- email String
- Email of support contact
- link String
- Link for support help, like to support page to open a ticket etc.
- name String
- Name of the support contact. Company or person.
MetadataSupportResponse, MetadataSupportResponseArgs
Operator, OperatorArgs
- AND
- AND
- OR
- OR
- Operator
AND - AND
- Operator
OR - OR
- AND
- AND
- OR
- OR
- AND
- AND
- OR
- OR
- AND_
- AND
- OR_
- OR
- "AND"
- AND
- "OR"
- OR
PackageKind, PackageKindArgs
- Solution
- Solution
- Standalone
- Standalone
- Package
Kind Solution - Solution
- Package
Kind Standalone - Standalone
- Solution
- Solution
- Standalone
- Standalone
- Solution
- Solution
- Standalone
- Standalone
- SOLUTION
- Solution
- STANDALONE
- Standalone
- "Solution"
- Solution
- "Standalone"
- Standalone
SourceKind, SourceKindArgs
- Local
Workspace - LocalWorkspace
- Community
- Community
- Solution
- Solution
- Source
Repository - SourceRepository
- Source
Kind Local Workspace - LocalWorkspace
- Source
Kind Community - Community
- Source
Kind Solution - Solution
- Source
Kind Source Repository - SourceRepository
- Local
Workspace - LocalWorkspace
- Community
- Community
- Solution
- Solution
- Source
Repository - SourceRepository
- Local
Workspace - LocalWorkspace
- Community
- Community
- Solution
- Solution
- Source
Repository - SourceRepository
- LOCAL_WORKSPACE
- LocalWorkspace
- COMMUNITY
- Community
- SOLUTION
- Solution
- SOURCE_REPOSITORY
- SourceRepository
- "Local
Workspace" - LocalWorkspace
- "Community"
- Community
- "Solution"
- Solution
- "Source
Repository" - SourceRepository
SupportTier, SupportTierArgs
- Microsoft
- Microsoft
- Partner
- Partner
- Community
- Community
- Support
Tier Microsoft - Microsoft
- Support
Tier Partner - Partner
- Support
Tier Community - Community
- Microsoft
- Microsoft
- Partner
- Partner
- Community
- Community
- Microsoft
- Microsoft
- Partner
- Partner
- Community
- Community
- MICROSOFT
- Microsoft
- PARTNER
- Partner
- COMMUNITY
- Community
- "Microsoft"
- Microsoft
- "Partner"
- Partner
- "Community"
- Community
SystemDataResponse, SystemDataResponseArgs
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
- created
At string - The timestamp of resource creation (UTC).
- created
By string - The identity that created the resource.
- created
By stringType - The type of identity that created the resource.
- last
Modified stringAt - The timestamp of resource last modification (UTC)
- last
Modified stringBy - The identity that last modified the resource.
- last
Modified stringBy Type - The type of identity that last modified the resource.
- created_
at str - The timestamp of resource creation (UTC).
- created_
by str - The identity that created the resource.
- created_
by_ strtype - The type of identity that created the resource.
- last_
modified_ strat - The timestamp of resource last modification (UTC)
- last_
modified_ strby - The identity that last modified the resource.
- last_
modified_ strby_ type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:ContentTemplate azuresentinel.azure-sentinel-solution-ciscoumbrella /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi