com.pulumi.azure.sentinel.kotlin.ThreatIntelligenceIndicator.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-azure-kotlin Show documentation
Show all versions of pulumi-azure-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.azure.sentinel.kotlin
import com.pulumi.azure.sentinel.kotlin.outputs.ThreatIntelligenceIndicatorExternalReference
import com.pulumi.azure.sentinel.kotlin.outputs.ThreatIntelligenceIndicatorGranularMarking
import com.pulumi.azure.sentinel.kotlin.outputs.ThreatIntelligenceIndicatorKillChainPhase
import com.pulumi.azure.sentinel.kotlin.outputs.ThreatIntelligenceIndicatorParsedPattern
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import com.pulumi.azure.sentinel.kotlin.outputs.ThreatIntelligenceIndicatorExternalReference.Companion.toKotlin as threatIntelligenceIndicatorExternalReferenceToKotlin
import com.pulumi.azure.sentinel.kotlin.outputs.ThreatIntelligenceIndicatorGranularMarking.Companion.toKotlin as threatIntelligenceIndicatorGranularMarkingToKotlin
import com.pulumi.azure.sentinel.kotlin.outputs.ThreatIntelligenceIndicatorKillChainPhase.Companion.toKotlin as threatIntelligenceIndicatorKillChainPhaseToKotlin
import com.pulumi.azure.sentinel.kotlin.outputs.ThreatIntelligenceIndicatorParsedPattern.Companion.toKotlin as threatIntelligenceIndicatorParsedPatternToKotlin
/**
* Builder for [ThreatIntelligenceIndicator].
*/
@PulumiTagMarker
public class ThreatIntelligenceIndicatorResourceBuilder internal constructor() {
public var name: String? = null
public var args: ThreatIntelligenceIndicatorArgs = ThreatIntelligenceIndicatorArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend ThreatIntelligenceIndicatorArgsBuilder.() -> Unit) {
val builder = ThreatIntelligenceIndicatorArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): ThreatIntelligenceIndicator {
val builtJavaResource =
com.pulumi.azure.sentinel.ThreatIntelligenceIndicator(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return ThreatIntelligenceIndicator(builtJavaResource)
}
}
/**
* Manages a Sentinel Threat Intelligence Indicator.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const example = new azure.core.ResourceGroup("example", {
* name: "example-rg",
* location: "east us",
* });
* const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
* name: "example-law",
* location: example.location,
* resourceGroupName: example.name,
* sku: "PerGB2018",
* retentionInDays: 30,
* });
* const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", {
* resourceGroupName: example.name,
* workspaceName: exampleAnalyticsWorkspace.name,
* });
* const exampleThreatIntelligenceIndicator = new azure.sentinel.ThreatIntelligenceIndicator("example", {
* workspaceId: exampleAnalyticsWorkspace.id,
* patternType: "domain-name",
* pattern: "http://example.com",
* source: "Microsoft Sentinel",
* validateFromUtc: "2022-12-14T16:00:00Z",
* displayName: "example-indicator",
* }, {
* dependsOn: [test],
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* example = azure.core.ResourceGroup("example",
* name="example-rg",
* location="east us")
* example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
* name="example-law",
* location=example.location,
* resource_group_name=example.name,
* sku="PerGB2018",
* retention_in_days=30)
* example_log_analytics_workspace_onboarding = azure.sentinel.LogAnalyticsWorkspaceOnboarding("example",
* resource_group_name=example.name,
* workspace_name=example_analytics_workspace.name)
* example_threat_intelligence_indicator = azure.sentinel.ThreatIntelligenceIndicator("example",
* workspace_id=example_analytics_workspace.id,
* pattern_type="domain-name",
* pattern="http://example.com",
* source="Microsoft Sentinel",
* validate_from_utc="2022-12-14T16:00:00Z",
* display_name="example-indicator",
* opts = pulumi.ResourceOptions(depends_on=[test]))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var example = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example-rg",
* Location = "east us",
* });
* var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
* {
* Name = "example-law",
* Location = example.Location,
* ResourceGroupName = example.Name,
* Sku = "PerGB2018",
* RetentionInDays = 30,
* });
* var exampleLogAnalyticsWorkspaceOnboarding = new Azure.Sentinel.LogAnalyticsWorkspaceOnboarding("example", new()
* {
* ResourceGroupName = example.Name,
* WorkspaceName = exampleAnalyticsWorkspace.Name,
* });
* var exampleThreatIntelligenceIndicator = new Azure.Sentinel.ThreatIntelligenceIndicator("example", new()
* {
* WorkspaceId = exampleAnalyticsWorkspace.Id,
* PatternType = "domain-name",
* Pattern = "http://example.com",
* Source = "Microsoft Sentinel",
* ValidateFromUtc = "2022-12-14T16:00:00Z",
* DisplayName = "example-indicator",
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* test,
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example-rg"),
* Location: pulumi.String("east us"),
* })
* if err != nil {
* return err
* }
* exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
* Name: pulumi.String("example-law"),
* Location: example.Location,
* ResourceGroupName: example.Name,
* Sku: pulumi.String("PerGB2018"),
* RetentionInDays: pulumi.Int(30),
* })
* if err != nil {
* return err
* }
* _, err = sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
* ResourceGroupName: example.Name,
* WorkspaceName: exampleAnalyticsWorkspace.Name,
* })
* if err != nil {
* return err
* }
* _, err = sentinel.NewThreatIntelligenceIndicator(ctx, "example", &sentinel.ThreatIntelligenceIndicatorArgs{
* WorkspaceId: exampleAnalyticsWorkspace.ID(),
* PatternType: pulumi.String("domain-name"),
* Pattern: pulumi.String("http://example.com"),
* Source: pulumi.String("Microsoft Sentinel"),
* ValidateFromUtc: pulumi.String("2022-12-14T16:00:00Z"),
* DisplayName: pulumi.String("example-indicator"),
* }, pulumi.DependsOn([]pulumi.Resource{
* test,
* }))
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
* import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
* import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
* import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
* import com.pulumi.azure.sentinel.ThreatIntelligenceIndicator;
* import com.pulumi.azure.sentinel.ThreatIntelligenceIndicatorArgs;
* import com.pulumi.resources.CustomResourceOptions;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example-rg")
* .location("east us")
* .build());
* var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
* .name("example-law")
* .location(example.location())
* .resourceGroupName(example.name())
* .sku("PerGB2018")
* .retentionInDays(30)
* .build());
* var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()
* .resourceGroupName(example.name())
* .workspaceName(exampleAnalyticsWorkspace.name())
* .build());
* var exampleThreatIntelligenceIndicator = new ThreatIntelligenceIndicator("exampleThreatIntelligenceIndicator", ThreatIntelligenceIndicatorArgs.builder()
* .workspaceId(exampleAnalyticsWorkspace.id())
* .patternType("domain-name")
* .pattern("http://example.com")
* .source("Microsoft Sentinel")
* .validateFromUtc("2022-12-14T16:00:00Z")
* .displayName("example-indicator")
* .build(), CustomResourceOptions.builder()
* .dependsOn(test)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: azure:core:ResourceGroup
* properties:
* name: example-rg
* location: east us
* exampleAnalyticsWorkspace:
* type: azure:operationalinsights:AnalyticsWorkspace
* name: example
* properties:
* name: example-law
* location: ${example.location}
* resourceGroupName: ${example.name}
* sku: PerGB2018
* retentionInDays: 30
* exampleLogAnalyticsWorkspaceOnboarding:
* type: azure:sentinel:LogAnalyticsWorkspaceOnboarding
* name: example
* properties:
* resourceGroupName: ${example.name}
* workspaceName: ${exampleAnalyticsWorkspace.name}
* exampleThreatIntelligenceIndicator:
* type: azure:sentinel:ThreatIntelligenceIndicator
* name: example
* properties:
* workspaceId: ${exampleAnalyticsWorkspace.id}
* patternType: domain-name
* pattern: http://example.com
* source: Microsoft Sentinel
* validateFromUtc: 2022-12-14T16:00:00Z
* displayName: example-indicator
* options:
* dependson:
* - ${test}
* ```
*
* ## Import
* Sentinel Threat Intelligence Indicators can be imported using the `resource id`, e.g.
* ```sh
* $ pulumi import azure:sentinel/threatIntelligenceIndicator:ThreatIntelligenceIndicator example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1
* ```
*/
public class ThreatIntelligenceIndicator internal constructor(
override val javaResource: com.pulumi.azure.sentinel.ThreatIntelligenceIndicator,
) : KotlinCustomResource(javaResource, ThreatIntelligenceIndicatorMapper) {
/**
* Confidence levels of the Threat Intelligence Indicator.
*/
public val confidence: Output?
get() = javaResource.confidence().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The creator of the Threat Intelligence Indicator.
*/
public val createdBy: Output?
get() = javaResource.createdBy().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* The date of this Threat Intelligence Indicator created.
*/
public val createdOn: Output
get() = javaResource.createdOn().applyValue({ args0 -> args0 })
/**
* Whether the Threat Intelligence entity is defanged?
*/
public val defanged: Output
get() = javaResource.defanged().applyValue({ args0 -> args0 })
/**
* The description of the Threat Intelligence Indicator.
*/
public val description: Output?
get() = javaResource.description().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The display name of the Threat Intelligence Indicator.
*/
public val displayName: Output
get() = javaResource.displayName().applyValue({ args0 -> args0 })
/**
* The extension config of the Threat Intelligence Indicator in JSON format.
*/
public val extension: Output
get() = javaResource.extension().applyValue({ args0 -> args0 })
/**
* The external ID of the Threat Intelligence Indicator.
*/
public val externalId: Output
get() = javaResource.externalId().applyValue({ args0 -> args0 })
/**
* the External last updated time in UTC.
*/
public val externalLastUpdatedTimeUtc: Output
get() = javaResource.externalLastUpdatedTimeUtc().applyValue({ args0 -> args0 })
/**
* One or more `external_reference` blocks as defined below.
*/
public val externalReferences: Output>?
get() = javaResource.externalReferences().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
threatIntelligenceIndicatorExternalReferenceToKotlin(args0)
})
})
}).orElse(null)
})
/**
* One or more `granular_marking` blocks as defined below.
*/
public val granularMarkings: Output>?
get() = javaResource.granularMarkings().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
threatIntelligenceIndicatorGranularMarkingToKotlin(args0)
})
})
}).orElse(null)
})
/**
* The guid of this Sentinel Threat Intelligence Indicator.
*/
public val guid: Output
get() = javaResource.guid().applyValue({ args0 -> args0 })
/**
* A list of indicator types of this Threat Intelligence Indicator.
*/
public val indicatorTypes: Output>
get() = javaResource.indicatorTypes().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* One or more `kill_chain_phase` blocks as defined below.
*/
public val killChainPhases: Output>?
get() = javaResource.killChainPhases().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
threatIntelligenceIndicatorKillChainPhaseToKotlin(args0)
})
})
}).orElse(null)
})
/**
* The language of the Threat Intelligence Indicator.
*/
public val language: Output?
get() = javaResource.language().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* The last updated time of the Threat Intelligence Indicator in UTC.
*/
public val lastUpdatedTimeUtc: Output
get() = javaResource.lastUpdatedTimeUtc().applyValue({ args0 -> args0 })
/**
* Specifies a list of Threat Intelligence marking references.
*/
public val objectMarkingRefs: Output>?
get() = javaResource.objectMarkingRefs().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 -> args0 })
}).orElse(null)
})
/**
* A `parsed_pattern` block as defined below.
*/
public val parsedPatterns: Output>
get() = javaResource.parsedPatterns().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> threatIntelligenceIndicatorParsedPatternToKotlin(args0) })
})
})
/**
* The pattern used by the Threat Intelligence Indicator. When `pattern_type` set to `file`, `pattern` must be specified with `:` format, such as `MD5:78ecc5c05cd8b79af480df2f8fba0b9d`.
*/
public val pattern: Output
get() = javaResource.pattern().applyValue({ args0 -> args0 })
/**
* The type of pattern used by the Threat Intelligence Indicator. Possible values are `domain-name`, `file`, `ipv4-addr`, `ipv6-addr` and `url`.
*/
public val patternType: Output
get() = javaResource.patternType().applyValue({ args0 -> args0 })
/**
* The version of a Threat Intelligence entity.
*/
public val patternVersion: Output?
get() = javaResource.patternVersion().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Whether the Threat Intelligence entity revoked.
*/
public val revoked: Output?
get() = javaResource.revoked().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Source of the Threat Intelligence Indicator. Changing this forces a new resource to be created.
*/
public val source: Output
get() = javaResource.source().applyValue({ args0 -> args0 })
/**
* Specifies a list of tags of the Threat Intelligence Indicator.
*/
public val tags: Output>?
get() = javaResource.tags().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0
})
}).orElse(null)
})
/**
* Specifies a list of threat types of this Threat Intelligence Indicator.
*/
public val threatTypes: Output>?
get() = javaResource.threatTypes().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0
})
}).orElse(null)
})
/**
* The start of validate date in RFC3339.
*/
public val validateFromUtc: Output
get() = javaResource.validateFromUtc().applyValue({ args0 -> args0 })
/**
* The end of validate date of the Threat Intelligence Indicator in RFC3339 format.
*/
public val validateUntilUtc: Output?
get() = javaResource.validateUntilUtc().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Threat Intelligence Indicator to be created.
*/
public val workspaceId: Output
get() = javaResource.workspaceId().applyValue({ args0 -> args0 })
}
public object ThreatIntelligenceIndicatorMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.azure.sentinel.ThreatIntelligenceIndicator::class == javaResource::class
override fun map(javaResource: Resource): ThreatIntelligenceIndicator =
ThreatIntelligenceIndicator(
javaResource as
com.pulumi.azure.sentinel.ThreatIntelligenceIndicator,
)
}
/**
* @see [ThreatIntelligenceIndicator].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [ThreatIntelligenceIndicator].
*/
public suspend fun threatIntelligenceIndicator(
name: String,
block: suspend ThreatIntelligenceIndicatorResourceBuilder.() -> Unit,
): ThreatIntelligenceIndicator {
val builder = ThreatIntelligenceIndicatorResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [ThreatIntelligenceIndicator].
* @param name The _unique_ name of the resulting resource.
*/
public fun threatIntelligenceIndicator(name: String): ThreatIntelligenceIndicator {
val builder = ThreatIntelligenceIndicatorResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy