Azure v6.21.0, Mar 7 25

We recommend using Azure Native.

Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-azure

azure.sentinel.Metadata

Explore with Pulumi AI

We recommend using Azure Native.

Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-azure

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.core.ResourceGroup("example", {
    name: "example-resources",
    location: "West Europe",
});
const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
    name: "example-workspace",
    location: example.location,
    resourceGroupName: example.name,
    sku: "pergb2018",
});
const exampleAnalyticsSolution = new azure.operationalinsights.AnalyticsSolution("example", {
    solutionName: "SecurityInsights",
    location: example.location,
    resourceGroupName: example.name,
    workspaceResourceId: exampleAnalyticsWorkspace.id,
    workspaceName: exampleAnalyticsWorkspace.name,
    plan: {
        publisher: "Microsoft",
        product: "OMSGallery/SecurityInsights",
    },
});
const exampleAlertRuleNrt = new azure.sentinel.AlertRuleNrt("example", {
    name: "example",
    logAnalyticsWorkspaceId: exampleAnalyticsSolution.workspaceResourceId,
    displayName: "example",
    severity: "High",
    query: `AzureActivity |
  where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
  where ActivityStatus == "Succeeded" |
  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
`,
});
const exampleMetadata = new azure.sentinel.Metadata("example", {
    name: "exampl",
    workspaceId: exampleAnalyticsSolution.workspaceResourceId,
    contentId: exampleAlertRuleNrt.name,
    kind: "AnalyticsRule",
    parentId: exampleAlertRuleNrt.id,
});

import pulumi
import pulumi_azure as azure

example = azure.core.ResourceGroup("example",
    name="example-resources",
    location="West Europe")
example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
    name="example-workspace",
    location=example.location,
    resource_group_name=example.name,
    sku="pergb2018")
example_analytics_solution = azure.operationalinsights.AnalyticsSolution("example",
    solution_name="SecurityInsights",
    location=example.location,
    resource_group_name=example.name,
    workspace_resource_id=example_analytics_workspace.id,
    workspace_name=example_analytics_workspace.name,
    plan={
        "publisher": "Microsoft",
        "product": "OMSGallery/SecurityInsights",
    })
example_alert_rule_nrt = azure.sentinel.AlertRuleNrt("example",
    name="example",
    log_analytics_workspace_id=example_analytics_solution.workspace_resource_id,
    display_name="example",
    severity="High",
    query="""AzureActivity |
  where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
  where ActivityStatus == "Succeeded" |
  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
""")
example_metadata = azure.sentinel.Metadata("example",
    name="exampl",
    workspace_id=example_analytics_solution.workspace_resource_id,
    content_id=example_alert_rule_nrt.name,
    kind="AnalyticsRule",
    parent_id=example_alert_rule_nrt.id)

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/operationalinsights"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/sentinel"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("pergb2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "example", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            example.Location,
			ResourceGroupName:   example.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		exampleAlertRuleNrt, err := sentinel.NewAlertRuleNrt(ctx, "example", &sentinel.AlertRuleNrtArgs{
			Name:                    pulumi.String("example"),
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			DisplayName:             pulumi.String("example"),
			Severity:                pulumi.String("High"),
			Query:                   pulumi.String("AzureActivity |\n  where OperationName == \"Create or Update Virtual Machine\" or OperationName ==\"Create Deployment\" |\n  where ActivityStatus == \"Succeeded\" |\n  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller\n"),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewMetadata(ctx, "example", &sentinel.MetadataArgs{
			Name:        pulumi.String("exampl"),
			WorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			ContentId:   exampleAlertRuleNrt.Name,
			Kind:        pulumi.String("AnalyticsRule"),
			ParentId:    exampleAlertRuleNrt.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-resources",
        Location = "West Europe",
    });

    var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
    {
        Name = "example-workspace",
        Location = example.Location,
        ResourceGroupName = example.Name,
        Sku = "pergb2018",
    });

    var exampleAnalyticsSolution = new Azure.OperationalInsights.AnalyticsSolution("example", new()
    {
        SolutionName = "SecurityInsights",
        Location = example.Location,
        ResourceGroupName = example.Name,
        WorkspaceResourceId = exampleAnalyticsWorkspace.Id,
        WorkspaceName = exampleAnalyticsWorkspace.Name,
        Plan = new Azure.OperationalInsights.Inputs.AnalyticsSolutionPlanArgs
        {
            Publisher = "Microsoft",
            Product = "OMSGallery/SecurityInsights",
        },
    });

    var exampleAlertRuleNrt = new Azure.Sentinel.AlertRuleNrt("example", new()
    {
        Name = "example",
        LogAnalyticsWorkspaceId = exampleAnalyticsSolution.WorkspaceResourceId,
        DisplayName = "example",
        Severity = "High",
        Query = @"AzureActivity |
  where OperationName == ""Create or Update Virtual Machine"" or OperationName ==""Create Deployment"" |
  where ActivityStatus == ""Succeeded"" |
  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
",
    });

    var exampleMetadata = new Azure.Sentinel.Metadata("example", new()
    {
        Name = "exampl",
        WorkspaceId = exampleAnalyticsSolution.WorkspaceResourceId,
        ContentId = exampleAlertRuleNrt.Name,
        Kind = "AnalyticsRule",
        ParentId = exampleAlertRuleNrt.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.operationalinsights.AnalyticsSolution;
import com.pulumi.azure.operationalinsights.AnalyticsSolutionArgs;
import com.pulumi.azure.operationalinsights.inputs.AnalyticsSolutionPlanArgs;
import com.pulumi.azure.sentinel.AlertRuleNrt;
import com.pulumi.azure.sentinel.AlertRuleNrtArgs;
import com.pulumi.azure.sentinel.Metadata;
import com.pulumi.azure.sentinel.MetadataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-resources")
            .location("West Europe")
            .build());

        var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
            .name("example-workspace")
            .location(example.location())
            .resourceGroupName(example.name())
            .sku("pergb2018")
            .build());

        var exampleAnalyticsSolution = new AnalyticsSolution("exampleAnalyticsSolution", AnalyticsSolutionArgs.builder()
            .solutionName("SecurityInsights")
            .location(example.location())
            .resourceGroupName(example.name())
            .workspaceResourceId(exampleAnalyticsWorkspace.id())
            .workspaceName(exampleAnalyticsWorkspace.name())
            .plan(AnalyticsSolutionPlanArgs.builder()
                .publisher("Microsoft")
                .product("OMSGallery/SecurityInsights")
                .build())
            .build());

        var exampleAlertRuleNrt = new AlertRuleNrt("exampleAlertRuleNrt", AlertRuleNrtArgs.builder()
            .name("example")
            .logAnalyticsWorkspaceId(exampleAnalyticsSolution.workspaceResourceId())
            .displayName("example")
            .severity("High")
            .query("""
AzureActivity |
  where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
  where ActivityStatus == "Succeeded" |
  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
            """)
            .build());

        var exampleMetadata = new Metadata("exampleMetadata", MetadataArgs.builder()
            .name("exampl")
            .workspaceId(exampleAnalyticsSolution.workspaceResourceId())
            .contentId(exampleAlertRuleNrt.name())
            .kind("AnalyticsRule")
            .parentId(exampleAlertRuleNrt.id())
            .build());

    }
}

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleAnalyticsWorkspace:
    type: azure:operationalinsights:AnalyticsWorkspace
    name: example
    properties:
      name: example-workspace
      location: ${example.location}
      resourceGroupName: ${example.name}
      sku: pergb2018
  exampleAnalyticsSolution:
    type: azure:operationalinsights:AnalyticsSolution
    name: example
    properties:
      solutionName: SecurityInsights
      location: ${example.location}
      resourceGroupName: ${example.name}
      workspaceResourceId: ${exampleAnalyticsWorkspace.id}
      workspaceName: ${exampleAnalyticsWorkspace.name}
      plan:
        publisher: Microsoft
        product: OMSGallery/SecurityInsights
  exampleAlertRuleNrt:
    type: azure:sentinel:AlertRuleNrt
    name: example
    properties:
      name: example
      logAnalyticsWorkspaceId: ${exampleAnalyticsSolution.workspaceResourceId}
      displayName: example
      severity: High
      query: |
        AzureActivity |
          where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
          where ActivityStatus == "Succeeded" |
          make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller        
  exampleMetadata:
    type: azure:sentinel:Metadata
    name: example
    properties:
      name: exampl
      workspaceId: ${exampleAnalyticsSolution.workspaceResourceId}
      contentId: ${exampleAlertRuleNrt.name}
      kind: AnalyticsRule
      parentId: ${exampleAlertRuleNrt.id}

Create Metadata Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Metadata(name: string, args: MetadataArgs, opts?: CustomResourceOptions);

@overload
def Metadata(resource_name: str,
             args: MetadataArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Metadata(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             kind: Optional[str] = None,
             workspace_id: Optional[str] = None,
             content_id: Optional[str] = None,
             parent_id: Optional[str] = None,
             name: Optional[str] = None,
             preview_images_darks: Optional[Sequence[str]] = None,
             first_publish_date: Optional[str] = None,
             icon_id: Optional[str] = None,
             custom_version: Optional[str] = None,
             last_publish_date: Optional[str] = None,
             author: Optional[MetadataAuthorArgs] = None,
             content_schema_version: Optional[str] = None,
             preview_images: Optional[Sequence[str]] = None,
             dependency: Optional[str] = None,
             providers: Optional[Sequence[str]] = None,
             source: Optional[MetadataSourceArgs] = None,
             support: Optional[MetadataSupportArgs] = None,
             threat_analysis_tactics: Optional[Sequence[str]] = None,
             threat_analysis_techniques: Optional[Sequence[str]] = None,
             version: Optional[str] = None,
             category: Optional[MetadataCategoryArgs] = None)

func NewMetadata(ctx *Context, name string, args MetadataArgs, opts ...ResourceOption) (*Metadata, error)

public Metadata(string name, MetadataArgs args, CustomResourceOptions? opts = null)

public Metadata(String name, MetadataArgs args)
public Metadata(String name, MetadataArgs args, CustomResourceOptions options)

type: azure:sentinel:Metadata
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args MetadataArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args MetadataArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args MetadataArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args MetadataArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args MetadataArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var metadataResource = new Azure.Sentinel.Metadata("metadataResource", new()
{
    Kind = "string",
    WorkspaceId = "string",
    ContentId = "string",
    ParentId = "string",
    Name = "string",
    PreviewImagesDarks = new[]
    {
        "string",
    },
    FirstPublishDate = "string",
    IconId = "string",
    CustomVersion = "string",
    LastPublishDate = "string",
    Author = new Azure.Sentinel.Inputs.MetadataAuthorArgs
    {
        Email = "string",
        Link = "string",
        Name = "string",
    },
    ContentSchemaVersion = "string",
    PreviewImages = new[]
    {
        "string",
    },
    Dependency = "string",
    Providers = new[]
    {
        "string",
    },
    Source = new Azure.Sentinel.Inputs.MetadataSourceArgs
    {
        Kind = "string",
        Id = "string",
        Name = "string",
    },
    Support = new Azure.Sentinel.Inputs.MetadataSupportArgs
    {
        Tier = "string",
        Email = "string",
        Link = "string",
        Name = "string",
    },
    ThreatAnalysisTactics = new[]
    {
        "string",
    },
    ThreatAnalysisTechniques = new[]
    {
        "string",
    },
    Version = "string",
    Category = new Azure.Sentinel.Inputs.MetadataCategoryArgs
    {
        Domains = new[]
        {
            "string",
        },
        Verticals = new[]
        {
            "string",
        },
    },
});

example, err := sentinel.NewMetadata(ctx, "metadataResource", &sentinel.MetadataArgs{
	Kind:        pulumi.String("string"),
	WorkspaceId: pulumi.String("string"),
	ContentId:   pulumi.String("string"),
	ParentId:    pulumi.String("string"),
	Name:        pulumi.String("string"),
	PreviewImagesDarks: pulumi.StringArray{
		pulumi.String("string"),
	},
	FirstPublishDate: pulumi.String("string"),
	IconId:           pulumi.String("string"),
	CustomVersion:    pulumi.String("string"),
	LastPublishDate:  pulumi.String("string"),
	Author: &sentinel.MetadataAuthorArgs{
		Email: pulumi.String("string"),
		Link:  pulumi.String("string"),
		Name:  pulumi.String("string"),
	},
	ContentSchemaVersion: pulumi.String("string"),
	PreviewImages: pulumi.StringArray{
		pulumi.String("string"),
	},
	Dependency: pulumi.String("string"),
	Providers: pulumi.StringArray{
		pulumi.String("string"),
	},
	Source: &sentinel.MetadataSourceArgs{
		Kind: pulumi.String("string"),
		Id:   pulumi.String("string"),
		Name: pulumi.String("string"),
	},
	Support: &sentinel.MetadataSupportArgs{
		Tier:  pulumi.String("string"),
		Email: pulumi.String("string"),
		Link:  pulumi.String("string"),
		Name:  pulumi.String("string"),
	},
	ThreatAnalysisTactics: pulumi.StringArray{
		pulumi.String("string"),
	},
	ThreatAnalysisTechniques: pulumi.StringArray{
		pulumi.String("string"),
	},
	Version: pulumi.String("string"),
	Category: &sentinel.MetadataCategoryArgs{
		Domains: pulumi.StringArray{
			pulumi.String("string"),
		},
		Verticals: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
})

var metadataResource = new Metadata("metadataResource", MetadataArgs.builder()
    .kind("string")
    .workspaceId("string")
    .contentId("string")
    .parentId("string")
    .name("string")
    .previewImagesDarks("string")
    .firstPublishDate("string")
    .iconId("string")
    .customVersion("string")
    .lastPublishDate("string")
    .author(MetadataAuthorArgs.builder()
        .email("string")
        .link("string")
        .name("string")
        .build())
    .contentSchemaVersion("string")
    .previewImages("string")
    .dependency("string")
    .providers("string")
    .source(MetadataSourceArgs.builder()
        .kind("string")
        .id("string")
        .name("string")
        .build())
    .support(MetadataSupportArgs.builder()
        .tier("string")
        .email("string")
        .link("string")
        .name("string")
        .build())
    .threatAnalysisTactics("string")
    .threatAnalysisTechniques("string")
    .version("string")
    .category(MetadataCategoryArgs.builder()
        .domains("string")
        .verticals("string")
        .build())
    .build());

metadata_resource = azure.sentinel.Metadata("metadataResource",
    kind="string",
    workspace_id="string",
    content_id="string",
    parent_id="string",
    name="string",
    preview_images_darks=["string"],
    first_publish_date="string",
    icon_id="string",
    custom_version="string",
    last_publish_date="string",
    author={
        "email": "string",
        "link": "string",
        "name": "string",
    },
    content_schema_version="string",
    preview_images=["string"],
    dependency="string",
    providers=["string"],
    source={
        "kind": "string",
        "id": "string",
        "name": "string",
    },
    support={
        "tier": "string",
        "email": "string",
        "link": "string",
        "name": "string",
    },
    threat_analysis_tactics=["string"],
    threat_analysis_techniques=["string"],
    version="string",
    category={
        "domains": ["string"],
        "verticals": ["string"],
    })

const metadataResource = new azure.sentinel.Metadata("metadataResource", {
    kind: "string",
    workspaceId: "string",
    contentId: "string",
    parentId: "string",
    name: "string",
    previewImagesDarks: ["string"],
    firstPublishDate: "string",
    iconId: "string",
    customVersion: "string",
    lastPublishDate: "string",
    author: {
        email: "string",
        link: "string",
        name: "string",
    },
    contentSchemaVersion: "string",
    previewImages: ["string"],
    dependency: "string",
    providers: ["string"],
    source: {
        kind: "string",
        id: "string",
        name: "string",
    },
    support: {
        tier: "string",
        email: "string",
        link: "string",
        name: "string",
    },
    threatAnalysisTactics: ["string"],
    threatAnalysisTechniques: ["string"],
    version: "string",
    category: {
        domains: ["string"],
        verticals: ["string"],
    },
});

type: azure:sentinel:Metadata
properties:
    author:
        email: string
        link: string
        name: string
    category:
        domains:
            - string
        verticals:
            - string
    contentId: string
    contentSchemaVersion: string
    customVersion: string
    dependency: string
    firstPublishDate: string
    iconId: string
    kind: string
    lastPublishDate: string
    name: string
    parentId: string
    previewImages:
        - string
    previewImagesDarks:
        - string
    providers:
        - string
    source:
        id: string
        kind: string
        name: string
    support:
        email: string
        link: string
        name: string
        tier: string
    threatAnalysisTactics:
        - string
    threatAnalysisTechniques:
        - string
    version: string
    workspaceId: string

Metadata Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Metadata resource accepts the following input properties:

ContentId string: The ID of the content. Used to identify dependencies and content from solutions or community.
Kind string: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
ParentId string: The ID of the parent resource ID of the content item, which the metadata belongs to.
WorkspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
Author MetadataAuthor: An author blocks as defined below.
Category MetadataCategory: A category block as defined below.
ContentSchemaVersion string: Schema version of the content. Can be used to distinguish between flow based on the schema version.
CustomVersion string: The Custom version of the content.
Dependency string: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
FirstPublishDate string: The first publish date of solution content item.
IconId string: The ID of the icon, this id can be fetched from the solution template.
LastPublishDate string: The last publish date of solution content item.
Name string: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
PreviewImages List<string>: Specifies a list of preview image file names. These will be taken from solution artifacts.
PreviewImagesDarks List<string>: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
Providers List<string>: Specifies a list of providers for the solution content item.
Source MetadataSource: A source block as defined below.
Support MetadataSupport: A support block as defined below.
ThreatAnalysisTactics List<string>: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
ThreatAnalysisTechniques List<string>: Specifies a list of techniques the resource covers.
Version string: Version of the content.

ContentId string: The ID of the content. Used to identify dependencies and content from solutions or community.
Kind string: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
ParentId string: The ID of the parent resource ID of the content item, which the metadata belongs to.
WorkspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
Author MetadataAuthorArgs: An author blocks as defined below.
Category MetadataCategoryArgs: A category block as defined below.
ContentSchemaVersion string: Schema version of the content. Can be used to distinguish between flow based on the schema version.
CustomVersion string: The Custom version of the content.
Dependency string: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
FirstPublishDate string: The first publish date of solution content item.
IconId string: The ID of the icon, this id can be fetched from the solution template.
LastPublishDate string: The last publish date of solution content item.
Name string: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
PreviewImages []string: Specifies a list of preview image file names. These will be taken from solution artifacts.
PreviewImagesDarks []string: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
Providers []string: Specifies a list of providers for the solution content item.
Source MetadataSourceArgs: A source block as defined below.
Support MetadataSupportArgs: A support block as defined below.
ThreatAnalysisTactics []string: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
ThreatAnalysisTechniques []string: Specifies a list of techniques the resource covers.
Version string: Version of the content.

contentId String: The ID of the content. Used to identify dependencies and content from solutions or community.
kind String: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
parentId String: The ID of the parent resource ID of the content item, which the metadata belongs to.
workspaceId String: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
author MetadataAuthor: An author blocks as defined below.
category MetadataCategory: A category block as defined below.
contentSchemaVersion String: Schema version of the content. Can be used to distinguish between flow based on the schema version.
customVersion String: The Custom version of the content.
dependency String: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
firstPublishDate String: The first publish date of solution content item.
iconId String: The ID of the icon, this id can be fetched from the solution template.
lastPublishDate String: The last publish date of solution content item.
name String: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
previewImages List<String>: Specifies a list of preview image file names. These will be taken from solution artifacts.
previewImagesDarks List<String>: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
providers List<String>: Specifies a list of providers for the solution content item.
source MetadataSource: A source block as defined below.
support MetadataSupport: A support block as defined below.
threatAnalysisTactics List<String>: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
threatAnalysisTechniques List<String>: Specifies a list of techniques the resource covers.
version String: Version of the content.

contentId string: The ID of the content. Used to identify dependencies and content from solutions or community.
kind string: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
parentId string: The ID of the parent resource ID of the content item, which the metadata belongs to.
workspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
author MetadataAuthor: An author blocks as defined below.
category MetadataCategory: A category block as defined below.
contentSchemaVersion string: Schema version of the content. Can be used to distinguish between flow based on the schema version.
customVersion string: The Custom version of the content.
dependency string: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
firstPublishDate string: The first publish date of solution content item.
iconId string: The ID of the icon, this id can be fetched from the solution template.
lastPublishDate string: The last publish date of solution content item.
name string: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
previewImages string[]: Specifies a list of preview image file names. These will be taken from solution artifacts.
previewImagesDarks string[]: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
providers string[]: Specifies a list of providers for the solution content item.
source MetadataSource: A source block as defined below.
support MetadataSupport: A support block as defined below.
threatAnalysisTactics string[]: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
threatAnalysisTechniques string[]: Specifies a list of techniques the resource covers.
version string: Version of the content.

content_id str: The ID of the content. Used to identify dependencies and content from solutions or community.
kind str: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
parent_id str: The ID of the parent resource ID of the content item, which the metadata belongs to.
workspace_id str: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
author MetadataAuthorArgs: An author blocks as defined below.
category MetadataCategoryArgs: A category block as defined below.
content_schema_version str: Schema version of the content. Can be used to distinguish between flow based on the schema version.
custom_version str: The Custom version of the content.
dependency str: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
first_publish_date str: The first publish date of solution content item.
icon_id str: The ID of the icon, this id can be fetched from the solution template.
last_publish_date str: The last publish date of solution content item.
name str: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
preview_images Sequence[str]: Specifies a list of preview image file names. These will be taken from solution artifacts.
preview_images_darks Sequence[str]: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
providers Sequence[str]: Specifies a list of providers for the solution content item.
source MetadataSourceArgs: A source block as defined below.
support MetadataSupportArgs: A support block as defined below.
threat_analysis_tactics Sequence[str]: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
threat_analysis_techniques Sequence[str]: Specifies a list of techniques the resource covers.
version str: Version of the content.

contentId String: The ID of the content. Used to identify dependencies and content from solutions or community.
kind String: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
parentId String: The ID of the parent resource ID of the content item, which the metadata belongs to.
workspaceId String: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.
author Property Map: An author blocks as defined below.
category Property Map: A category block as defined below.
contentSchemaVersion String: Schema version of the content. Can be used to distinguish between flow based on the schema version.
customVersion String: The Custom version of the content.
dependency String: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
firstPublishDate String: The first publish date of solution content item.
iconId String: The ID of the icon, this id can be fetched from the solution template.
lastPublishDate String: The last publish date of solution content item.
name String: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
previewImages List<String>: Specifies a list of preview image file names. These will be taken from solution artifacts.
previewImagesDarks List<String>: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
providers List<String>: Specifies a list of providers for the solution content item.
source Property Map: A source block as defined below.
support Property Map: A support block as defined below.
threatAnalysisTactics List<String>: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
threatAnalysisTechniques List<String>: Specifies a list of techniques the resource covers.
version String: Version of the content.

Outputs

All input properties are implicitly available as output properties. Additionally, the Metadata resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Metadata Resource

Get an existing Metadata resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: MetadataState, opts?: CustomResourceOptions): Metadata

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        author: Optional[MetadataAuthorArgs] = None,
        category: Optional[MetadataCategoryArgs] = None,
        content_id: Optional[str] = None,
        content_schema_version: Optional[str] = None,
        custom_version: Optional[str] = None,
        dependency: Optional[str] = None,
        first_publish_date: Optional[str] = None,
        icon_id: Optional[str] = None,
        kind: Optional[str] = None,
        last_publish_date: Optional[str] = None,
        name: Optional[str] = None,
        parent_id: Optional[str] = None,
        preview_images: Optional[Sequence[str]] = None,
        preview_images_darks: Optional[Sequence[str]] = None,
        providers: Optional[Sequence[str]] = None,
        source: Optional[MetadataSourceArgs] = None,
        support: Optional[MetadataSupportArgs] = None,
        threat_analysis_tactics: Optional[Sequence[str]] = None,
        threat_analysis_techniques: Optional[Sequence[str]] = None,
        version: Optional[str] = None,
        workspace_id: Optional[str] = None) -> Metadata

func GetMetadata(ctx *Context, name string, id IDInput, state *MetadataState, opts ...ResourceOption) (*Metadata, error)

public static Metadata Get(string name, Input<string> id, MetadataState? state, CustomResourceOptions? opts = null)

public static Metadata get(String name, Output<String> id, MetadataState state, CustomResourceOptions options)

resources:  _:    type: azure:sentinel:Metadata    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Author MetadataAuthor: An author blocks as defined below.
Category MetadataCategory: A category block as defined below.
ContentId string: The ID of the content. Used to identify dependencies and content from solutions or community.
ContentSchemaVersion string: Schema version of the content. Can be used to distinguish between flow based on the schema version.
CustomVersion string: The Custom version of the content.
Dependency string: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
FirstPublishDate string: The first publish date of solution content item.
IconId string: The ID of the icon, this id can be fetched from the solution template.
Kind string: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
LastPublishDate string: The last publish date of solution content item.
Name string: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
ParentId string: The ID of the parent resource ID of the content item, which the metadata belongs to.
PreviewImages List<string>: Specifies a list of preview image file names. These will be taken from solution artifacts.
PreviewImagesDarks List<string>: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
Providers List<string>: Specifies a list of providers for the solution content item.
Source MetadataSource: A source block as defined below.
Support MetadataSupport: A support block as defined below.
ThreatAnalysisTactics List<string>: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
ThreatAnalysisTechniques List<string>: Specifies a list of techniques the resource covers.
Version string: Version of the content.
WorkspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.

Author MetadataAuthorArgs: An author blocks as defined below.
Category MetadataCategoryArgs: A category block as defined below.
ContentId string: The ID of the content. Used to identify dependencies and content from solutions or community.
ContentSchemaVersion string: Schema version of the content. Can be used to distinguish between flow based on the schema version.
CustomVersion string: The Custom version of the content.
Dependency string: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
FirstPublishDate string: The first publish date of solution content item.
IconId string: The ID of the icon, this id can be fetched from the solution template.
Kind string: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
LastPublishDate string: The last publish date of solution content item.
Name string: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
ParentId string: The ID of the parent resource ID of the content item, which the metadata belongs to.
PreviewImages []string: Specifies a list of preview image file names. These will be taken from solution artifacts.
PreviewImagesDarks []string: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
Providers []string: Specifies a list of providers for the solution content item.
Source MetadataSourceArgs: A source block as defined below.
Support MetadataSupportArgs: A support block as defined below.
ThreatAnalysisTactics []string: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
ThreatAnalysisTechniques []string: Specifies a list of techniques the resource covers.
Version string: Version of the content.
WorkspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.

author MetadataAuthor: An author blocks as defined below.
category MetadataCategory: A category block as defined below.
contentId String: The ID of the content. Used to identify dependencies and content from solutions or community.
contentSchemaVersion String: Schema version of the content. Can be used to distinguish between flow based on the schema version.
customVersion String: The Custom version of the content.
dependency String: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
firstPublishDate String: The first publish date of solution content item.
iconId String: The ID of the icon, this id can be fetched from the solution template.
kind String: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
lastPublishDate String: The last publish date of solution content item.
name String: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
parentId String: The ID of the parent resource ID of the content item, which the metadata belongs to.
previewImages List<String>: Specifies a list of preview image file names. These will be taken from solution artifacts.
previewImagesDarks List<String>: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
providers List<String>: Specifies a list of providers for the solution content item.
source MetadataSource: A source block as defined below.
support MetadataSupport: A support block as defined below.
threatAnalysisTactics List<String>: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
threatAnalysisTechniques List<String>: Specifies a list of techniques the resource covers.
version String: Version of the content.
workspaceId String: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.

author MetadataAuthor: An author blocks as defined below.
category MetadataCategory: A category block as defined below.
contentId string: The ID of the content. Used to identify dependencies and content from solutions or community.
contentSchemaVersion string: Schema version of the content. Can be used to distinguish between flow based on the schema version.
customVersion string: The Custom version of the content.
dependency string: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
firstPublishDate string: The first publish date of solution content item.
iconId string: The ID of the icon, this id can be fetched from the solution template.
kind string: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
lastPublishDate string: The last publish date of solution content item.
name string: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
parentId string: The ID of the parent resource ID of the content item, which the metadata belongs to.
previewImages string[]: Specifies a list of preview image file names. These will be taken from solution artifacts.
previewImagesDarks string[]: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
providers string[]: Specifies a list of providers for the solution content item.
source MetadataSource: A source block as defined below.
support MetadataSupport: A support block as defined below.
threatAnalysisTactics string[]: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
threatAnalysisTechniques string[]: Specifies a list of techniques the resource covers.
version string: Version of the content.
workspaceId string: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.

author MetadataAuthorArgs: An author blocks as defined below.
category MetadataCategoryArgs: A category block as defined below.
content_id str: The ID of the content. Used to identify dependencies and content from solutions or community.
content_schema_version str: Schema version of the content. Can be used to distinguish between flow based on the schema version.
custom_version str: The Custom version of the content.
dependency str: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
first_publish_date str: The first publish date of solution content item.
icon_id str: The ID of the icon, this id can be fetched from the solution template.
kind str: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
last_publish_date str: The last publish date of solution content item.
name str: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
parent_id str: The ID of the parent resource ID of the content item, which the metadata belongs to.
preview_images Sequence[str]: Specifies a list of preview image file names. These will be taken from solution artifacts.
preview_images_darks Sequence[str]: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
providers Sequence[str]: Specifies a list of providers for the solution content item.
source MetadataSourceArgs: A source block as defined below.
support MetadataSupportArgs: A support block as defined below.
threat_analysis_tactics Sequence[str]: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
threat_analysis_techniques Sequence[str]: Specifies a list of techniques the resource covers.
version str: Version of the content.
workspace_id str: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.

author Property Map: An author blocks as defined below.
category Property Map: A category block as defined below.
contentId String: The ID of the content. Used to identify dependencies and content from solutions or community.
contentSchemaVersion String: Schema version of the content. Can be used to distinguish between flow based on the schema version.
customVersion String: The Custom version of the content.
dependency String: A JSON formatted dependency block as defined below. Dependency for the content item, what other content items it requires to work.
firstPublishDate String: The first publish date of solution content item.
iconId String: The ID of the icon, this id can be fetched from the solution template.
kind String: The kind of content the metadata is for. Possible values are AnalyticsRule, AnalyticsRuleTemplate, AutomationRule, AzureFunction, DataConnector, DataType, HuntingQuery, InvestigationQuery, LogicAppsCustomConnector, Parser, Playbook, PlaybookTemplate, Solution, Watchlist, WatchlistTemplate, Workbook and WorkbookTemplate.
lastPublishDate String: The last publish date of solution content item.
name String: The name which should be used for this Sentinel Metadata. Changing this forces a new Sentinel Metadata to be created.
parentId String: The ID of the parent resource ID of the content item, which the metadata belongs to.
previewImages List<String>: Specifies a list of preview image file names. These will be taken from solution artifacts.
previewImagesDarks List<String>: Specifies a list of preview image file names used for dark theme. These will be taken from solution artifacts.
providers List<String>: Specifies a list of providers for the solution content item.
source Property Map: A source block as defined below.
support Property Map: A support block as defined below.
threatAnalysisTactics List<String>: Specifies a list of tactics the resource covers. Possible values are Reconnaissance, ResourceDevelopment, InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact, ImpairProcessControl and InhibitResponseFunction.
threatAnalysisTechniques List<String>: Specifies a list of techniques the resource covers.
version String: Version of the content.
workspaceId String: The ID of the Log Analytics Workspace. Changing this forces a new Sentinel Metadata to be created.

Supporting Types

MetadataAuthor, MetadataAuthorArgs

Email string: The email address of the author contact.
Link string: The link for author/vendor page.
Name string: The name of the author, company or person.

Email string: The email address of the author contact.
Link string: The link for author/vendor page.
Name string: The name of the author, company or person.

email String: The email address of the author contact.
link String: The link for author/vendor page.
name String: The name of the author, company or person.

email string: The email address of the author contact.
link string: The link for author/vendor page.
name string: The name of the author, company or person.

email str: The email address of the author contact.
link str: The link for author/vendor page.
name str: The name of the author, company or person.

email String: The email address of the author contact.
link String: The link for author/vendor page.
name String: The name of the author, company or person.

MetadataCategory, MetadataCategoryArgs

Domains List<string>: Specifies a list of domains for the solution content item.
Verticals List<string>: Specifies a list of industry verticals for the solution content item.

Domains []string: Specifies a list of domains for the solution content item.
Verticals []string: Specifies a list of industry verticals for the solution content item.

domains List<String>: Specifies a list of domains for the solution content item.
verticals List<String>: Specifies a list of industry verticals for the solution content item.

domains string[]: Specifies a list of domains for the solution content item.
verticals string[]: Specifies a list of industry verticals for the solution content item.

domains Sequence[str]: Specifies a list of domains for the solution content item.
verticals Sequence[str]: Specifies a list of industry verticals for the solution content item.

domains List<String>: Specifies a list of domains for the solution content item.
verticals List<String>: Specifies a list of industry verticals for the solution content item.

MetadataSource, MetadataSourceArgs

Kind string: The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
Id string: The id of the content source, the solution ID, Log Analytics Workspace name etc.
Name string: The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.

Kind string: The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
Id string: The id of the content source, the solution ID, Log Analytics Workspace name etc.
Name string: The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.

kind String: The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
id String: The id of the content source, the solution ID, Log Analytics Workspace name etc.
name String: The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.

kind string: The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
id string: The id of the content source, the solution ID, Log Analytics Workspace name etc.
name string: The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.

kind str: The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
id str: The id of the content source, the solution ID, Log Analytics Workspace name etc.
name str: The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.

kind String: The kind of the content source. Possible values are Community, LocalWorkspace, Solution and SourceRepository.
id String: The id of the content source, the solution ID, Log Analytics Workspace name etc.
name String: The name of the content source, repo name, solution name, Log Analytics Workspace name, etc.

MetadataSupport, MetadataSupportArgs

Tier string: The type of support for content item. Possible values are Microsoft, Partner and Community.
Email string: The email address of the support contact.
Link string: The link for support help.
Name string: The name of the support contact.

Tier string: The type of support for content item. Possible values are Microsoft, Partner and Community.
Email string: The email address of the support contact.
Link string: The link for support help.
Name string: The name of the support contact.

tier String: The type of support for content item. Possible values are Microsoft, Partner and Community.
email String: The email address of the support contact.
link String: The link for support help.
name String: The name of the support contact.

tier string: The type of support for content item. Possible values are Microsoft, Partner and Community.
email string: The email address of the support contact.
link string: The link for support help.
name string: The name of the support contact.

tier str: The type of support for content item. Possible values are Microsoft, Partner and Community.
email str: The email address of the support contact.
link str: The link for support help.
name str: The name of the support contact.

tier String: The type of support for content item. Possible values are Microsoft, Partner and Community.
email String: The email address of the support contact.
link String: The link for support help.
name String: The name of the support contact.

Import

Sentinel Metadata can be imported using the resource id, e.g.

$ pulumi import azure:sentinel/metadata:Metadata example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/metadata/metadata1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-azure

azure.sentinel.Metadata

On this page

On this page

Example Usage

Create Metadata Resource

Constructor syntax

Parameters

Constructor example

Metadata Resource Properties

Inputs

Outputs

Look up Existing Metadata Resource

Supporting Types

MetadataAuthor, MetadataAuthorArgs

MetadataCategory, MetadataCategoryArgs

MetadataSource, MetadataSourceArgs

MetadataSupport, MetadataSupportArgs

Import

Package Details

On this page

On this page