public void ThreatIntelligence_GetIndicator()
{
using (var context = MockContext.Start(this.GetType()))
{
var SecurityInsightsClient = TestHelper.GetSecurityInsightsClient(context);
var ThreatIntelligenceId = Guid.NewGuid().ToString();
var ThreatTypes = new List <string>();
ThreatTypes.Add("unknown");
var ThreatIntelligenceProperties = new ThreatIntelligenceIndicatorModelForRequestBody()
{
DisplayName = "SDK Test",
PatternType = "ipv4-addr",
Pattern = "[ipv4-addr:value = '1.1.1.2']",
ThreatTypes = ThreatTypes,
ValidFrom = DateTime.Now.ToString(),
Source = "Azure Sentinel",
Confidence = 10
};
var FilteringCriteria = new ThreatIntelligenceFilteringCriteria()
{
PageSize = 10
};
var Indicator = SecurityInsightsClient.ThreatIntelligenceIndicator.CreateIndicator(TestHelper.ResourceGroup, TestHelper.WorkspaceName, ThreatIntelligenceProperties);
var ThreatIntelligence = SecurityInsightsClient.ThreatIntelligenceIndicator.Get(TestHelper.ResourceGroup, TestHelper.WorkspaceName, Indicator.Name);
ValidateThreatIntelligence(ThreatIntelligence);
SecurityInsightsClient.ThreatIntelligenceIndicator.Delete(TestHelper.ResourceGroup, TestHelper.WorkspaceName, Indicator.Name);
}
}
/// <summary>
/// Create a new threat intelligence indicator.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group. The name is case insensitive.
/// </param>
/// <param name='workspaceName'>
/// The name of the workspace.
/// </param>
/// <param name='threatIntelligenceProperties'>
/// Properties of threat intelligence indicators to create and update.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <ThreatIntelligenceInformation> CreateIndicatorAsync(this IThreatIntelligenceIndicatorOperations operations, string resourceGroupName, string workspaceName, ThreatIntelligenceIndicatorModelForRequestBody threatIntelligenceProperties, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.CreateIndicatorWithHttpMessagesAsync(resourceGroupName, workspaceName, threatIntelligenceProperties, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
/// <summary>
/// Create a new threat intelligence indicator.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group. The name is case insensitive.
/// </param>
/// <param name='workspaceName'>
/// The name of the workspace.
/// </param>
/// <param name='threatIntelligenceProperties'>
/// Properties of threat intelligence indicators to create and update.
/// </param>
public static ThreatIntelligenceInformation CreateIndicator(this IThreatIntelligenceIndicatorOperations operations, string resourceGroupName, string workspaceName, ThreatIntelligenceIndicatorModelForRequestBody threatIntelligenceProperties)
{
return(operations.CreateIndicatorAsync(resourceGroupName, workspaceName, threatIntelligenceProperties).GetAwaiter().GetResult());
}
/// <summary>
/// Replace tags added to a threat intelligence indicator.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group. The name is case insensitive.
/// </param>
/// <param name='workspaceName'>
/// The name of the workspace.
/// </param>
/// <param name='name'>
/// Threat intelligence indicator name field.
/// </param>
/// <param name='threatIntelligenceReplaceTags'>
/// Tags in the threat intelligence indicator to be replaced.
/// </param>
public static ThreatIntelligenceInformation ReplaceTags(this IThreatIntelligenceIndicatorOperations operations, string resourceGroupName, string workspaceName, string name, ThreatIntelligenceIndicatorModelForRequestBody threatIntelligenceReplaceTags)
{
return(operations.ReplaceTagsAsync(resourceGroupName, workspaceName, name, threatIntelligenceReplaceTags).GetAwaiter().GetResult());
}
