public void ThreatIntelligence_GetIndicator() { using (var context = MockContext.Start(this.GetType())) { var SecurityInsightsClient = TestHelper.GetSecurityInsightsClient(context); var ThreatIntelligenceId = Guid.NewGuid().ToString(); var ThreatTypes = new List <string>(); ThreatTypes.Add("unknown"); var ThreatIntelligenceProperties = new ThreatIntelligenceIndicatorModelForRequestBody() { DisplayName = "SDK Test", PatternType = "ipv4-addr", Pattern = "[ipv4-addr:value = '1.1.1.2']", ThreatTypes = ThreatTypes, ValidFrom = DateTime.Now.ToString(), Source = "Azure Sentinel", Confidence = 10 }; var FilteringCriteria = new ThreatIntelligenceFilteringCriteria() { PageSize = 10 }; var Indicator = SecurityInsightsClient.ThreatIntelligenceIndicator.CreateIndicator(TestHelper.ResourceGroup, TestHelper.WorkspaceName, ThreatIntelligenceProperties); var ThreatIntelligence = SecurityInsightsClient.ThreatIntelligenceIndicator.Get(TestHelper.ResourceGroup, TestHelper.WorkspaceName, Indicator.Name); ValidateThreatIntelligence(ThreatIntelligence); SecurityInsightsClient.ThreatIntelligenceIndicator.Delete(TestHelper.ResourceGroup, TestHelper.WorkspaceName, Indicator.Name); } }
public void ThreatIntelligence_QueryIndicators() { using (var context = MockContext.Start(this.GetType())) { var SecurityInsightsClient = TestHelper.GetSecurityInsightsClient(context); var ThreatIntelligenceProperties = GetThreatIntelligenceIndicatorModel(); var ThreatIntelligenceFilter = new ThreatIntelligenceFilteringCriteria() { ThreatTypes = new List <string>() { "unknown" } }; var Indicator = SecurityInsightsClient.ThreatIntelligenceIndicator.CreateIndicator(TestHelper.ResourceGroup, TestHelper.WorkspaceName, ThreatIntelligenceProperties); var ThreatIntelligences = SecurityInsightsClient.ThreatIntelligenceIndicator.QueryIndicators(TestHelper.ResourceGroup, TestHelper.WorkspaceName, ThreatIntelligenceFilter); ValidateThreatIntelligences(ThreatIntelligences); SecurityInsightsClient.ThreatIntelligenceIndicator.Delete(TestHelper.ResourceGroup, TestHelper.WorkspaceName, Indicator.Name); } }
/// <summary> /// Query threat intelligence indicators as per filtering criteria. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. The name is case insensitive. /// </param> /// <param name='workspaceName'> /// The name of the workspace. /// </param> /// <param name='threatIntelligenceFilteringCriteria'> /// Filtering criteria for querying threat intelligence indicators. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <IPage <ThreatIntelligenceInformation> > QueryIndicatorsAsync(this IThreatIntelligenceIndicatorOperations operations, string resourceGroupName, string workspaceName, ThreatIntelligenceFilteringCriteria threatIntelligenceFilteringCriteria, CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.QueryIndicatorsWithHttpMessagesAsync(resourceGroupName, workspaceName, threatIntelligenceFilteringCriteria, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }
/// <summary> /// Query threat intelligence indicators as per filtering criteria. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. The name is case insensitive. /// </param> /// <param name='workspaceName'> /// The name of the workspace. /// </param> /// <param name='threatIntelligenceFilteringCriteria'> /// Filtering criteria for querying threat intelligence indicators. /// </param> public static IPage <ThreatIntelligenceInformation> QueryIndicators(this IThreatIntelligenceIndicatorOperations operations, string resourceGroupName, string workspaceName, ThreatIntelligenceFilteringCriteria threatIntelligenceFilteringCriteria) { return(operations.QueryIndicatorsAsync(resourceGroupName, workspaceName, threatIntelligenceFilteringCriteria).GetAwaiter().GetResult()); }