public void ThreatIntelligence_GetIndicator()
{
using (var context = MockContext.Start(this.GetType()))
{
var SecurityInsightsClient = TestHelper.GetSecurityInsightsClient(context);
var ThreatIntelligenceId = Guid.NewGuid().ToString();
var ThreatTypes = new List <string>();
ThreatTypes.Add("unknown");
var ThreatIntelligenceProperties = new ThreatIntelligenceIndicatorModelForRequestBody()
{
DisplayName = "SDK Test",
PatternType = "ipv4-addr",
Pattern = "[ipv4-addr:value = '1.1.1.2']",
ThreatTypes = ThreatTypes,
ValidFrom = DateTime.Now.ToString(),
Source = "Azure Sentinel",
Confidence = 10
};
var FilteringCriteria = new ThreatIntelligenceFilteringCriteria()
{
PageSize = 10
};
var Indicator = SecurityInsightsClient.ThreatIntelligenceIndicator.CreateIndicator(TestHelper.ResourceGroup, TestHelper.WorkspaceName, ThreatIntelligenceProperties);
var ThreatIntelligence = SecurityInsightsClient.ThreatIntelligenceIndicator.Get(TestHelper.ResourceGroup, TestHelper.WorkspaceName, Indicator.Name);
ValidateThreatIntelligence(ThreatIntelligence);
SecurityInsightsClient.ThreatIntelligenceIndicator.Delete(TestHelper.ResourceGroup, TestHelper.WorkspaceName, Indicator.Name);
}
}
public void ThreatIntelligence_QueryIndicators()
{
using (var context = MockContext.Start(this.GetType()))
{
var SecurityInsightsClient = TestHelper.GetSecurityInsightsClient(context);
var ThreatIntelligenceProperties = GetThreatIntelligenceIndicatorModel();
var ThreatIntelligenceFilter = new ThreatIntelligenceFilteringCriteria()
{
ThreatTypes = new List <string>()
{
"unknown"
}
};
var Indicator = SecurityInsightsClient.ThreatIntelligenceIndicator.CreateIndicator(TestHelper.ResourceGroup, TestHelper.WorkspaceName, ThreatIntelligenceProperties);
var ThreatIntelligences = SecurityInsightsClient.ThreatIntelligenceIndicator.QueryIndicators(TestHelper.ResourceGroup, TestHelper.WorkspaceName, ThreatIntelligenceFilter);
ValidateThreatIntelligences(ThreatIntelligences);
SecurityInsightsClient.ThreatIntelligenceIndicator.Delete(TestHelper.ResourceGroup, TestHelper.WorkspaceName, Indicator.Name);
}
}
/// <summary>
/// Query threat intelligence indicators as per filtering criteria.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group. The name is case insensitive.
/// </param>
/// <param name='workspaceName'>
/// The name of the workspace.
/// </param>
/// <param name='threatIntelligenceFilteringCriteria'>
/// Filtering criteria for querying threat intelligence indicators.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <IPage <ThreatIntelligenceInformation> > QueryIndicatorsAsync(this IThreatIntelligenceIndicatorOperations operations, string resourceGroupName, string workspaceName, ThreatIntelligenceFilteringCriteria threatIntelligenceFilteringCriteria, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.QueryIndicatorsWithHttpMessagesAsync(resourceGroupName, workspaceName, threatIntelligenceFilteringCriteria, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
/// <summary>
/// Query threat intelligence indicators as per filtering criteria.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group. The name is case insensitive.
/// </param>
/// <param name='workspaceName'>
/// The name of the workspace.
/// </param>
/// <param name='threatIntelligenceFilteringCriteria'>
/// Filtering criteria for querying threat intelligence indicators.
/// </param>
public static IPage <ThreatIntelligenceInformation> QueryIndicators(this IThreatIntelligenceIndicatorOperations operations, string resourceGroupName, string workspaceName, ThreatIntelligenceFilteringCriteria threatIntelligenceFilteringCriteria)
{
return(operations.QueryIndicatorsAsync(resourceGroupName, workspaceName, threatIntelligenceFilteringCriteria).GetAwaiter().GetResult());
}
