public void ThreatIntelligence_GetIndicator() { using (var context = MockContext.Start(this.GetType())) { var SecurityInsightsClient = TestHelper.GetSecurityInsightsClient(context); var ThreatIntelligenceId = Guid.NewGuid().ToString(); var ThreatTypes = new List <string>(); ThreatTypes.Add("unknown"); var ThreatIntelligenceProperties = new ThreatIntelligenceIndicatorModelForRequestBody() { DisplayName = "SDK Test", PatternType = "ipv4-addr", Pattern = "[ipv4-addr:value = '1.1.1.2']", ThreatTypes = ThreatTypes, ValidFrom = DateTime.Now.ToString(), Source = "Azure Sentinel", Confidence = 10 }; var FilteringCriteria = new ThreatIntelligenceFilteringCriteria() { PageSize = 10 }; var Indicator = SecurityInsightsClient.ThreatIntelligenceIndicator.CreateIndicator(TestHelper.ResourceGroup, TestHelper.WorkspaceName, ThreatIntelligenceProperties); var ThreatIntelligence = SecurityInsightsClient.ThreatIntelligenceIndicator.Get(TestHelper.ResourceGroup, TestHelper.WorkspaceName, Indicator.Name); ValidateThreatIntelligence(ThreatIntelligence); SecurityInsightsClient.ThreatIntelligenceIndicator.Delete(TestHelper.ResourceGroup, TestHelper.WorkspaceName, Indicator.Name); } }
/// <summary> /// Create a new threat intelligence indicator. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. The name is case insensitive. /// </param> /// <param name='workspaceName'> /// The name of the workspace. /// </param> /// <param name='threatIntelligenceProperties'> /// Properties of threat intelligence indicators to create and update. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <ThreatIntelligenceInformation> CreateIndicatorAsync(this IThreatIntelligenceIndicatorOperations operations, string resourceGroupName, string workspaceName, ThreatIntelligenceIndicatorModelForRequestBody threatIntelligenceProperties, CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.CreateIndicatorWithHttpMessagesAsync(resourceGroupName, workspaceName, threatIntelligenceProperties, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }
/// <summary> /// Create a new threat intelligence indicator. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. The name is case insensitive. /// </param> /// <param name='workspaceName'> /// The name of the workspace. /// </param> /// <param name='threatIntelligenceProperties'> /// Properties of threat intelligence indicators to create and update. /// </param> public static ThreatIntelligenceInformation CreateIndicator(this IThreatIntelligenceIndicatorOperations operations, string resourceGroupName, string workspaceName, ThreatIntelligenceIndicatorModelForRequestBody threatIntelligenceProperties) { return(operations.CreateIndicatorAsync(resourceGroupName, workspaceName, threatIntelligenceProperties).GetAwaiter().GetResult()); }
/// <summary> /// Replace tags added to a threat intelligence indicator. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. The name is case insensitive. /// </param> /// <param name='workspaceName'> /// The name of the workspace. /// </param> /// <param name='name'> /// Threat intelligence indicator name field. /// </param> /// <param name='threatIntelligenceReplaceTags'> /// Tags in the threat intelligence indicator to be replaced. /// </param> public static ThreatIntelligenceInformation ReplaceTags(this IThreatIntelligenceIndicatorOperations operations, string resourceGroupName, string workspaceName, string name, ThreatIntelligenceIndicatorModelForRequestBody threatIntelligenceReplaceTags) { return(operations.ReplaceTagsAsync(resourceGroupName, workspaceName, name, threatIntelligenceReplaceTags).GetAwaiter().GetResult()); }