Watchlist Class

Reference

Represents a Watchlist in Azure Security Insights.

Variables are only populated by the server, and will be ignored when sending a request.

Inheritance: azure.mgmt.securityinsight.models._models_py3.ResourceWithEtag

Watchlist

Constructor

Watchlist(*, etag: Optional[str] = None, watchlist_id: Optional[str] = None, display_name: Optional[str] = None, provider: Optional[str] = None, source: Optional[str] = None, source_type: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.SourceType]] = None, created: Optional[datetime.datetime] = None, updated: Optional[datetime.datetime] = None, created_by: Optional[azure.mgmt.securityinsight.models._models_py3.UserInfo] = None, updated_by: Optional[azure.mgmt.securityinsight.models._models_py3.UserInfo] = None, description: Optional[str] = None, watchlist_type: Optional[str] = None, watchlist_alias: Optional[str] = None, is_deleted: Optional[bool] = None, labels: Optional[List[str]] = None, default_duration: Optional[datetime.timedelta] = None, tenant_id: Optional[str] = None, number_of_lines_to_skip: Optional[int] = None, raw_content: Optional[str] = None, items_search_key: Optional[str] = None, content_type: Optional[str] = None, upload_status: Optional[str] = None, **kwargs)

Variables

id: str

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.

name: str

The name of the resource.

type: str

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".

system_data: SystemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

etag: str

Etag of the azure resource.

watchlist_id: str

The id (a Guid) of the watchlist.

display_name: str

The display name of the watchlist.

provider: str

The provider of the watchlist.

source: str

The filename of the watchlist, called 'source'.

source_type: str or SourceType

The sourceType of the watchlist. Possible values include: "Local file", "Remote storage".

created: datetime

The time the watchlist was created.

updated: datetime

The last time the watchlist was updated.

created_by: UserInfo

Describes a user that created the watchlist.

updated_by: UserInfo

Describes a user that updated the watchlist.

description: str

A description of the watchlist.

watchlist_type: str

The type of the watchlist.

watchlist_alias: str

The alias of the watchlist.

is_deleted: bool

A flag that indicates if the watchlist is deleted or not.

labels: list[str]

List of labels relevant to this watchlist.

default_duration: timedelta

The default duration of a watchlist (in ISO 8601 duration format).

tenant_id: str

The tenantId where the watchlist belongs to.

number_of_lines_to_skip: int

The number of lines in a csv/tsv content to skip before the header.

raw_content: str

The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint.

items_search_key: str

The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.

content_type: str

The content type of the raw content. Example : text/csv or text/tsv.

upload_status: str

The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted.

Watchlist Class

Constructor

Variables

Feedback