<?xml version='1.0' encoding='utf-8'?> <CodeGen plane="mgmt-plane"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/threatintelligence/main/queryindicators" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvdGhyZWF0SW50ZWxsaWdlbmNlL21haW4vcXVlcnlJbmRpY2F0b3Jz/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <commandGroup name="sentinel threat-indicator"> <command name="query" version="2022-06-01-preview"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/threatintelligence/main/queryindicators" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvdGhyZWF0SW50ZWxsaWdlbmNlL21haW4vcXVlcnlJbmRpY2F0b3Jz/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True"/> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <argGroup name="ThreatIntelligenceFilteringCriteria"> <arg type="array<string>" var="$ThreatIntelligenceFilteringCriteria.ids" options="ids" group="ThreatIntelligenceFilteringCriteria"> <help short="Ids of threat intelligence indicators"/> <item type="string"/> </arg> <arg type="boolean" var="$ThreatIntelligenceFilteringCriteria.includeDisabled" options="include-disabled" group="ThreatIntelligenceFilteringCriteria"> <help short="Parameter to include/exclude disabled indicators."/> </arg> <arg type="array<string>" var="$ThreatIntelligenceFilteringCriteria.keywords" options="keywords" group="ThreatIntelligenceFilteringCriteria"> <help short="Keywords for searching threat intelligence indicators"/> <item type="string"/> </arg> <arg type="integer32" var="$ThreatIntelligenceFilteringCriteria.maxConfidence" options="max-confidence" group="ThreatIntelligenceFilteringCriteria"> <help short="Maximum confidence."/> </arg> <arg type="string" var="$ThreatIntelligenceFilteringCriteria.maxValidUntil" options="max-valid-until" group="ThreatIntelligenceFilteringCriteria"> <help short="End time for ValidUntil filter."/> </arg> <arg type="integer32" var="$ThreatIntelligenceFilteringCriteria.minConfidence" options="min-confidence" group="ThreatIntelligenceFilteringCriteria"> <help short="Minimum confidence."/> </arg> <arg type="string" var="$ThreatIntelligenceFilteringCriteria.minValidUntil" options="min-valid-until" group="ThreatIntelligenceFilteringCriteria"> <help short="Start time for ValidUntil filter."/> </arg> <arg type="integer32" var="$ThreatIntelligenceFilteringCriteria.pageSize" options="page-size" group="ThreatIntelligenceFilteringCriteria"> <help short="Page size"/> </arg> <arg type="array<string>" var="$ThreatIntelligenceFilteringCriteria.patternTypes" options="pattern-types" group="ThreatIntelligenceFilteringCriteria"> <help short="Pattern types"/> <item type="string"/> </arg> <arg type="string" var="$ThreatIntelligenceFilteringCriteria.skipToken" options="skip-token" group="ThreatIntelligenceFilteringCriteria"> <help short="Skip token."/> </arg> <arg type="array<object>" var="$ThreatIntelligenceFilteringCriteria.sortBy" options="sort-by" group="ThreatIntelligenceFilteringCriteria"> <help short="Columns to sort by and sorting order"/> <item type="object"> <arg type="string" var="$ThreatIntelligenceFilteringCriteria.sortBy[].itemKey" options="item-key"> <help short="Column name"/> </arg> <arg type="string" var="$ThreatIntelligenceFilteringCriteria.sortBy[].sortOrder" options="sort-order"> <help short="Sorting order (ascending/descending/unsorted)."/> <enum> <item name="ascending" value="&quot;ascending&quot;"/> <item name="descending" value="&quot;descending&quot;"/> <item name="unsorted" value="&quot;unsorted&quot;"/> </enum> </arg> </item> </arg> <arg type="array<string>" var="$ThreatIntelligenceFilteringCriteria.sources" options="sources" group="ThreatIntelligenceFilteringCriteria"> <help short="Sources of threat intelligence indicators"/> <item type="string"/> </arg> <arg type="array<string>" var="$ThreatIntelligenceFilteringCriteria.threatTypes" options="threat-types" group="ThreatIntelligenceFilteringCriteria"> <help short="Threat types of threat intelligence indicators"/> <item type="string"/> </arg> </argGroup> <operation operationId="ThreatIntelligenceIndicator_QueryIndicators"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators"> <request method="post"> <path> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value="&quot;2022-06-01-preview&quot;"/> <format minLength="1"/> </const> </query> <body> <json> <schema type="object" name="ThreatIntelligenceFilteringCriteria" required="True" clientFlatten="True"> <prop type="array<string>" name="ids" arg="$ThreatIntelligenceFilteringCriteria.ids"> <item type="string"/> </prop> <prop type="boolean" name="includeDisabled" arg="$ThreatIntelligenceFilteringCriteria.includeDisabled"/> <prop type="array<string>" name="keywords" arg="$ThreatIntelligenceFilteringCriteria.keywords"> <item type="string"/> </prop> <prop type="integer32" name="maxConfidence" arg="$ThreatIntelligenceFilteringCriteria.maxConfidence"/> <prop type="string" name="maxValidUntil" arg="$ThreatIntelligenceFilteringCriteria.maxValidUntil"/> <prop type="integer32" name="minConfidence" arg="$ThreatIntelligenceFilteringCriteria.minConfidence"/> <prop type="string" name="minValidUntil" arg="$ThreatIntelligenceFilteringCriteria.minValidUntil"/> <prop type="integer32" name="pageSize" arg="$ThreatIntelligenceFilteringCriteria.pageSize"/> <prop type="array<string>" name="patternTypes" arg="$ThreatIntelligenceFilteringCriteria.patternTypes"> <item type="string"/> </prop> <prop type="string" name="skipToken" arg="$ThreatIntelligenceFilteringCriteria.skipToken"/> <prop type="array<object>" name="sortBy" arg="$ThreatIntelligenceFilteringCriteria.sortBy"> <item type="object"> <prop type="string" name="itemKey" arg="$ThreatIntelligenceFilteringCriteria.sortBy[].itemKey"/> <prop type="string" name="sortOrder" arg="$ThreatIntelligenceFilteringCriteria.sortBy[].sortOrder"> <enum> <item value="&quot;ascending&quot;"/> <item value="&quot;descending&quot;"/> <item value="&quot;unsorted&quot;"/> </enum> </prop> </item> </prop> <prop type="array<string>" name="sources" arg="$ThreatIntelligenceFilteringCriteria.sources"> <item type="string"/> </prop> <prop type="array<string>" name="threatTypes" arg="$ThreatIntelligenceFilteringCriteria.threatTypes"> <item type="string"/> </prop> </schema> </json> </body> </request> <response statusCode="200"> <body> <json var="$Instance"> <schema type="object"> <prop readOnly="True" type="string" name="nextLink"/> <prop type="array<object>" name="value" required="True"> <item type="object"> <prop type="string" name="etag"/> <prop readOnly="True" type="ResourceId" name="id"> <format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{}"/> </prop> <prop type="string" name="kind" required="True"> <enum> <item value="&quot;indicator&quot;"/> </enum> </prop> <prop readOnly="True" type="string" name="name"/> <prop readOnly="True" type="object" name="systemData"> <prop readOnly="True" type="dateTime" name="createdAt"/> <prop readOnly="True" type="string" name="createdBy"/> <prop readOnly="True" type="string" name="createdByType"> <enum> <item value="&quot;Application&quot;"/> <item value="&quot;Key&quot;"/> <item value="&quot;ManagedIdentity&quot;"/> <item value="&quot;User&quot;"/> </enum> </prop> <prop readOnly="True" type="dateTime" name="lastModifiedAt"/> <prop readOnly="True" type="string" name="lastModifiedBy"/> <prop readOnly="True" type="string" name="lastModifiedByType"> <enum> <item value="&quot;Application&quot;"/> <item value="&quot;Key&quot;"/> <item value="&quot;ManagedIdentity&quot;"/> <item value="&quot;User&quot;"/> </enum> </prop> </prop> <prop readOnly="True" type="string" name="type"/> <discriminator property="kind" value="indicator"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop type="integer32" name="confidence"/> <prop type="string" name="created"/> <prop type="string" name="createdByRef"/> <prop type="boolean" name="defanged"/> <prop type="string" name="description"/> <prop type="string" name="displayName"/> <prop type="string" name="externalId"/> <prop type="string" name="externalLastUpdatedTimeUtc"/> <prop type="array<object>" name="externalReferences"> <item type="object"> <prop type="string" name="description"/> <prop type="string" name="externalId"/> <prop type="object" name="hashes"> <additionalProp> <item type="string"/> </additionalProp> </prop> <prop type="string" name="sourceName"/> <prop type="string" name="url"/> </item> </prop> <prop readOnly="True" type="string" name="friendlyName"/> <prop type="array<object>" name="granularMarkings"> <item type="object"> <prop type="string" name="language"/> <prop type="integer32" name="markingRef"/> <prop type="array<string>" name="selectors"> <item type="string"/> </prop> </item> </prop> <prop type="array<string>" name="indicatorTypes"> <item type="string"/> </prop> <prop type="array<object>" name="killChainPhases"> <item type="object"> <prop type="string" name="killChainName"/> <prop type="string" name="phaseName"/> </item> </prop> <prop type="array<string>" name="labels"> <item type="string"/> </prop> <prop type="string" name="language"/> <prop type="string" name="lastUpdatedTimeUtc"/> <prop type="string" name="modified"/> <prop type="array<string>" name="objectMarkingRefs"> <item type="string"/> </prop> <prop type="array<object>" name="parsedPattern"> <item type="object"> <prop type="string" name="patternTypeKey"/> <prop type="array<object>" name="patternTypeValues"> <item type="object"> <prop type="string" name="value"/> <prop type="string" name="valueType"/> </item> </prop> </item> </prop> <prop type="string" name="pattern"/> <prop type="string" name="patternType"/> <prop type="string" name="patternVersion"/> <prop type="boolean" name="revoked"/> <prop type="string" name="source"/> <prop type="array<string>" name="threatIntelligenceTags"> <item type="string"/> </prop> <prop type="array<string>" name="threatTypes"> <item type="string"/> </prop> <prop type="string" name="validFrom"/> <prop type="string" name="validUntil"/> </prop> </discriminator> </item> </prop> </schema> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <output type="array" ref="$Instance.value" clientFlatten="True" nextLink="$Instance.nextLink"/> </command> </commandGroup> </CodeGen>