Watchlist interface
Represents a Watchlist in Azure Security Insights.
- Extends
Properties
| content |
The content type of the raw content. Example : text/csv or text/tsv |
| created | The time the watchlist was created |
| created |
Describes a user that created the watchlist |
| default |
The default duration of a watchlist (in ISO 8601 duration format) |
| description | A description of the watchlist |
| display |
The display name of the watchlist |
| is |
A flag that indicates if the watchlist is deleted or not |
| items |
The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. |
| labels | List of labels relevant to this watchlist |
| number |
The number of lines in a csv/tsv content to skip before the header |
| provider | The provider of the watchlist |
| raw |
The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint |
| source | The filename of the watchlist, called 'source' |
| source |
The sourceType of the watchlist |
| tenant |
The tenantId where the watchlist belongs to |
| updated | The last time the watchlist was updated |
| updated |
Describes a user that updated the watchlist |
| upload |
The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted |
| watchlist |
The alias of the watchlist |
| watchlist |
The id (a Guid) of the watchlist |
| watchlist |
The type of the watchlist |
Inherited Properties
| etag | Etag of the azure resource |
| id | Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} NOTE: This property will not be serialized. It can only be populated by the server. |
| name | The name of the resource NOTE: This property will not be serialized. It can only be populated by the server. |
| system |
Azure Resource Manager metadata containing createdBy and modifiedBy information. NOTE: This property will not be serialized. It can only be populated by the server. |
| type | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" NOTE: This property will not be serialized. It can only be populated by the server. |
Property Details
contentType
The content type of the raw content. Example : text/csv or text/tsv
contentType?: stringProperty Value
string
created
The time the watchlist was created
created?: DateProperty Value
Date
createdBy
defaultDuration
The default duration of a watchlist (in ISO 8601 duration format)
defaultDuration?: stringProperty Value
string
description
A description of the watchlist
description?: stringProperty Value
string
displayName
The display name of the watchlist
displayName?: stringProperty Value
string
isDeleted
A flag that indicates if the watchlist is deleted or not
isDeleted?: booleanProperty Value
boolean
itemsSearchKey
The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.
itemsSearchKey?: stringProperty Value
string
labels
List of labels relevant to this watchlist
labels?: string[]Property Value
string[]
numberOfLinesToSkip
The number of lines in a csv/tsv content to skip before the header
numberOfLinesToSkip?: numberProperty Value
number
provider
The provider of the watchlist
provider?: stringProperty Value
string
rawContent
The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint
rawContent?: stringProperty Value
string
source
The filename of the watchlist, called 'source'
source?: stringProperty Value
string
sourceType
The sourceType of the watchlist
sourceType?: stringProperty Value
string
tenantId
The tenantId where the watchlist belongs to
tenantId?: stringProperty Value
string
updated
The last time the watchlist was updated
updated?: DateProperty Value
Date
updatedBy
uploadStatus
The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted
uploadStatus?: stringProperty Value
string
watchlistAlias
The alias of the watchlist
watchlistAlias?: stringProperty Value
string
watchlistId
The id (a Guid) of the watchlist
watchlistId?: stringProperty Value
string
watchlistType
The type of the watchlist
watchlistType?: stringProperty Value
string
Inherited Property Details
etag
id
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} NOTE: This property will not be serialized. It can only be populated by the server.
id?: stringProperty Value
string
Inherited From ResourceWithEtag.id
name
The name of the resource NOTE: This property will not be serialized. It can only be populated by the server.
name?: stringProperty Value
string
Inherited From ResourceWithEtag.name
systemData
Azure Resource Manager metadata containing createdBy and modifiedBy information. NOTE: This property will not be serialized. It can only be populated by the server.
systemData?: SystemDataProperty Value
Inherited From ResourceWithEtag.systemData
type
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" NOTE: This property will not be serialized. It can only be populated by the server.
type?: stringProperty Value
string
Inherited From ResourceWithEtag.type
