Indicator interface
Represents an indicator in Azure Security Insights.
- Extends
Properties
| kind | The kind of the TI object |
| observables | The observables of this indicator |
Inherited Properties
| created |
The UserInfo of the user/entity which originally created this TI object. |
| data | The core STIX object that this TI object represents. |
| first |
The timestamp for the first time this object was ingested. |
| id | Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} |
| ingestion |
The ID of the rules version that was active when this TI object was last ingested. |
| last |
The timestamp for the last time this object was ingested. |
| last |
The UserInfo of the user/entity which last modified this TI object. |
| last |
The timestamp for the last time this TI object was updated. |
| last |
The name of the method/application that initiated the last write to this TI object. |
| name | The name of the resource |
| relationship |
A dictionary used to help follow relationships from this object to other STIX objects. The keys are field names from the STIX object (in the 'data' field), and the values are lists of sources that can be prepended to the object ID in order to efficiently locate the target TI object. |
| source | The source name for this TI object. |
| system |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
| type | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
Property Details
kind
The kind of the TI object
kind: "Indicator"Property Value
"Indicator"
observables
The observables of this indicator
observables?: IndicatorObservablesItem[]Property Value
Inherited Property Details
createdBy
The UserInfo of the user/entity which originally created this TI object.
createdBy?: UserInfoProperty Value
Inherited From TIObject.createdBy
data
The core STIX object that this TI object represents.
data?: Record<string, any>Property Value
Record<string, any>
Inherited From TIObject.data
firstIngestedTimeUtc
The timestamp for the first time this object was ingested.
firstIngestedTimeUtc?: DateProperty Value
Date
Inherited From TIObject.firstIngestedTimeUtc
id
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
id?: stringProperty Value
string
Inherited From TIObject.id
ingestionRulesVersion
The ID of the rules version that was active when this TI object was last ingested.
ingestionRulesVersion?: stringProperty Value
string
Inherited From TIObject.ingestionRulesVersion
lastIngestedTimeUtc
The timestamp for the last time this object was ingested.
lastIngestedTimeUtc?: DateProperty Value
Date
Inherited From TIObject.lastIngestedTimeUtc
lastModifiedBy
The UserInfo of the user/entity which last modified this TI object.
lastModifiedBy?: UserInfoProperty Value
Inherited From TIObject.lastModifiedBy
lastUpdatedDateTimeUtc
The timestamp for the last time this TI object was updated.
lastUpdatedDateTimeUtc?: DateProperty Value
Date
Inherited From TIObject.lastUpdatedDateTimeUtc
lastUpdateMethod
The name of the method/application that initiated the last write to this TI object.
lastUpdateMethod?: stringProperty Value
string
Inherited From TIObject.lastUpdateMethod
name
relationshipHints
A dictionary used to help follow relationships from this object to other STIX objects. The keys are field names from the STIX object (in the 'data' field), and the values are lists of sources that can be prepended to the object ID in order to efficiently locate the target TI object.
relationshipHints?: RelationshipHint[]Property Value
Inherited From TIObject.relationshipHints
source
The source name for this TI object.
source?: stringProperty Value
string
Inherited From TIObject.source
systemData
Azure Resource Manager metadata containing createdBy and modifiedBy information.
systemData?: SystemDataProperty Value
Inherited From TIObject.systemData
type
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
type?: stringProperty Value
string
Inherited From TIObject.type
