Product Packages - List
Gets all packages from the catalog. Expandable properties:
- properties/installed
- properties/packagedContent
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages?api-version=2025-03-01GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages?api-version=2025-03-01&$filter={$filter}&$orderby={$orderby}&$top={$top}&$skipToken={$skipToken}&$search={$search}URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
resource
|
path | True |
string minLength: 1maxLength: 90 |
The name of the resource group. The name is case insensitive. |
|
subscription
|
path | True |
string (uuid) |
The ID of the target subscription. The value must be an UUID. |
|
workspace
|
path | True |
string minLength: 1maxLength: 90 pattern: ^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$ |
The name of the workspace. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
|
$filter
|
query |
string |
Filters the results, based on a Boolean condition. Optional. |
|
|
$orderby
|
query |
string |
Sorts the results. Optional. |
|
|
$search
|
query |
string |
Searches for a substring in the response. Optional. |
|
|
$skip
|
query |
string |
Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. |
|
|
$top
|
query |
integer (int32) |
Returns only the first n results. Optional. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
OK |
|
| Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
Get all available packages.
Sample request
GET https://management.azure.com/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductPackages?api-version=2025-03-01&$search=midnight blizzard
Sample response
{
"value": [
{
"id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductPackages/str.azure-sentinel-solution-str",
"name": "str.azure-sentinel-solution-str",
"type": "Microsoft.SecurityInsights/contentproductpackages",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
"properties": {
"contentId": "str.azure-sentinel-solution-str",
"contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu",
"contentKind": "Solution",
"installedVersion": "2.0.0",
"version": "2.0.0",
"displayName": "str",
"source": {
"kind": "Solution",
"name": "str",
"sourceId": "str.azure-sentinel-solution-str"
},
"author": {
"name": "Microsoft",
"email": "support@microsoft.com"
},
"support": {
"tier": "Microsoft",
"name": "Microsoft Corporation",
"email": "support@microsoft.com",
"link": "https://support.microsoft.com/"
},
"dependencies": {
"criteria": [
{
"contentId": "strDataConnector",
"kind": "DataConnector",
"version": "2.0.0"
},
{
"contentId": "str-Parser",
"kind": "Parser",
"version": "2.0.0"
}
],
"operator": "AND"
},
"providers": [
"Microsoft"
],
"categories": {
"domains": [
"Security - Cloud Security"
],
"verticals": null
},
"firstPublishDate": "2022-04-01"
},
"systemData": {
"createdBy": "string",
"createdByType": "User",
"createdAt": "2020-04-27T21:53:29.0928001Z",
"lastModifiedBy": "string",
"lastModifiedByType": "User",
"lastModifiedAt": "2020-04-27T21:53:29.0928001Z"
}
}
]
}Definitions
| Name | Description |
|---|---|
|
Cloud |
Error response structure. |
|
Cloud |
Error details. |
|
created |
The type of identity that created the resource. |
| flag |
Flag indicates if this is a newly published package. |
| kind |
Type of the content item we depend on |
|
metadata |
Publisher or creator of the content item. |
|
metadata |
ies for the solution content item |
|
metadata |
Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies. |
|
metadata |
The original source of the content item, where it comes from. |
|
metadata |
Support information for the content item. |
| operator |
Operator used for list of dependencies in criteria array. |
|
package |
The package kind |
|
product |
List available packages. |
|
product |
Represents a Package in Azure Security Insights. |
|
source |
Source type of the content |
|
support |
Type of support for content item |
|
system |
Metadata pertaining to creation and last modification of the resource. |
CloudError
Error response structure.
| Name | Type | Description |
|---|---|---|
| error |
Error data |
CloudErrorBody
Error details.
| Name | Type | Description |
|---|---|---|
| code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
| message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| Application | |
| Key | |
| ManagedIdentity | |
| User |
flag
Flag indicates if this is a newly published package.
| Value | Description |
|---|---|
| false | |
| true |
kind
Type of the content item we depend on
| Value | Description |
|---|---|
| AnalyticsRule | |
| AnalyticsRuleTemplate | |
| AutomationRule | |
| AzureFunction | |
| DataConnector | |
| DataType | |
| HuntingQuery | |
| InvestigationQuery | |
| LogicAppsCustomConnector | |
| Notebook |
Jupyter Notebooks |
| Parser | |
| Playbook | |
| PlaybookTemplate | |
| ResourcesDataConnector |
The Codeless Connector Platform (CCP) Connectors |
| Solution | |
| Standalone |
one-off / standalone content contributed by community contributors |
| SummaryRule |
Summary rules perform batch processing directly in your Log Analytics workspace. |
| Watchlist | |
| WatchlistTemplate | |
| Workbook | |
| WorkbookTemplate |
metadataAuthor
Publisher or creator of the content item.
| Name | Type | Description |
|---|---|---|
|
string |
Email of author contact |
|
| link |
string |
Link for author/vendor page |
| name |
string |
Name of the author. Company or person. |
metadataCategories
ies for the solution content item
| Name | Type | Description |
|---|---|---|
| domains |
string[] |
domain for the solution content item |
| verticals |
string[] |
Industry verticals for the solution content item |
metadataDependencies
Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.
| Name | Type | Description |
|---|---|---|
| contentId |
string |
Id of the content item we depend on |
| criteria |
This is the list of dependencies we must fulfill, according to the AND/OR operator |
|
| kind |
Type of the content item we depend on |
|
| name |
string |
Name of the content item |
| operator |
Operator used for list of dependencies in criteria array. |
|
| version |
string |
Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. |
metadataSource
The original source of the content item, where it comes from.
| Name | Type | Description |
|---|---|---|
| kind |
Source type of the content |
|
| name |
string |
Name of the content source. The repo name, solution name, LA workspace name etc. |
| sourceId |
string |
ID of the content source. The solution ID, workspace ID, etc |
metadataSupport
Support information for the content item.
| Name | Type | Description |
|---|---|---|
|
string |
Email of support contact |
|
| link |
string |
Link for support help, like to support page to open a ticket etc. |
| name |
string |
Name of the support contact. Company or person. |
| tier |
Type of support for content item |
operator
Operator used for list of dependencies in criteria array.
| Value | Description |
|---|---|
| AND | |
| OR |
packageKind
The package kind
| Value | Description |
|---|---|
| Solution | |
| Standalone |
productPackageList
List available packages.
| Name | Type | Description |
|---|---|---|
| nextLink |
string |
URL to fetch the next set of packages. |
| value |
Array of packages. |
productPackageModel
Represents a Package in Azure Security Insights.
| Name | Type | Description |
|---|---|---|
| etag |
string |
Etag of the azure resource |
| id |
string (arm-id) |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| name |
string |
The name of the resource |
| properties.author |
The author of the package |
|
| properties.categories |
The categories of the package |
|
| properties.contentId |
string |
The content id of the package |
| properties.contentKind |
The package kind |
|
| properties.contentProductId |
string |
Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package |
| properties.contentSchemaVersion |
string |
The version of the content schema. |
| properties.dependencies |
The support tier of the package |
|
| properties.description |
string |
The description of the package |
| properties.displayName |
string |
The display name of the package |
| properties.firstPublishDate |
string (date) |
first publish date package item |
| properties.icon |
string |
the icon identifier. this id can later be fetched from the content metadata |
| properties.installedVersion |
string |
The version of the installed package, null or absent means not installed. |
| properties.isDeprecated |
Flag indicates if this template is deprecated |
|
| properties.isFeatured |
Flag indicates if this package is among the featured list. |
|
| properties.isNew |
Flag indicates if this is a newly published package. |
|
| properties.isPreview |
Flag indicates if this package is in preview. |
|
| properties.lastPublishDate |
string (date) |
last publish date for the package item |
| properties.metadataResourceId |
string (arm-id) |
The metadata resource id. |
| properties.packagedContent |
object |
The json of the ARM template to deploy. Expandable. |
| properties.providers |
string[] |
Providers for the package item |
| properties.publisherDisplayName |
string |
The publisher display name of the package |
| properties.source |
The source of the package |
|
| properties.support |
The support tier of the package |
|
| properties.threatAnalysisTactics |
string[] |
the tactics the resource covers |
| properties.threatAnalysisTechniques |
string[] |
the techniques the resource covers, these have to be aligned with the tactics being used |
| properties.version |
string |
the latest version number of the package |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
sourceKind
Source type of the content
| Value | Description |
|---|---|
| Community | |
| LocalWorkspace | |
| Solution | |
| SourceRepository |
supportTier
Type of support for content item
| Value | Description |
|---|---|
| Community | |
| Microsoft | |
| Partner |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string (date-time) |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string (date-time) |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |