Watchlist Items - Get

Get a watchlist item.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}?api-version=2024-03-01

URI Parameters

Name In Required Type Description
resourceGroupName
path True

string

The name of the resource group. The name is case insensitive.

subscriptionId
path True

string

The ID of the target subscription.

watchlistAlias
path True

string

The watchlist alias

watchlistItemId
path True

string

The watchlist item id (GUID)

workspaceName
path True

string

The name of the workspace.

Regex pattern: ^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$

api-version
query True

string

The API version to use for this operation.

Responses

Name Type Description
200 OK

WatchlistItem

OK

Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Get a watchlist item.

Sample request

GET https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset/watchlistItems/3f8901fe-63d9-4875-9ad5-9fb3b8105797?api-version=2024-03-01

Sample response

{
  "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576",
  "name": "fd37d325-7090-47fe-851a-5b5a00c3f576",
  "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"",
  "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems",
  "properties": {
    "watchlistItemType": "watchlist-item",
    "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576",
    "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797",
    "isDeleted": false,
    "created": "2021-02-04T12:27:32.3783333-08:00",
    "updated": "2021-02-04T12:27:32.3783333-08:00",
    "createdBy": {
      "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
      "email": "john@contoso.com",
      "name": "john doe"
    },
    "updatedBy": {
      "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
      "email": "john@contoso.com",
      "name": "john doe"
    },
    "itemsKeyValue": {
      "Header-1": "v1_1",
      "Header-2": "v1_2",
      "Header-3": "v1_3",
      "Header-4": "v1_4",
      "Header-5": "v1_5"
    },
    "entityMapping": {}
  }
}

Definitions

Name Description
CloudError

Error response structure.

CloudErrorBody

Error details.

createdByType

The type of identity that created the resource.

systemData

Metadata pertaining to creation and last modification of the resource.

UserInfo

User information that made some action

WatchlistItem

Represents a Watchlist Item in Azure Security Insights.

CloudError

Error response structure.

Name Type Description
error

CloudErrorBody

Error data

CloudErrorBody

Error details.

Name Type Description
code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

message

string

A message describing the error, intended to be suitable for display in a user interface.

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The timestamp of resource last modification (UTC)

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.

UserInfo

User information that made some action

Name Type Description
email

string

The email of the user.

name

string

The name of the user.

objectId

string

The object id of the user.

WatchlistItem

Represents a Watchlist Item in Azure Security Insights.

Name Type Description
etag

string

Etag of the azure resource

id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

name

string

The name of the resource

properties.created

string

The time the watchlist item was created

properties.createdBy

UserInfo

Describes a user that created the watchlist item

properties.entityMapping

object

key-value pairs for a watchlist item entity mapping

properties.isDeleted

boolean

A flag that indicates if the watchlist item is deleted or not

properties.itemsKeyValue

object

key-value pairs for a watchlist item

properties.tenantId

string

The tenantId to which the watchlist item belongs to

properties.updated

string

The last time the watchlist item was updated

properties.updatedBy

UserInfo

Describes a user that updated the watchlist item

properties.watchlistItemId

string

The id (a Guid) of the watchlist item

properties.watchlistItemType

string

The type of the watchlist item

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"