Watchlist Items - Get
Get a watchlist item.
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}?api-version=2024-03-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
resource
|
path | True |
string |
The name of the resource group. The name is case insensitive. |
subscription
|
path | True |
string |
The ID of the target subscription. |
watchlist
|
path | True |
string |
The watchlist alias |
watchlist
|
path | True |
string |
The watchlist item id (GUID) |
workspace
|
path | True |
string |
The name of the workspace. Regex pattern: |
api-version
|
query | True |
string |
The API version to use for this operation. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Get a watchlist item.
Sample request
GET https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset/watchlistItems/3f8901fe-63d9-4875-9ad5-9fb3b8105797?api-version=2024-03-01
Sample response
{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576",
"name": "fd37d325-7090-47fe-851a-5b5a00c3f576",
"etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"",
"type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems",
"properties": {
"watchlistItemType": "watchlist-item",
"watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576",
"tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797",
"isDeleted": false,
"created": "2021-02-04T12:27:32.3783333-08:00",
"updated": "2021-02-04T12:27:32.3783333-08:00",
"createdBy": {
"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
"email": "john@contoso.com",
"name": "john doe"
},
"updatedBy": {
"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
"email": "john@contoso.com",
"name": "john doe"
},
"itemsKeyValue": {
"Header-1": "v1_1",
"Header-2": "v1_2",
"Header-3": "v1_3",
"Header-4": "v1_4",
"Header-5": "v1_5"
},
"entityMapping": {}
}
}
Definitions
Name | Description |
---|---|
Cloud |
Error response structure. |
Cloud |
Error details. |
created |
The type of identity that created the resource. |
system |
Metadata pertaining to creation and last modification of the resource. |
User |
User information that made some action |
Watchlist |
Represents a Watchlist Item in Azure Security Insights. |
CloudError
Error response structure.
Name | Type | Description |
---|---|---|
error |
Error data |
CloudErrorBody
Error details.
Name | Type | Description |
---|---|---|
code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
createdByType
The type of identity that created the resource.
Name | Type | Description |
---|---|---|
Application |
string |
|
Key |
string |
|
ManagedIdentity |
string |
|
User |
string |
systemData
Metadata pertaining to creation and last modification of the resource.
Name | Type | Description |
---|---|---|
createdAt |
string |
The timestamp of resource creation (UTC). |
createdBy |
string |
The identity that created the resource. |
createdByType |
The type of identity that created the resource. |
|
lastModifiedAt |
string |
The timestamp of resource last modification (UTC) |
lastModifiedBy |
string |
The identity that last modified the resource. |
lastModifiedByType |
The type of identity that last modified the resource. |
UserInfo
User information that made some action
Name | Type | Description |
---|---|---|
string |
The email of the user. |
|
name |
string |
The name of the user. |
objectId |
string |
The object id of the user. |
WatchlistItem
Represents a Watchlist Item in Azure Security Insights.
Name | Type | Description |
---|---|---|
etag |
string |
Etag of the azure resource |
id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name |
string |
The name of the resource |
properties.created |
string |
The time the watchlist item was created |
properties.createdBy |
Describes a user that created the watchlist item |
|
properties.entityMapping |
object |
key-value pairs for a watchlist item entity mapping |
properties.isDeleted |
boolean |
A flag that indicates if the watchlist item is deleted or not |
properties.itemsKeyValue |
object |
key-value pairs for a watchlist item |
properties.tenantId |
string |
The tenantId to which the watchlist item belongs to |
properties.updated |
string |
The last time the watchlist item was updated |
properties.updatedBy |
Describes a user that updated the watchlist item |
|
properties.watchlistItemId |
string |
The id (a Guid) of the watchlist item |
properties.watchlistItemType |
string |
The type of the watchlist item |
systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |