Skip to content

Latest commit

 

History

History
213 lines (156 loc) · 6.56 KB

chronicle_watchlist.html.markdown

File metadata and controls

213 lines (156 loc) · 6.56 KB
subcategory description
Chronicle
A watchlist is a list of entities that allows for bulk operations over the included entities.

google_chronicle_watchlist

A watchlist is a list of entities that allows for bulk operations over the included entities.

~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.

To get more information about Watchlist, see:

Example Usage - Chronicle Watchlist Basic

resource "google_chronicle_watchlist" "example" {
  provider = "google-beta"
  location = "us"
  instance = "00000000-0000-0000-0000-000000000000"
  watchlist_id = "watchlist-id"
  description = "watchlist-description"
  display_name = "watchlist_name"
  multiplying_factor = 1
  entity_population_mechanism {
    manual {

    }
  }
  watchlist_user_preferences {
    pinned = true
  }
}

Example Usage - Chronicle Watchlist Without Id

resource "google_chronicle_watchlist" "example" {
  provider = "google-beta"
  location = "us"
  instance = "00000000-0000-0000-0000-000000000000"
  description = "watchlist-description"
  display_name = "watchlist-name"
  multiplying_factor = 1
  entity_population_mechanism {
    manual {

    }
  }
  watchlist_user_preferences {
    pinned = true
  }
}

Argument Reference

The following arguments are supported:

  • display_name - (Required) Required. Display name of the watchlist. Note that it must be at least one character and less than 63 characters (https://google.aip.dev/148).

  • entity_population_mechanism - (Required) Mechanism to populate entities in the watchlist. Structure is documented below.

  • location - (Required) The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".

  • instance - (Required) The unique identifier for the Chronicle instance, which is the same as the customer ID.

The entity_population_mechanism block supports:

  • manual - (Optional) Entities are added manually.

  • multiplying_factor - (Optional) Optional. Weight applied to the risk score for entities in this watchlist. The default is 1.0 if it is not specified.

  • description - (Optional) Optional. Description of the watchlist.

  • watchlist_user_preferences - (Optional) A collection of user preferences for watchlist UI configuration. Structure is documented below.

  • watchlist_id - (Optional) Optional. The ID to use for the watchlist, which will become the final component of the watchlist's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The watchlist_user_preferences block supports:

  • pinned - (Optional) Optional. Whether the watchlist is pinned on the dashboard.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{instance}}/watchlists/{{watchlist_id}}

  • name - Identifier. Resource name of the watchlist. This unique identifier is generated using values provided for the URL parameters. Format: projects/{project}/locations/{location}/instances/{instance}/watchlists/{watchlist}

  • create_time - Output only. Time the watchlist was created.

  • update_time - Output only. Time the watchlist was last updated.

  • entity_count - Count of different types of entities in the watchlist. Structure is documented below.

The entity_count block contains:

  • user - (Output) Output only. Count of user type entities in the watchlist.

  • asset - (Output) Output only. Count of asset type entities in the watchlist.

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

Watchlist can be imported using any of these accepted formats:

  • projects/{{project}}/locations/{{location}}/instances/{{instance}}/watchlists/{{watchlist_id}}
  • {{project}}/{{location}}/{{instance}}/{{watchlist_id}}
  • {{location}}/{{instance}}/{{watchlist_id}}

In Terraform v1.5.0 and later, use an import block to import Watchlist using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/instances/{{instance}}/watchlists/{{watchlist_id}}"
  to = google_chronicle_watchlist.default
}

When using the terraform import command, Watchlist can be imported using one of the formats above. For example:

$ terraform import google_chronicle_watchlist.default projects/{{project}}/locations/{{location}}/instances/{{instance}}/watchlists/{{watchlist_id}}
$ terraform import google_chronicle_watchlist.default {{project}}/{{location}}/{{instance}}/{{watchlist_id}}
$ terraform import google_chronicle_watchlist.default {{location}}/{{instance}}/{{watchlist_id}}

User Project Overrides

This resource supports User Project Overrides.