Microsoft Sentinel Watchlist Item

eduardoestevao · June 15, 2023, 9:36am

Hi,
I am trying to import our watchlists to terraform (creating config files), and from what I understood for every item in our watchlist we would need the following block:

resource "azurerm_sentinel_watchlist_item" "example" {
  name         = "0aac6fa5-223e-49cf-9bfd-3554dc9d2b76"
  watchlist_id = azurerm_sentinel_watchlist.example.id
  properties = {
    k1 = "v1"
    k2 = "v2"
  }

But if we have a watchlist with 10k items (list of IPs as an example) we would need this block for each one of the 10k IPs? is that correct? there is any other way to add items to watchlist? maybe from csv or any other way via terraform?

Thank you

findajay · August 8, 2023, 11:06am

You can use storage account to upload watchlist item. Create watchlists - Microsoft Sentinel | Microsoft Learn

Topic		Replies	Views
Having problem in creating azure ip-group resource Terraform azure	0	399	September 16, 2021
Sentinel through Terraform Azure azure	0	267	May 9, 2023
Help to create a condition to configure resources Terraform azure	6	1381	January 18, 2023
Terraform dynamic blocks and list of objects Terraform	1	186	September 14, 2024
Strange problem setting up a storage account Azure	3	160	October 20, 2024

Microsoft Sentinel Watchlist Item

Related topics