Azure-Sentinel/Watchlists/Templates/WatchlistTemplate.json

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
      "workspaceName": {
          "type": "string",
          "metadata": {
              "description": "Workspace name for Log Analytics where Sentinel is setup"
          }
      },
        "watchlistdescription": {
            "type": "string",
            "metadata": {
                "description": "Describe what the Watchlist is for."
            }
        }
  },
    "resources": [
        {
        "name": "[concat(parameters('workspaceName'), '/Microsoft.SecurityInsights/ReferenceTemplate')]",
        "type": "Microsoft.OperationalInsights/workspaces/providers/Watchlists",
        "kind": "",
        "properties": {
            "displayName": "ReferenceTemplate",
            "source": "ReferenceTable.csv",
            "description": "[parameters('watchlistdescription')]",
            "provider": "Custom",
            "isDeleted": false,
            "labels": [
            ],
            "defaultDuration": "P1000Y",
            "contentType": "Text/Csv",
            "numberOfLinesToSkip": 0,
            "itemsSearchKey": "INSERTSEARCHKEYHERE",
            "rawContent": "INSERTSEARCHKEYHERE,SampleColumn1,SampleColumn2\r\nSamplevalue1,samplevalue2,samplevalue3\r\nsamplevalue4,samplevalue5,samplevalue6\r\n"
        },
        "apiVersion": "2022-08-01"
        }       
    ]
}