diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go index b3dbd8e93239..7f6024093c40 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go @@ -38,9 +38,9 @@ const ( type AlertRuleKind = original.AlertRuleKind const ( - Filter AlertRuleKind = original.Filter - Fusion AlertRuleKind = original.Fusion - Scheduled AlertRuleKind = original.Scheduled + Fusion AlertRuleKind = original.Fusion + MicrosoftSecurityIncidentCreation AlertRuleKind = original.MicrosoftSecurityIncidentCreation + Scheduled AlertRuleKind = original.Scheduled ) type AlertSeverity = original.AlertSeverity @@ -72,6 +72,7 @@ const ( Discovery AttackTactic = original.Discovery Execution AttackTactic = original.Execution Exfiltration AttackTactic = original.Exfiltration + Impact AttackTactic = original.Impact InitialAccess AttackTactic = original.InitialAccess LateralMovement AttackTactic = original.LateralMovement Persistence AttackTactic = original.Persistence @@ -124,6 +125,13 @@ const ( NotFinal ConfidenceScoreStatus = original.NotFinal ) +type DataConnectorAuthorizationState = original.DataConnectorAuthorizationState + +const ( + Invalid DataConnectorAuthorizationState = original.Invalid + Valid DataConnectorAuthorizationState = original.Valid +) + type DataConnectorKind = original.DataConnectorKind const ( @@ -137,6 +145,19 @@ const ( DataConnectorKindThreatIntelligence DataConnectorKind = original.DataConnectorKindThreatIntelligence ) +type DataConnectorLicenseState = original.DataConnectorLicenseState + +const ( + DataConnectorLicenseStateAADP1OrP2LicenseRequired DataConnectorLicenseState = original.DataConnectorLicenseStateAADP1OrP2LicenseRequired + DataConnectorLicenseStateAzureAdvancedThreatProtectionLicenseRequired DataConnectorLicenseState = original.DataConnectorLicenseStateAzureAdvancedThreatProtectionLicenseRequired + DataConnectorLicenseStateAzureInformationProtectionLicenseRequired DataConnectorLicenseState = original.DataConnectorLicenseStateAzureInformationProtectionLicenseRequired + DataConnectorLicenseStateMicrosoftCloudAppSecurityLicenseRequired DataConnectorLicenseState = original.DataConnectorLicenseStateMicrosoftCloudAppSecurityLicenseRequired + DataConnectorLicenseStateMicrosoftDefenderAdvancedThreatProtectionEnableRequired DataConnectorLicenseState = original.DataConnectorLicenseStateMicrosoftDefenderAdvancedThreatProtectionEnableRequired + DataConnectorLicenseStateSubscriptionStandardTierLicenseRequired DataConnectorLicenseState = original.DataConnectorLicenseStateSubscriptionStandardTierLicenseRequired + DataConnectorLicenseStateUnknown DataConnectorLicenseState = original.DataConnectorLicenseStateUnknown + DataConnectorLicenseStateValid DataConnectorLicenseState = original.DataConnectorLicenseStateValid +) + type DataTypeState = original.DataTypeState const ( @@ -233,24 +254,26 @@ const ( type Kind = original.Kind const ( - KindAlertRule Kind = original.KindAlertRule - KindScheduled Kind = original.KindScheduled + KindAggregations Kind = original.KindAggregations + KindCasesAggregation Kind = original.KindCasesAggregation ) -type KindBasicAggregations = original.KindBasicAggregations +type KindBasicAlertRule = original.KindBasicAlertRule const ( - KindAggregations KindBasicAggregations = original.KindAggregations - KindCasesAggregation KindBasicAggregations = original.KindCasesAggregation + KindAlertRule KindBasicAlertRule = original.KindAlertRule + KindFusion KindBasicAlertRule = original.KindFusion + KindMicrosoftSecurityIncidentCreation KindBasicAlertRule = original.KindMicrosoftSecurityIncidentCreation + KindScheduled KindBasicAlertRule = original.KindScheduled ) type KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplate const ( - KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindAlertRuleTemplate - KindBasicAlertRuleTemplateKindFilter KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindFilter - KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindFusion - KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindScheduled + KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindAlertRuleTemplate + KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindFusion + KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation + KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindScheduled ) type KindBasicDataConnector = original.KindBasicDataConnector @@ -303,6 +326,15 @@ const ( LicenseStatusEnabled LicenseStatus = original.LicenseStatusEnabled ) +type MicrosoftSecurityProductName = original.MicrosoftSecurityProductName + +const ( + AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = original.AzureActiveDirectoryIdentityProtection + AzureAdvancedThreatProtection MicrosoftSecurityProductName = original.AzureAdvancedThreatProtection + AzureSecurityCenter MicrosoftSecurityProductName = original.AzureSecurityCenter + MicrosoftCloudAppSecurity MicrosoftSecurityProductName = original.MicrosoftCloudAppSecurity +) + type OSFamily = original.OSFamily const ( @@ -340,6 +372,19 @@ const ( RegistryValueKindUnknown RegistryValueKind = original.RegistryValueKindUnknown ) +type RelationNodeKind = original.RelationNodeKind + +const ( + RelationNodeKindBookmark RelationNodeKind = original.RelationNodeKindBookmark + RelationNodeKindCase RelationNodeKind = original.RelationNodeKindCase +) + +type RelationTypes = original.RelationTypes + +const ( + CasesToBookmarks RelationTypes = original.CasesToBookmarks +) + type SettingKind = original.SettingKind const ( @@ -371,16 +416,21 @@ const ( NotEqual TriggerOperator = original.NotEqual ) +type AADCheckRequirements = original.AADCheckRequirements type AADDataConnector = original.AADDataConnector type AADDataConnectorProperties = original.AADDataConnectorProperties +type AATPCheckRequirements = original.AATPCheckRequirements type AATPDataConnector = original.AATPDataConnector type AATPDataConnectorProperties = original.AATPDataConnectorProperties +type ASCCheckRequirements = original.ASCCheckRequirements type ASCDataConnector = original.ASCDataConnector type ASCDataConnectorProperties = original.ASCDataConnectorProperties type AccountEntity = original.AccountEntity type AccountEntityProperties = original.AccountEntityProperties -type Action = original.Action -type ActionProperties = original.ActionProperties +type ActionRequest = original.ActionRequest +type ActionRequestProperties = original.ActionRequestProperties +type ActionResponse = original.ActionResponse +type ActionResponseProperties = original.ActionResponseProperties type ActionsClient = original.ActionsClient type ActionsList = original.ActionsList type ActionsListIterator = original.ActionsListIterator @@ -393,6 +443,7 @@ type AlertRuleKind1 = original.AlertRuleKind1 type AlertRuleModel = original.AlertRuleModel type AlertRuleTemplate = original.AlertRuleTemplate type AlertRuleTemplateModel = original.AlertRuleTemplateModel +type AlertRuleTemplatePropertiesBase = original.AlertRuleTemplatePropertiesBase type AlertRuleTemplatesClient = original.AlertRuleTemplatesClient type AlertRuleTemplatesList = original.AlertRuleTemplatesList type AlertRuleTemplatesListIterator = original.AlertRuleTemplatesListIterator @@ -403,13 +454,13 @@ type AlertRulesListIterator = original.AlertRulesListIterator type AlertRulesListPage = original.AlertRulesListPage type AlertsDataTypeOfDataConnector = original.AlertsDataTypeOfDataConnector type AlertsDataTypeOfDataConnectorAlerts = original.AlertsDataTypeOfDataConnectorAlerts +type AwsCloudTrailCheckRequirements = original.AwsCloudTrailCheckRequirements type AwsCloudTrailDataConnector = original.AwsCloudTrailDataConnector type AwsCloudTrailDataConnectorDataTypes = original.AwsCloudTrailDataConnectorDataTypes type AwsCloudTrailDataConnectorDataTypesLogs = original.AwsCloudTrailDataConnectorDataTypesLogs type AwsCloudTrailDataConnectorProperties = original.AwsCloudTrailDataConnectorProperties type AzureResourceEntity = original.AzureResourceEntity type AzureResourceEntityProperties = original.AzureResourceEntityProperties -type BaseAlertRuleTemplateProperties = original.BaseAlertRuleTemplateProperties type BaseClient = original.BaseClient type BasicAggregations = original.BasicAggregations type BasicAlertRule = original.BasicAlertRule @@ -422,6 +473,12 @@ type BookmarkList = original.BookmarkList type BookmarkListIterator = original.BookmarkListIterator type BookmarkListPage = original.BookmarkListPage type BookmarkProperties = original.BookmarkProperties +type BookmarkRelation = original.BookmarkRelation +type BookmarkRelationList = original.BookmarkRelationList +type BookmarkRelationListIterator = original.BookmarkRelationListIterator +type BookmarkRelationListPage = original.BookmarkRelationListPage +type BookmarkRelationProperties = original.BookmarkRelationProperties +type BookmarkRelationsClient = original.BookmarkRelationsClient type BookmarksClient = original.BookmarksClient type Case = original.Case type CaseComment = original.CaseComment @@ -434,6 +491,12 @@ type CaseList = original.CaseList type CaseListIterator = original.CaseListIterator type CaseListPage = original.CaseListPage type CaseProperties = original.CaseProperties +type CaseRelation = original.CaseRelation +type CaseRelationList = original.CaseRelationList +type CaseRelationListIterator = original.CaseRelationListIterator +type CaseRelationListPage = original.CaseRelationListPage +type CaseRelationProperties = original.CaseRelationProperties +type CaseRelationsClient = original.CaseRelationsClient type CasesAggregation = original.CasesAggregation type CasesAggregationBySeverityProperties = original.CasesAggregationBySeverityProperties type CasesAggregationByStatusProperties = original.CasesAggregationByStatusProperties @@ -454,9 +517,12 @@ type DataConnectorList = original.DataConnectorList type DataConnectorListIterator = original.DataConnectorListIterator type DataConnectorListPage = original.DataConnectorListPage type DataConnectorModel = original.DataConnectorModel +type DataConnectorRequirementsClient = original.DataConnectorRequirementsClient +type DataConnectorRequirementsState = original.DataConnectorRequirementsState type DataConnectorStatus = original.DataConnectorStatus type DataConnectorTenantID = original.DataConnectorTenantID type DataConnectorWithAlertsProperties = original.DataConnectorWithAlertsProperties +type DataConnectorsCheckRequirements = original.DataConnectorsCheckRequirements type DataConnectorsClient = original.DataConnectorsClient type EntitiesClient = original.EntitiesClient type Entity = original.Entity @@ -481,25 +547,30 @@ type FileEntity = original.FileEntity type FileEntityProperties = original.FileEntityProperties type FileHashEntity = original.FileHashEntity type FileHashEntityProperties = original.FileHashEntityProperties -type FilterAlertRuleTemplate = original.FilterAlertRuleTemplate -type FilterAlertRuleTemplateProperties = original.FilterAlertRuleTemplateProperties -type FilterAlertRuleTemplatePropertiesModel = original.FilterAlertRuleTemplatePropertiesModel +type FusionAlertRule = original.FusionAlertRule +type FusionAlertRuleProperties = original.FusionAlertRuleProperties type FusionAlertRuleTemplate = original.FusionAlertRuleTemplate type FusionAlertRuleTemplateProperties = original.FusionAlertRuleTemplateProperties -type FusionAlertRuleTemplatePropertiesModel = original.FusionAlertRuleTemplatePropertiesModel type GeoLocation = original.GeoLocation type HostEntity = original.HostEntity type HostEntityProperties = original.HostEntityProperties type IPEntity = original.IPEntity type IPEntityProperties = original.IPEntityProperties +type MCASCheckRequirements = original.MCASCheckRequirements type MCASDataConnector = original.MCASDataConnector type MCASDataConnectorDataTypes = original.MCASDataConnectorDataTypes type MCASDataConnectorDataTypesDiscoveryLogs = original.MCASDataConnectorDataTypesDiscoveryLogs type MCASDataConnectorProperties = original.MCASDataConnectorProperties +type MDATPCheckRequirements = original.MDATPCheckRequirements type MDATPDataConnector = original.MDATPDataConnector type MDATPDataConnectorProperties = original.MDATPDataConnectorProperties type MalwareEntity = original.MalwareEntity type MalwareEntityProperties = original.MalwareEntityProperties +type MicrosoftSecurityIncidentCreationAlertRule = original.MicrosoftSecurityIncidentCreationAlertRule +type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties = original.MicrosoftSecurityIncidentCreationAlertRuleCommonProperties +type MicrosoftSecurityIncidentCreationAlertRuleProperties = original.MicrosoftSecurityIncidentCreationAlertRuleProperties +type MicrosoftSecurityIncidentCreationAlertRuleTemplate = original.MicrosoftSecurityIncidentCreationAlertRuleTemplate +type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = original.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties type OfficeConsent = original.OfficeConsent type OfficeConsentList = original.OfficeConsentList type OfficeConsentListIterator = original.OfficeConsentListIterator @@ -511,6 +582,7 @@ type OfficeDataConnectorDataTypes = original.OfficeDataConnectorDataTypes type OfficeDataConnectorDataTypesExchange = original.OfficeDataConnectorDataTypesExchange type OfficeDataConnectorDataTypesSharePoint = original.OfficeDataConnectorDataTypesSharePoint type OfficeDataConnectorProperties = original.OfficeDataConnectorProperties +type OfficeDataConnectorRequirementsCheck = original.OfficeDataConnectorRequirementsCheck type Operation = original.Operation type OperationDisplay = original.OperationDisplay type OperationsClient = original.OperationsClient @@ -524,12 +596,17 @@ type RegistryKeyEntity = original.RegistryKeyEntity type RegistryKeyEntityProperties = original.RegistryKeyEntityProperties type RegistryValueEntity = original.RegistryValueEntity type RegistryValueEntityProperties = original.RegistryValueEntityProperties +type RelationBase = original.RelationBase +type RelationNode = original.RelationNode +type RelationsModelInput = original.RelationsModelInput +type RelationsModelInputProperties = original.RelationsModelInputProperties type Resource = original.Resource +type ResourceWithEtag = original.ResourceWithEtag type ScheduledAlertRule = original.ScheduledAlertRule +type ScheduledAlertRuleCommonProperties = original.ScheduledAlertRuleCommonProperties type ScheduledAlertRuleProperties = original.ScheduledAlertRuleProperties type ScheduledAlertRuleTemplate = original.ScheduledAlertRuleTemplate type ScheduledAlertRuleTemplateProperties = original.ScheduledAlertRuleTemplateProperties -type ScheduledAlertRuleTemplatePropertiesModel = original.ScheduledAlertRuleTemplatePropertiesModel type SecurityAlert = original.SecurityAlert type SecurityAlertProperties = original.SecurityAlertProperties type SecurityAlertPropertiesConfidenceReasonsItem = original.SecurityAlertPropertiesConfidenceReasonsItem @@ -538,6 +615,7 @@ type SecurityGroupEntityProperties = original.SecurityGroupEntityProperties type Settings = original.Settings type SettingsKind = original.SettingsKind type SettingsModel = original.SettingsModel +type TICheckRequirements = original.TICheckRequirements type TIDataConnector = original.TIDataConnector type TIDataConnectorDataTypes = original.TIDataConnectorDataTypes type TIDataConnectorDataTypesIndicators = original.TIDataConnectorDataTypesIndicators @@ -596,6 +674,18 @@ func NewBookmarkListIterator(page BookmarkListPage) BookmarkListIterator { func NewBookmarkListPage(getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage { return original.NewBookmarkListPage(getNextPage) } +func NewBookmarkRelationListIterator(page BookmarkRelationListPage) BookmarkRelationListIterator { + return original.NewBookmarkRelationListIterator(page) +} +func NewBookmarkRelationListPage(getNextPage func(context.Context, BookmarkRelationList) (BookmarkRelationList, error)) BookmarkRelationListPage { + return original.NewBookmarkRelationListPage(getNextPage) +} +func NewBookmarkRelationsClient(subscriptionID string) BookmarkRelationsClient { + return original.NewBookmarkRelationsClient(subscriptionID) +} +func NewBookmarkRelationsClientWithBaseURI(baseURI string, subscriptionID string) BookmarkRelationsClient { + return original.NewBookmarkRelationsClientWithBaseURI(baseURI, subscriptionID) +} func NewBookmarksClient(subscriptionID string) BookmarksClient { return original.NewBookmarksClient(subscriptionID) } @@ -620,6 +710,18 @@ func NewCaseListIterator(page CaseListPage) CaseListIterator { func NewCaseListPage(getNextPage func(context.Context, CaseList) (CaseList, error)) CaseListPage { return original.NewCaseListPage(getNextPage) } +func NewCaseRelationListIterator(page CaseRelationListPage) CaseRelationListIterator { + return original.NewCaseRelationListIterator(page) +} +func NewCaseRelationListPage(getNextPage func(context.Context, CaseRelationList) (CaseRelationList, error)) CaseRelationListPage { + return original.NewCaseRelationListPage(getNextPage) +} +func NewCaseRelationsClient(subscriptionID string) CaseRelationsClient { + return original.NewCaseRelationsClient(subscriptionID) +} +func NewCaseRelationsClientWithBaseURI(baseURI string, subscriptionID string) CaseRelationsClient { + return original.NewCaseRelationsClientWithBaseURI(baseURI, subscriptionID) +} func NewCasesAggregationsClient(subscriptionID string) CasesAggregationsClient { return original.NewCasesAggregationsClient(subscriptionID) } @@ -644,6 +746,12 @@ func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListI func NewDataConnectorListPage(getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage { return original.NewDataConnectorListPage(getNextPage) } +func NewDataConnectorRequirementsClient(subscriptionID string) DataConnectorRequirementsClient { + return original.NewDataConnectorRequirementsClient(subscriptionID) +} +func NewDataConnectorRequirementsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorRequirementsClient { + return original.NewDataConnectorRequirementsClientWithBaseURI(baseURI, subscriptionID) +} func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient { return original.NewDataConnectorsClient(subscriptionID) } @@ -737,9 +845,15 @@ func PossibleConfidenceLevelValues() []ConfidenceLevel { func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { return original.PossibleConfidenceScoreStatusValues() } +func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState { + return original.PossibleDataConnectorAuthorizationStateValues() +} func PossibleDataConnectorKindValues() []DataConnectorKind { return original.PossibleDataConnectorKindValues() } +func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState { + return original.PossibleDataConnectorLicenseStateValues() +} func PossibleDataTypeStateValues() []DataTypeState { return original.PossibleDataTypeStateValues() } @@ -761,12 +875,12 @@ func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { func PossibleKillChainIntentValues() []KillChainIntent { return original.PossibleKillChainIntentValues() } -func PossibleKindBasicAggregationsValues() []KindBasicAggregations { - return original.PossibleKindBasicAggregationsValues() -} func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { return original.PossibleKindBasicAlertRuleTemplateValues() } +func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule { + return original.PossibleKindBasicAlertRuleValues() +} func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { return original.PossibleKindBasicDataConnectorValues() } @@ -782,6 +896,9 @@ func PossibleKindValues() []Kind { func PossibleLicenseStatusValues() []LicenseStatus { return original.PossibleLicenseStatusValues() } +func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName { + return original.PossibleMicrosoftSecurityProductNameValues() +} func PossibleOSFamilyValues() []OSFamily { return original.PossibleOSFamilyValues() } @@ -791,6 +908,12 @@ func PossibleRegistryHiveValues() []RegistryHive { func PossibleRegistryValueKindValues() []RegistryValueKind { return original.PossibleRegistryValueKindValues() } +func PossibleRelationNodeKindValues() []RelationNodeKind { + return original.PossibleRelationNodeKindValues() +} +func PossibleRelationTypesValues() []RelationTypes { + return original.PossibleRelationTypesValues() +} func PossibleSettingKindValues() []SettingKind { return original.PossibleSettingKindValues() } diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go index 8ab6cea80eac..a1d9836757e1 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go @@ -24,11 +24,14 @@ import original "github.com/Azure/azure-sdk-for-go/services/preview/securityinsi type ActionsClientAPI = original.ActionsClientAPI type AlertRuleTemplatesClientAPI = original.AlertRuleTemplatesClientAPI type AlertRulesClientAPI = original.AlertRulesClientAPI +type BookmarkRelationsClientAPI = original.BookmarkRelationsClientAPI type BookmarksClientAPI = original.BookmarksClientAPI type CaseCommentsClientAPI = original.CaseCommentsClientAPI +type CaseRelationsClientAPI = original.CaseRelationsClientAPI type CasesAggregationsClientAPI = original.CasesAggregationsClientAPI type CasesClientAPI = original.CasesClientAPI type CommentsClientAPI = original.CommentsClientAPI +type DataConnectorRequirementsClientAPI = original.DataConnectorRequirementsClientAPI type DataConnectorsClientAPI = original.DataConnectorsClientAPI type EntitiesClientAPI = original.EntitiesClientAPI type EntityQueriesClientAPI = original.EntityQueriesClientAPI diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertrules.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertrules.go index a71925e078ea..b63ac2177cbe 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertrules.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertrules.go @@ -150,7 +150,7 @@ func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (res // ruleID - alert rule ID // actionID - action ID // action - the action -func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action Action) (result Action, err error) { +func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (result ActionResponse, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.CreateOrUpdateAction") defer func() { @@ -196,7 +196,7 @@ func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourc } // CreateOrUpdateActionPreparer prepares the CreateOrUpdateAction request. -func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action Action) (*http.Request, error) { +func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (*http.Request, error) { pathParameters := map[string]interface{}{ "actionId": autorest.Encode("path", actionID), "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), @@ -230,7 +230,7 @@ func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*h // CreateOrUpdateActionResponder handles the response to the CreateOrUpdateAction request. The method always // closes the http.Response Body. -func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result Action, err error) { +func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result ActionResponse, err error) { err = autorest.Respond( resp, client.ByInspecting(), @@ -538,7 +538,7 @@ func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRu // workspaceName - the name of the workspace. // ruleID - alert rule ID // actionID - action ID -func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result Action, err error) { +func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result ActionResponse, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.GetAction") defer func() { @@ -616,7 +616,7 @@ func (client AlertRulesClient) GetActionSender(req *http.Request) (*http.Respons // GetActionResponder handles the response to the GetAction request. The method always // closes the http.Response Body. -func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result Action, err error) { +func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result ActionResponse, err error) { err = autorest.Respond( resp, client.ByInspecting(), diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarkrelations.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarkrelations.go new file mode 100644 index 000000000000..ffd332f7403e --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarkrelations.go @@ -0,0 +1,490 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// BookmarkRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type BookmarkRelationsClient struct { + BaseClient +} + +// NewBookmarkRelationsClient creates an instance of the BookmarkRelationsClient client. +func NewBookmarkRelationsClient(subscriptionID string) BookmarkRelationsClient { + return NewBookmarkRelationsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewBookmarkRelationsClientWithBaseURI creates an instance of the BookmarkRelationsClient client. +func NewBookmarkRelationsClientWithBaseURI(baseURI string, subscriptionID string) BookmarkRelationsClient { + return BookmarkRelationsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdateRelation creates the bookmark relation. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// bookmarkID - bookmark ID +// relationName - relation Name +// relationInputModel - the relation input model +func (client BookmarkRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relationInputModel RelationsModelInput) (result BookmarkRelation, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarkRelationsClient.CreateOrUpdateRelation") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.BookmarkRelationsClient", "CreateOrUpdateRelation", err.Error()) + } + + req, err := client.CreateOrUpdateRelationPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, bookmarkID, relationName, relationInputModel) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "CreateOrUpdateRelation", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateRelationSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "CreateOrUpdateRelation", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateRelationResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "CreateOrUpdateRelation", resp, "Failure responding to request") + } + + return +} + +// CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request. +func (client BookmarkRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relationInputModel RelationsModelInput) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "bookmarkId": autorest.Encode("path", bookmarkID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "relationName": autorest.Encode("path", relationName), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", pathParameters), + autorest.WithJSON(relationInputModel), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the +// http.Response Body if it receives an error. +func (client BookmarkRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always +// closes the http.Response Body. +func (client BookmarkRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result BookmarkRelation, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// DeleteRelation delete the bookmark relation. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// bookmarkID - bookmark ID +// relationName - relation Name +func (client BookmarkRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarkRelationsClient.DeleteRelation") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.BookmarkRelationsClient", "DeleteRelation", err.Error()) + } + + req, err := client.DeleteRelationPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, bookmarkID, relationName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "DeleteRelation", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteRelationSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "DeleteRelation", resp, "Failure sending request") + return + } + + result, err = client.DeleteRelationResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "DeleteRelation", resp, "Failure responding to request") + } + + return +} + +// DeleteRelationPreparer prepares the DeleteRelation request. +func (client BookmarkRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "bookmarkId": autorest.Encode("path", bookmarkID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "relationName": autorest.Encode("path", relationName), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteRelationSender sends the DeleteRelation request. The method will close the +// http.Response Body if it receives an error. +func (client BookmarkRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// DeleteRelationResponder handles the response to the DeleteRelation request. The method always +// closes the http.Response Body. +func (client BookmarkRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// GetRelation gets a bookmark relation. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// bookmarkID - bookmark ID +// relationName - relation Name +func (client BookmarkRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result BookmarkRelation, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarkRelationsClient.GetRelation") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.BookmarkRelationsClient", "GetRelation", err.Error()) + } + + req, err := client.GetRelationPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, bookmarkID, relationName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "GetRelation", nil, "Failure preparing request") + return + } + + resp, err := client.GetRelationSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "GetRelation", resp, "Failure sending request") + return + } + + result, err = client.GetRelationResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "GetRelation", resp, "Failure responding to request") + } + + return +} + +// GetRelationPreparer prepares the GetRelation request. +func (client BookmarkRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "bookmarkId": autorest.Encode("path", bookmarkID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "relationName": autorest.Encode("path", relationName), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetRelationSender sends the GetRelation request. The method will close the +// http.Response Body if it receives an error. +func (client BookmarkRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetRelationResponder handles the response to the GetRelation request. The method always +// closes the http.Response Body. +func (client BookmarkRelationsClient) GetRelationResponder(resp *http.Response) (result BookmarkRelation, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all bookmark relations. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// bookmarkID - bookmark ID +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client BookmarkRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result BookmarkRelationListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarkRelationsClient.List") + defer func() { + sc := -1 + if result.brl.Response.Response != nil { + sc = result.brl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.BookmarkRelationsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, bookmarkID, filter, orderby, top, skipToken) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.brl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "List", resp, "Failure sending request") + return + } + + result.brl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client BookmarkRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "bookmarkId": autorest.Encode("path", bookmarkID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client BookmarkRelationsClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client BookmarkRelationsClient) ListResponder(resp *http.Response) (result BookmarkRelationList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client BookmarkRelationsClient) listNextResults(ctx context.Context, lastResults BookmarkRelationList) (result BookmarkRelationList, err error) { + req, err := lastResults.bookmarkRelationListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarkRelationsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client BookmarkRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result BookmarkRelationListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarkRelationsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, bookmarkID, filter, orderby, top, skipToken) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go index d324696ba926..20f8c8a83f39 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go @@ -73,12 +73,12 @@ func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupN {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, {TargetValue: bookmark, Constraints: []validation.Constraint{{Target: "bookmark.BookmarkProperties", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, - {Target: "bookmark.BookmarkProperties.CreatedBy", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + {Target: "bookmark.BookmarkProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "bookmark.BookmarkProperties.Query", Name: validation.Null, Rule: true, Chain: nil}, {Target: "bookmark.BookmarkProperties.UpdatedBy", Name: validation.Null, Rule: false, Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.UpdatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, - {Target: "bookmark.BookmarkProperties.Query", Name: validation.Null, Rule: true, Chain: nil}, }}}}}); err != nil { return result, validation.NewError("securityinsight.BookmarksClient", "CreateOrUpdate", err.Error()) } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/caserelations.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/caserelations.go new file mode 100644 index 000000000000..1c20302d892a --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/caserelations.go @@ -0,0 +1,490 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// CaseRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type CaseRelationsClient struct { + BaseClient +} + +// NewCaseRelationsClient creates an instance of the CaseRelationsClient client. +func NewCaseRelationsClient(subscriptionID string) CaseRelationsClient { + return NewCaseRelationsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewCaseRelationsClientWithBaseURI creates an instance of the CaseRelationsClient client. +func NewCaseRelationsClientWithBaseURI(baseURI string, subscriptionID string) CaseRelationsClient { + return CaseRelationsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdateRelation creates or updates the case relation. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// relationName - relation Name +// relationInputModel - the relation input model +func (client CaseRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (result CaseRelation, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseRelationsClient.CreateOrUpdateRelation") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.CaseRelationsClient", "CreateOrUpdateRelation", err.Error()) + } + + req, err := client.CreateOrUpdateRelationPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, relationName, relationInputModel) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "CreateOrUpdateRelation", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateRelationSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "CreateOrUpdateRelation", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateRelationResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "CreateOrUpdateRelation", resp, "Failure responding to request") + } + + return +} + +// CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request. +func (client CaseRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "relationName": autorest.Encode("path", relationName), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/relations/{relationName}", pathParameters), + autorest.WithJSON(relationInputModel), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the +// http.Response Body if it receives an error. +func (client CaseRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always +// closes the http.Response Body. +func (client CaseRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result CaseRelation, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// DeleteRelation delete the case relation. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// relationName - relation Name +func (client CaseRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseRelationsClient.DeleteRelation") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.CaseRelationsClient", "DeleteRelation", err.Error()) + } + + req, err := client.DeleteRelationPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, relationName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "DeleteRelation", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteRelationSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "DeleteRelation", resp, "Failure sending request") + return + } + + result, err = client.DeleteRelationResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "DeleteRelation", resp, "Failure responding to request") + } + + return +} + +// DeleteRelationPreparer prepares the DeleteRelation request. +func (client CaseRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "relationName": autorest.Encode("path", relationName), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/relations/{relationName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteRelationSender sends the DeleteRelation request. The method will close the +// http.Response Body if it receives an error. +func (client CaseRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// DeleteRelationResponder handles the response to the DeleteRelation request. The method always +// closes the http.Response Body. +func (client CaseRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// GetRelation gets a case relation. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// relationName - relation Name +func (client CaseRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result CaseRelation, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseRelationsClient.GetRelation") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.CaseRelationsClient", "GetRelation", err.Error()) + } + + req, err := client.GetRelationPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, relationName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "GetRelation", nil, "Failure preparing request") + return + } + + resp, err := client.GetRelationSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "GetRelation", resp, "Failure sending request") + return + } + + result, err = client.GetRelationResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "GetRelation", resp, "Failure responding to request") + } + + return +} + +// GetRelationPreparer prepares the GetRelation request. +func (client CaseRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "relationName": autorest.Encode("path", relationName), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/relations/{relationName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetRelationSender sends the GetRelation request. The method will close the +// http.Response Body if it receives an error. +func (client CaseRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetRelationResponder handles the response to the GetRelation request. The method always +// closes the http.Response Body. +func (client CaseRelationsClient) GetRelationResponder(resp *http.Response) (result CaseRelation, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all case relations. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client CaseRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseRelationsClient.List") + defer func() { + sc := -1 + if result.crl.Response.Response != nil { + sc = result.crl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.CaseRelationsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, filter, orderby, top, skipToken) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.crl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "List", resp, "Failure sending request") + return + } + + result.crl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client CaseRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/relations", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client CaseRelationsClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client CaseRelationsClient) ListResponder(resp *http.Response) (result CaseRelationList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client CaseRelationsClient) listNextResults(ctx context.Context, lastResults CaseRelationList) (result CaseRelationList, err error) { + req, err := lastResults.caseRelationListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseRelationsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client CaseRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseRelationsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, filter, orderby, top, skipToken) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go index 5f4bc4d1c106..7b2b21a07030 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go @@ -73,10 +73,10 @@ func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, {TargetValue: caseParameter, Constraints: []validation.Constraint{{Target: "caseParameter.CaseProperties", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.StartTimeUtc", Name: validation.Null, Rule: true, Chain: nil}, + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Owner", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Owner.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + {Target: "caseParameter.CaseProperties.StartTimeUtc", Name: validation.Null, Rule: true, Chain: nil}, {Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}, - {Target: "caseParameter.CaseProperties.Owner", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Owner.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, }}}}}); err != nil { return result, validation.NewError("securityinsight.CasesClient", "CreateOrUpdate", err.Error()) } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/dataconnectorrequirements.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/dataconnectorrequirements.go new file mode 100644 index 000000000000..47bb8f5aa05c --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/dataconnectorrequirements.go @@ -0,0 +1,140 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// DataConnectorRequirementsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource +// provider +type DataConnectorRequirementsClient struct { + BaseClient +} + +// NewDataConnectorRequirementsClient creates an instance of the DataConnectorRequirementsClient client. +func NewDataConnectorRequirementsClient(subscriptionID string) DataConnectorRequirementsClient { + return NewDataConnectorRequirementsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewDataConnectorRequirementsClientWithBaseURI creates an instance of the DataConnectorRequirementsClient client. +func NewDataConnectorRequirementsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorRequirementsClient { + return DataConnectorRequirementsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// List get requirements state for a data connector type. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// dataConnectorsCheckRequirements - the parameters for requirements check message +func (client DataConnectorRequirementsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, operationalInsightsResourceProvider string, dataConnectorsCheckRequirements DataConnectorsCheckRequirements) (result DataConnectorRequirementsState, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorRequirementsClient.List") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.DataConnectorRequirementsClient", "List", err.Error()) + } + + req, err := client.ListPreparer(ctx, resourceGroupName, workspaceName, operationalInsightsResourceProvider, dataConnectorsCheckRequirements) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorRequirementsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorRequirementsClient", "List", resp, "Failure sending request") + return + } + + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorRequirementsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client DataConnectorRequirementsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, operationalInsightsResourceProvider string, dataConnectorsCheckRequirements DataConnectorsCheckRequirements) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/checkDataConnectorRequirements", pathParameters), + autorest.WithJSON(dataConnectorsCheckRequirements), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client DataConnectorRequirementsClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client DataConnectorRequirementsClient) ListResponder(resp *http.Response) (result DataConnectorRequirementsState, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index a36a38b88823..1886f56ea02b 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -48,17 +48,17 @@ func PossibleAggregationsKindValues() []AggregationsKind { type AlertRuleKind string const ( - // Filter ... - Filter AlertRuleKind = "Filter" // Fusion ... Fusion AlertRuleKind = "Fusion" + // MicrosoftSecurityIncidentCreation ... + MicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" // Scheduled ... Scheduled AlertRuleKind = "Scheduled" ) // PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type. func PossibleAlertRuleKindValues() []AlertRuleKind { - return []AlertRuleKind{Filter, Fusion, Scheduled} + return []AlertRuleKind{Fusion, MicrosoftSecurityIncidentCreation, Scheduled} } // AlertSeverity enumerates the values for alert severity. @@ -119,6 +119,8 @@ const ( Execution AttackTactic = "Execution" // Exfiltration ... Exfiltration AttackTactic = "Exfiltration" + // Impact ... + Impact AttackTactic = "Impact" // InitialAccess ... InitialAccess AttackTactic = "InitialAccess" // LateralMovement ... @@ -131,7 +133,7 @@ const ( // PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. func PossibleAttackTacticValues() []AttackTactic { - return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation} + return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation} } // CaseSeverity enumerates the values for case severity. @@ -233,6 +235,21 @@ func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { return []ConfidenceScoreStatus{Final, InProcess, NotApplicable, NotFinal} } +// DataConnectorAuthorizationState enumerates the values for data connector authorization state. +type DataConnectorAuthorizationState string + +const ( + // Invalid ... + Invalid DataConnectorAuthorizationState = "Invalid" + // Valid ... + Valid DataConnectorAuthorizationState = "Valid" +) + +// PossibleDataConnectorAuthorizationStateValues returns an array of possible values for the DataConnectorAuthorizationState const type. +func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState { + return []DataConnectorAuthorizationState{Invalid, Valid} +} + // DataConnectorKind enumerates the values for data connector kind. type DataConnectorKind string @@ -260,6 +277,33 @@ func PossibleDataConnectorKindValues() []DataConnectorKind { return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence} } +// DataConnectorLicenseState enumerates the values for data connector license state. +type DataConnectorLicenseState string + +const ( + // DataConnectorLicenseStateAADP1OrP2LicenseRequired ... + DataConnectorLicenseStateAADP1OrP2LicenseRequired DataConnectorLicenseState = "AADP1OrP2LicenseRequired" + // DataConnectorLicenseStateAzureAdvancedThreatProtectionLicenseRequired ... + DataConnectorLicenseStateAzureAdvancedThreatProtectionLicenseRequired DataConnectorLicenseState = "AzureAdvancedThreatProtectionLicenseRequired" + // DataConnectorLicenseStateAzureInformationProtectionLicenseRequired ... + DataConnectorLicenseStateAzureInformationProtectionLicenseRequired DataConnectorLicenseState = "AzureInformationProtectionLicenseRequired" + // DataConnectorLicenseStateMicrosoftCloudAppSecurityLicenseRequired ... + DataConnectorLicenseStateMicrosoftCloudAppSecurityLicenseRequired DataConnectorLicenseState = "MicrosoftCloudAppSecurityLicenseRequired" + // DataConnectorLicenseStateMicrosoftDefenderAdvancedThreatProtectionEnableRequired ... + DataConnectorLicenseStateMicrosoftDefenderAdvancedThreatProtectionEnableRequired DataConnectorLicenseState = "MicrosoftDefenderAdvancedThreatProtectionEnableRequired" + // DataConnectorLicenseStateSubscriptionStandardTierLicenseRequired ... + DataConnectorLicenseStateSubscriptionStandardTierLicenseRequired DataConnectorLicenseState = "SubscriptionStandardTierLicenseRequired" + // DataConnectorLicenseStateUnknown ... + DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown" + // DataConnectorLicenseStateValid ... + DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid" +) + +// PossibleDataConnectorLicenseStateValues returns an array of possible values for the DataConnectorLicenseState const type. +func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState { + return []DataConnectorLicenseState{DataConnectorLicenseStateAADP1OrP2LicenseRequired, DataConnectorLicenseStateAzureAdvancedThreatProtectionLicenseRequired, DataConnectorLicenseStateAzureInformationProtectionLicenseRequired, DataConnectorLicenseStateMicrosoftCloudAppSecurityLicenseRequired, DataConnectorLicenseStateMicrosoftDefenderAdvancedThreatProtectionEnableRequired, DataConnectorLicenseStateSubscriptionStandardTierLicenseRequired, DataConnectorLicenseStateUnknown, DataConnectorLicenseStateValid} +} + // DataTypeState enumerates the values for data type state. type DataTypeState string @@ -496,30 +540,34 @@ func PossibleKillChainIntentValues() []KillChainIntent { type Kind string const ( - // KindAlertRule ... - KindAlertRule Kind = "AlertRule" - // KindScheduled ... - KindScheduled Kind = "Scheduled" + // KindAggregations ... + KindAggregations Kind = "Aggregations" + // KindCasesAggregation ... + KindCasesAggregation Kind = "CasesAggregation" ) // PossibleKindValues returns an array of possible values for the Kind const type. func PossibleKindValues() []Kind { - return []Kind{KindAlertRule, KindScheduled} + return []Kind{KindAggregations, KindCasesAggregation} } -// KindBasicAggregations enumerates the values for kind basic aggregations. -type KindBasicAggregations string +// KindBasicAlertRule enumerates the values for kind basic alert rule. +type KindBasicAlertRule string const ( - // KindAggregations ... - KindAggregations KindBasicAggregations = "Aggregations" - // KindCasesAggregation ... - KindCasesAggregation KindBasicAggregations = "CasesAggregation" + // KindAlertRule ... + KindAlertRule KindBasicAlertRule = "AlertRule" + // KindFusion ... + KindFusion KindBasicAlertRule = "Fusion" + // KindMicrosoftSecurityIncidentCreation ... + KindMicrosoftSecurityIncidentCreation KindBasicAlertRule = "MicrosoftSecurityIncidentCreation" + // KindScheduled ... + KindScheduled KindBasicAlertRule = "Scheduled" ) -// PossibleKindBasicAggregationsValues returns an array of possible values for the KindBasicAggregations const type. -func PossibleKindBasicAggregationsValues() []KindBasicAggregations { - return []KindBasicAggregations{KindAggregations, KindCasesAggregation} +// PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type. +func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule { + return []KindBasicAlertRule{KindAlertRule, KindFusion, KindMicrosoftSecurityIncidentCreation, KindScheduled} } // KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. @@ -528,17 +576,17 @@ type KindBasicAlertRuleTemplate string const ( // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" - // KindBasicAlertRuleTemplateKindFilter ... - KindBasicAlertRuleTemplateKindFilter KindBasicAlertRuleTemplate = "Filter" // KindBasicAlertRuleTemplateKindFusion ... KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" + // KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ... + KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation" // KindBasicAlertRuleTemplateKindScheduled ... KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" ) // PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type. func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { - return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFilter, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindScheduled} + return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation, KindBasicAlertRuleTemplateKindScheduled} } // KindBasicDataConnector enumerates the values for kind basic data connector. @@ -645,6 +693,25 @@ func PossibleLicenseStatusValues() []LicenseStatus { return []LicenseStatus{LicenseStatusDisabled, LicenseStatusEnabled} } +// MicrosoftSecurityProductName enumerates the values for microsoft security product name. +type MicrosoftSecurityProductName string + +const ( + // AzureActiveDirectoryIdentityProtection ... + AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" + // AzureAdvancedThreatProtection ... + AzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" + // AzureSecurityCenter ... + AzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" + // MicrosoftCloudAppSecurity ... + MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" +) + +// PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type. +func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName { + return []MicrosoftSecurityProductName{AzureActiveDirectoryIdentityProtection, AzureAdvancedThreatProtection, AzureSecurityCenter, MicrosoftCloudAppSecurity} +} + // OSFamily enumerates the values for os family. type OSFamily string @@ -722,6 +789,34 @@ func PossibleRegistryValueKindValues() []RegistryValueKind { return []RegistryValueKind{RegistryValueKindBinary, RegistryValueKindDWord, RegistryValueKindExpandString, RegistryValueKindMultiString, RegistryValueKindNone, RegistryValueKindQWord, RegistryValueKindString, RegistryValueKindUnknown} } +// RelationNodeKind enumerates the values for relation node kind. +type RelationNodeKind string + +const ( + // RelationNodeKindBookmark Bookmark node part of the relation + RelationNodeKindBookmark RelationNodeKind = "Bookmark" + // RelationNodeKindCase Case node part of the relation + RelationNodeKindCase RelationNodeKind = "Case" +) + +// PossibleRelationNodeKindValues returns an array of possible values for the RelationNodeKind const type. +func PossibleRelationNodeKindValues() []RelationNodeKind { + return []RelationNodeKind{RelationNodeKindBookmark, RelationNodeKindCase} +} + +// RelationTypes enumerates the values for relation types. +type RelationTypes string + +const ( + // CasesToBookmarks Relations between cases and bookmarks + CasesToBookmarks RelationTypes = "CasesToBookmarks" +) + +// PossibleRelationTypesValues returns an array of possible values for the RelationTypes const type. +func PossibleRelationTypesValues() []RelationTypes { + return []RelationTypes{CasesToBookmarks} +} + // SettingKind enumerates the values for setting kind. type SettingKind string @@ -788,19 +883,19 @@ func PossibleTriggerOperatorValues() []TriggerOperator { return []TriggerOperator{Equal, GreaterThan, LessThan, NotEqual} } +// AADCheckRequirements AAD (Azure Active Directory) requirements check properties. +type AADCheckRequirements struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + // AADDataConnector represents AAD (Azure Active Directory) data connector. type AADDataConnector struct { // AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties. *AADDataConnectorProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -820,13 +915,18 @@ func (adc AADDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return &adc, true +} + +// AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } @@ -835,28 +935,23 @@ func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataCo return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return &adc, true -} - -// AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -888,33 +983,6 @@ func (adc *AADDataConnector) UnmarshalJSON(body []byte) error { } adc.AADDataConnectorProperties = &aADDataConnectorProperties } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - adc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - adc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - adc.Name = &name - } case "etag": if v != nil { var etag string @@ -947,19 +1015,19 @@ type AADDataConnectorProperties struct { DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } +// AATPCheckRequirements AATP (Azure Advanced Threat Protection) requirements check properties. +type AATPCheckRequirements struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + // AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector. type AATPDataConnector struct { // AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties. *AATPDataConnectorProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -979,13 +1047,18 @@ func (adc AATPDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return &adc, true +} + +// AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } @@ -994,28 +1067,23 @@ func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataC return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return &adc, true -} - -// AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -1047,33 +1115,6 @@ func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error { } adc.AATPDataConnectorProperties = &aATPDataConnectorProperties } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - adc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - adc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - adc.Name = &name - } case "etag": if v != nil { var etag string @@ -1112,11 +1153,11 @@ type AccountEntity struct { *AccountEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -1138,43 +1179,43 @@ func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool) { return &ae, true } -// AsHostEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -1183,23 +1224,23 @@ func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -1245,23 +1286,23 @@ func (ae *AccountEntity) UnmarshalJSON(body []byte) error { } ae.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - ae.Type = &typeVar + ae.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - ae.Name = &name + ae.Type = &typeVar } case "kind": if v != nil { @@ -1280,32 +1321,32 @@ func (ae *AccountEntity) UnmarshalJSON(body []byte) error { // AccountEntityProperties account entity property bag. type AccountEntityProperties struct { - // AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. - AccountName *string `json:"accountName,omitempty"` - // NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY. - NtDomain *string `json:"ntDomain,omitempty"` - // UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. - UpnSuffix *string `json:"upnSuffix,omitempty"` - // Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18. - Sid *string `json:"sid,omitempty"` // AadTenantID - READ-ONLY; The Azure Active Directory tenant id. AadTenantID *string `json:"aadTenantId,omitempty"` // AadUserID - READ-ONLY; The Azure Active Directory user id. AadUserID *string `json:"aadUserId,omitempty"` - // Puid - READ-ONLY; The Azure Active Directory Passport User ID. - Puid *string `json:"puid,omitempty"` - // IsDomainJoined - READ-ONLY; Determines whether this is a domain account. - IsDomainJoined *bool `json:"isDomainJoined,omitempty"` + // AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. + AccountName *string `json:"accountName,omitempty"` // DisplayName - READ-ONLY; The display name of the account. DisplayName *string `json:"displayName,omitempty"` - // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. - ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` // HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined) HostEntityID *string `json:"hostEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // IsDomainJoined - READ-ONLY; Determines whether this is a domain account. + IsDomainJoined *bool `json:"isDomainJoined,omitempty"` + // NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY. + NtDomain *string `json:"ntDomain,omitempty"` + // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. + ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` + // Puid - READ-ONLY; The Azure Active Directory Passport User ID. + Puid *string `json:"puid,omitempty"` + // Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18. + Sid *string `json:"sid,omitempty"` + // UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. + UpnSuffix *string `json:"upnSuffix,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for AccountEntityProperties. @@ -1314,35 +1355,34 @@ func (aep AccountEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// Action action for alert rule. -type Action struct { - autorest.Response `json:"-"` - // Etag - Etag of the action. +// ActionRequest action for alert rule. +type ActionRequest struct { + // ActionRequestProperties - Action properties for put request + *ActionRequestProperties `json:"properties,omitempty"` + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // ActionProperties - Action properties - *ActionProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } -// MarshalJSON is the custom marshaler for Action. -func (a Action) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for ActionRequest. +func (ar ActionRequest) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - if a.Etag != nil { - objectMap["etag"] = a.Etag + if ar.ActionRequestProperties != nil { + objectMap["properties"] = ar.ActionRequestProperties } - if a.ActionProperties != nil { - objectMap["properties"] = a.ActionProperties + if ar.Etag != nil { + objectMap["etag"] = ar.Etag } return json.Marshal(objectMap) } -// UnmarshalJSON is the custom unmarshaler for Action struct. -func (a *Action) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for ActionRequest struct. +func (ar *ActionRequest) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -1350,23 +1390,23 @@ func (a *Action) UnmarshalJSON(body []byte) error { } for k, v := range m { switch k { - case "etag": + case "properties": if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) + var actionRequestProperties ActionRequestProperties + err = json.Unmarshal(*v, &actionRequestProperties) if err != nil { return err } - a.Etag = &etag + ar.ActionRequestProperties = &actionRequestProperties } - case "properties": + case "etag": if v != nil { - var actionProperties ActionProperties - err = json.Unmarshal(*v, &actionProperties) + var etag string + err = json.Unmarshal(*v, &etag) if err != nil { return err } - a.ActionProperties = &actionProperties + ar.Etag = &etag } case "id": if v != nil { @@ -1375,7 +1415,16 @@ func (a *Action) UnmarshalJSON(body []byte) error { if err != nil { return err } - a.ID = &ID + ar.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ar.Name = &name } case "type": if v != nil { @@ -1384,7 +1433,82 @@ func (a *Action) UnmarshalJSON(body []byte) error { if err != nil { return err } - a.Type = &typeVar + ar.Type = &typeVar + } + } + } + + return nil +} + +// ActionRequestProperties action property bag. +type ActionRequestProperties struct { + // TriggerURI - Logic App Callback URL for this specific workflow. + TriggerURI *string `json:"triggerUri,omitempty"` +} + +// ActionResponse action for alert rule. +type ActionResponse struct { + autorest.Response `json:"-"` + // Etag - Etag of the action. + Etag *string `json:"etag,omitempty"` + // ActionResponseProperties - Action properties for get request + *ActionResponseProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for ActionResponse. +func (ar ActionResponse) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ar.Etag != nil { + objectMap["etag"] = ar.Etag + } + if ar.ActionResponseProperties != nil { + objectMap["properties"] = ar.ActionResponseProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for ActionResponse struct. +func (ar *ActionResponse) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ar.Etag = &etag + } + case "properties": + if v != nil { + var actionResponseProperties ActionResponseProperties + err = json.Unmarshal(*v, &actionResponseProperties) + if err != nil { + return err + } + ar.ActionResponseProperties = &actionResponseProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ar.ID = &ID } case "name": if v != nil { @@ -1393,7 +1517,16 @@ func (a *Action) UnmarshalJSON(body []byte) error { if err != nil { return err } - a.Name = &name + ar.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ar.Type = &typeVar } } } @@ -1401,10 +1534,10 @@ func (a *Action) UnmarshalJSON(body []byte) error { return nil } -// ActionProperties action property bag. -type ActionProperties struct { - // TriggerURI - The uri for the action to trigger. - TriggerURI *string `json:"triggerUri,omitempty"` +// ActionResponseProperties action property bag. +type ActionResponseProperties struct { + // WorkflowID - The name of the logic app's workflow. + WorkflowID *string `json:"workflowId,omitempty"` } // ActionsList list all the actions. @@ -1413,10 +1546,10 @@ type ActionsList struct { // NextLink - READ-ONLY; URL to fetch the next set of actions. NextLink *string `json:"nextLink,omitempty"` // Value - Array of actions. - Value *[]Action `json:"value,omitempty"` + Value *[]ActionResponse `json:"value,omitempty"` } -// ActionsListIterator provides access to a complete listing of Action values. +// ActionsListIterator provides access to a complete listing of ActionResponse values. type ActionsListIterator struct { i int page ActionsListPage @@ -1467,9 +1600,9 @@ func (iter ActionsListIterator) Response() ActionsList { // Value returns the current value or a zero-initialized value if the // iterator has advanced beyond the end of the collection. -func (iter ActionsListIterator) Value() Action { +func (iter ActionsListIterator) Value() ActionResponse { if !iter.page.NotDone() { - return Action{} + return ActionResponse{} } return iter.page.Values()[iter.i] } @@ -1496,7 +1629,7 @@ func (al ActionsList) actionsListPreparer(ctx context.Context) (*http.Request, e autorest.WithBaseURL(to.String(al.NextLink))) } -// ActionsListPage contains a page of Action values. +// ActionsListPage contains a page of ActionResponse values. type ActionsListPage struct { fn func(context.Context, ActionsList) (ActionsList, error) al ActionsList @@ -1541,7 +1674,7 @@ func (page ActionsListPage) Response() ActionsList { } // Values returns the slice of values for the current page or nil if there are no values. -func (page ActionsListPage) Values() []Action { +func (page ActionsListPage) Values() []ActionResponse { if page.al.IsEmpty() { return nil } @@ -1564,12 +1697,12 @@ type Aggregations struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation' - Kind KindBasicAggregations `json:"kind,omitempty"` + Kind Kind `json:"kind,omitempty"` } func unmarshalBasicAggregations(body []byte) (BasicAggregations, error) { @@ -1659,6 +1792,8 @@ func (am *AggregationsModel) UnmarshalJSON(body []byte) error { // BasicAlertRule alert rule. type BasicAlertRule interface { + AsFusionAlertRule() (*FusionAlertRule, bool) + AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) AsScheduledAlertRule() (*ScheduledAlertRule, bool) AsAlertRule() (*AlertRule, bool) } @@ -1666,16 +1801,10 @@ type BasicAlertRule interface { // AlertRule alert rule. type AlertRule struct { autorest.Response `json:"-"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' - Kind Kind `json:"kind,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind KindBasicAlertRule `json:"kind,omitempty"` } func unmarshalBasicAlertRule(body []byte) (BasicAlertRule, error) { @@ -1686,6 +1815,14 @@ func unmarshalBasicAlertRule(body []byte) (BasicAlertRule, error) { } switch m["kind"] { + case string(KindFusion): + var far FusionAlertRule + err := json.Unmarshal(body, &far) + return far, err + case string(KindMicrosoftSecurityIncidentCreation): + var msicar MicrosoftSecurityIncidentCreationAlertRule + err := json.Unmarshal(body, &msicar) + return msicar, err case string(KindScheduled): var sar ScheduledAlertRule err := json.Unmarshal(body, &sar) @@ -1728,6 +1865,16 @@ func (ar AlertRule) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// AsFusionAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return nil, false +} + // AsScheduledAlertRule is the BasicAlertRule implementation for AlertRule. func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { return nil, false @@ -1745,7 +1892,7 @@ func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { // AlertRuleKind1 describes an Azure resource with kind. type AlertRuleKind1 struct { - // Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'Filter', 'Fusion' + // Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion' Kind AlertRuleKind `json:"kind,omitempty"` } @@ -1946,9 +2093,9 @@ func NewAlertRulesListPage(getNextPage func(context.Context, AlertRulesList) (Al // BasicAlertRuleTemplate alert rule template. type BasicAlertRuleTemplate interface { - AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) - AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) + AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) + AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) } @@ -1957,13 +2104,11 @@ type AlertRuleTemplate struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } @@ -1975,18 +2120,18 @@ func unmarshalBasicAlertRuleTemplate(body []byte) (BasicAlertRuleTemplate, error } switch m["kind"] { - case string(KindBasicAlertRuleTemplateKindScheduled): - var sart ScheduledAlertRuleTemplate - err := json.Unmarshal(body, &sart) - return sart, err - case string(KindBasicAlertRuleTemplateKindFilter): - var fart FilterAlertRuleTemplate - err := json.Unmarshal(body, &fart) - return fart, err case string(KindBasicAlertRuleTemplateKindFusion): var fart FusionAlertRuleTemplate err := json.Unmarshal(body, &fart) return fart, err + case string(KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation): + var msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate + err := json.Unmarshal(body, &msicart) + return msicart, err + case string(KindBasicAlertRuleTemplateKindScheduled): + var sart ScheduledAlertRuleTemplate + err := json.Unmarshal(body, &sart) + return sart, err default: var art AlertRuleTemplate err := json.Unmarshal(body, &art) @@ -2016,27 +2161,24 @@ func unmarshalBasicAlertRuleTemplateArray(body []byte) ([]BasicAlertRuleTemplate func (art AlertRuleTemplate) MarshalJSON() ([]byte, error) { art.Kind = KindBasicAlertRuleTemplateKindAlertRuleTemplate objectMap := make(map[string]interface{}) - if art.Etag != nil { - objectMap["etag"] = art.Etag - } if art.Kind != "" { objectMap["kind"] = art.Kind } return json.Marshal(objectMap) } -// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. -func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { return nil, false } -// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. -func (art AlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { return nil, false } -// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. -func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { return nil, false } @@ -2067,6 +2209,24 @@ func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error { return nil } +// AlertRuleTemplatePropertiesBase base alert rule template property bag. +type AlertRuleTemplatePropertiesBase struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` +} + // AlertRuleTemplatesList list all the alert rule templates. type AlertRuleTemplatesList struct { autorest.Response `json:"-"` @@ -2257,19 +2417,21 @@ type AlertsDataTypeOfDataConnectorAlerts struct { State DataTypeState `json:"state,omitempty"` } +// ASCCheckRequirements ASC (Azure Security Center) requirements check properties. +type ASCCheckRequirements struct { + // SubscriptionID - The subscription id to connect to, and get the data from. + SubscriptionID *string `json:"subscriptionId,omitempty"` + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + Kind DataConnectorKind `json:"kind,omitempty"` +} + // ASCDataConnector represents ASC (Azure Security Center) data connector. type ASCDataConnector struct { // ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties. *ASCDataConnectorProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2289,43 +2451,43 @@ func (adc ASCDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } +// AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return &adc, true +} + // AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { - return &adc, true -} - -// AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -2357,33 +2519,6 @@ func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error { } adc.ASCDataConnectorProperties = &aSCDataConnectorProperties } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - adc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - adc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - adc.Name = &name - } case "etag": if v != nil { var etag string @@ -2408,7 +2543,7 @@ func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error { return nil } -// ASCDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. +// ASCDataConnectorProperties ASC (Azure Security Center) data connector properties. type ASCDataConnectorProperties struct { // SubscriptionID - The subscription id to connect to, and get the data from. SubscriptionID *string `json:"subscriptionId,omitempty"` @@ -2416,19 +2551,19 @@ type ASCDataConnectorProperties struct { DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } +// AwsCloudTrailCheckRequirements amazon Web Services CloudTrail requirements check properties. +type AwsCloudTrailCheckRequirements struct { + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + Kind DataConnectorKind `json:"kind,omitempty"` +} + // AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector. type AwsCloudTrailDataConnector struct { // AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties. *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2448,23 +2583,13 @@ func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return nil, false -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return &actdc, true -} - -// AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } @@ -2473,18 +2598,28 @@ func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, return nil, false } +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return &actdc, true +} + // AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -2516,33 +2651,6 @@ func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error { } actdc.AwsCloudTrailDataConnectorProperties = &awsCloudTrailDataConnectorProperties } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - actdc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - actdc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - actdc.Name = &name - } case "etag": if v != nil { var etag string @@ -2594,11 +2702,11 @@ type AzureResourceEntity struct { *AzureResourceEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -2620,18 +2728,23 @@ func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return &are, true +} + +// AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool) { +// AsDNSEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsFileEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } @@ -2640,23 +2753,18 @@ func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsHostEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsIPEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return &are, true -} - -// AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -2665,23 +2773,23 @@ func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -2727,23 +2835,23 @@ func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error { } are.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - are.Type = &typeVar + are.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - are.Name = &name + are.Type = &typeVar } case "kind": if v != nil { @@ -2764,10 +2872,10 @@ func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error { type AzureResourceEntityProperties struct { // ResourceID - READ-ONLY; The azure resource id of the resource ResourceID *string `json:"resourceId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for AzureResourceEntityProperties. @@ -2776,48 +2884,30 @@ func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// BaseAlertRuleTemplateProperties base alert rule template property bag. -type BaseAlertRuleTemplateProperties struct { - // DisplayName - The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule template. - Description *string `json:"description,omitempty"` - // Tactics - The tactics of the alert rule template - Tactics *[]AttackTactic `json:"tactics,omitempty"` - // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. - CreatedDateUTC *string `json:"createdDateUTC,omitempty"` - // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' - Status TemplateStatus `json:"status,omitempty"` - // RequiredDataConnectors - The required data connectors for this template - RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` - // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` -} - // Bookmark represents a bookmark in Azure Security Insights. type Bookmark struct { autorest.Response `json:"-"` - // Etag - Etag of the bookmark. - Etag *string `json:"etag,omitempty"` // BookmarkProperties - Bookmark properties *BookmarkProperties `json:"properties,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for Bookmark. func (b Bookmark) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - if b.Etag != nil { - objectMap["etag"] = b.Etag - } if b.BookmarkProperties != nil { objectMap["properties"] = b.BookmarkProperties } + if b.Etag != nil { + objectMap["etag"] = b.Etag + } return json.Marshal(objectMap) } @@ -2830,23 +2920,23 @@ func (b *Bookmark) UnmarshalJSON(body []byte) error { } for k, v := range m { switch k { - case "etag": + case "properties": if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) + var bookmarkProperties BookmarkProperties + err = json.Unmarshal(*v, &bookmarkProperties) if err != nil { return err } - b.Etag = &etag + b.BookmarkProperties = &bookmarkProperties } - case "properties": + case "etag": if v != nil { - var bookmarkProperties BookmarkProperties - err = json.Unmarshal(*v, &bookmarkProperties) + var etag string + err = json.Unmarshal(*v, &etag) if err != nil { return err } - b.BookmarkProperties = &bookmarkProperties + b.Etag = &etag } case "id": if v != nil { @@ -2857,23 +2947,23 @@ func (b *Bookmark) UnmarshalJSON(body []byte) error { } b.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - b.Type = &typeVar + b.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - b.Name = &name + b.Type = &typeVar } } } @@ -3029,55 +3119,57 @@ func NewBookmarkListPage(getNextPage func(context.Context, BookmarkList) (Bookma // BookmarkProperties describes bookmark properties type BookmarkProperties struct { - // DisplayName - The display name of the bookmark - DisplayName *string `json:"displayName,omitempty"` - // Updated - The last time the bookmark was updated - Updated *date.Time `json:"updated,omitempty"` // Created - The time the bookmark was created Created *date.Time `json:"created,omitempty"` // CreatedBy - Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` - // UpdatedBy - Describes a user that updated the bookmark - UpdatedBy *UserInfo `json:"updatedBy,omitempty"` - // Notes - The notes of the bookmark - Notes *string `json:"notes,omitempty"` + // DisplayName - The display name of the bookmark + DisplayName *string `json:"displayName,omitempty"` // Labels - List of labels relevant to this bookmark Labels *[]string `json:"labels,omitempty"` + // Notes - The notes of the bookmark + Notes *string `json:"notes,omitempty"` // Query - The query of the bookmark. Query *string `json:"query,omitempty"` // QueryResult - The query result of the bookmark. QueryResult *string `json:"queryResult,omitempty"` + // Updated - The last time the bookmark was updated + Updated *date.Time `json:"updated,omitempty"` + // UpdatedBy - Describes a user that updated the bookmark + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` } -// Case represents a case in Azure Security Insights. -type Case struct { +// BookmarkRelation represents a bookmark relation +type BookmarkRelation struct { autorest.Response `json:"-"` - // Etag - Etag of the alert rule. + // BookmarkRelationProperties - Bookmark relation properties + *BookmarkRelationProperties `json:"properties,omitempty"` + // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' + Kind RelationTypes `json:"kind,omitempty"` + // Etag - ETag for relation Etag *string `json:"etag,omitempty"` - // CaseProperties - Case properties - *CaseProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } -// MarshalJSON is the custom marshaler for Case. -func (c Case) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for BookmarkRelation. +func (br BookmarkRelation) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - if c.Etag != nil { - objectMap["etag"] = c.Etag + if br.BookmarkRelationProperties != nil { + objectMap["properties"] = br.BookmarkRelationProperties } - if c.CaseProperties != nil { - objectMap["properties"] = c.CaseProperties + if br.Etag != nil { + objectMap["etag"] = br.Etag } return json.Marshal(objectMap) } -// UnmarshalJSON is the custom unmarshaler for Case struct. -func (c *Case) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for BookmarkRelation struct. +func (br *BookmarkRelation) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -3085,41 +3177,41 @@ func (c *Case) UnmarshalJSON(body []byte) error { } for k, v := range m { switch k { - case "etag": + case "properties": if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) + var bookmarkRelationProperties BookmarkRelationProperties + err = json.Unmarshal(*v, &bookmarkRelationProperties) if err != nil { return err } - c.Etag = &etag + br.BookmarkRelationProperties = &bookmarkRelationProperties } - case "properties": + case "kind": if v != nil { - var caseProperties CaseProperties - err = json.Unmarshal(*v, &caseProperties) + var kind RelationTypes + err = json.Unmarshal(*v, &kind) if err != nil { return err } - c.CaseProperties = &caseProperties + br.Kind = kind } - case "id": + case "etag": if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) + var etag string + err = json.Unmarshal(*v, &etag) if err != nil { return err } - c.ID = &ID + br.Etag = &etag } - case "type": + case "id": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var ID string + err = json.Unmarshal(*v, &ID) if err != nil { return err } - c.Type = &typeVar + br.ID = &ID } case "name": if v != nil { @@ -3128,7 +3220,16 @@ func (c *Case) UnmarshalJSON(body []byte) error { if err != nil { return err } - c.Name = &name + br.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + br.Type = &typeVar } } } @@ -3136,17 +3237,264 @@ func (c *Case) UnmarshalJSON(body []byte) error { return nil } -// CaseComment represents a case comment -type CaseComment struct { +// BookmarkRelationList list of bookmark relations. +type BookmarkRelationList struct { autorest.Response `json:"-"` - // CaseCommentProperties - Case comment properties - *CaseCommentProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` + // NextLink - READ-ONLY; URL to fetch the next set of relations. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of relations. + Value *[]BookmarkRelation `json:"value,omitempty"` +} + +// BookmarkRelationListIterator provides access to a complete listing of BookmarkRelation values. +type BookmarkRelationListIterator struct { + i int + page BookmarkRelationListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *BookmarkRelationListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarkRelationListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *BookmarkRelationListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter BookmarkRelationListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter BookmarkRelationListIterator) Response() BookmarkRelationList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter BookmarkRelationListIterator) Value() BookmarkRelation { + if !iter.page.NotDone() { + return BookmarkRelation{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the BookmarkRelationListIterator type. +func NewBookmarkRelationListIterator(page BookmarkRelationListPage) BookmarkRelationListIterator { + return BookmarkRelationListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (brl BookmarkRelationList) IsEmpty() bool { + return brl.Value == nil || len(*brl.Value) == 0 +} + +// bookmarkRelationListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (brl BookmarkRelationList) bookmarkRelationListPreparer(ctx context.Context) (*http.Request, error) { + if brl.NextLink == nil || len(to.String(brl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(brl.NextLink))) +} + +// BookmarkRelationListPage contains a page of BookmarkRelation values. +type BookmarkRelationListPage struct { + fn func(context.Context, BookmarkRelationList) (BookmarkRelationList, error) + brl BookmarkRelationList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *BookmarkRelationListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarkRelationListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.brl) + if err != nil { + return err + } + page.brl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *BookmarkRelationListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page BookmarkRelationListPage) NotDone() bool { + return !page.brl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page BookmarkRelationListPage) Response() BookmarkRelationList { + return page.brl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page BookmarkRelationListPage) Values() []BookmarkRelation { + if page.brl.IsEmpty() { + return nil + } + return *page.brl.Value +} + +// Creates a new instance of the BookmarkRelationListPage type. +func NewBookmarkRelationListPage(getNextPage func(context.Context, BookmarkRelationList) (BookmarkRelationList, error)) BookmarkRelationListPage { + return BookmarkRelationListPage{fn: getNextPage} +} + +// BookmarkRelationProperties bookmark relation properties +type BookmarkRelationProperties struct { + // RelationName - Name of relation + RelationName *string `json:"relationName,omitempty"` + // BookmarkID - The case related bookmark id + BookmarkID *string `json:"bookmarkId,omitempty"` + // CaseIdentifier - The case identifier + CaseIdentifier *string `json:"caseIdentifier,omitempty"` + // CaseTitle - The case title + CaseTitle *string `json:"caseTitle,omitempty"` + // CaseSeverity - The case severity + CaseSeverity *string `json:"caseSeverity,omitempty"` +} + +// Case represents a case in Azure Security Insights. +type Case struct { + autorest.Response `json:"-"` + // CaseProperties - Case properties + *CaseProperties `json:"properties,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for Case. +func (c Case) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if c.CaseProperties != nil { + objectMap["properties"] = c.CaseProperties + } + if c.Etag != nil { + objectMap["etag"] = c.Etag + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for Case struct. +func (c *Case) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var caseProperties CaseProperties + err = json.Unmarshal(*v, &caseProperties) + if err != nil { + return err + } + c.CaseProperties = &caseProperties + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + c.Etag = &etag + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + c.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + c.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + c.Type = &typeVar + } + } + } + + return nil +} + +// CaseComment represents a case comment +type CaseComment struct { + autorest.Response `json:"-"` + // CaseCommentProperties - Case comment properties + *CaseCommentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for CaseComment. @@ -3185,23 +3533,23 @@ func (cc *CaseComment) UnmarshalJSON(body []byte) error { } cc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - cc.Type = &typeVar + cc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - cc.Name = &name + cc.Type = &typeVar } } } @@ -3357,10 +3705,10 @@ func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) ( // CaseCommentProperties case comment property bag. type CaseCommentProperties struct { - // Message - The comment message - Message *string `json:"message,omitempty"` // CreatedTimeUtc - READ-ONLY; The time the comment was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Message - The comment message + Message *string `json:"message,omitempty"` // UserInfo - READ-ONLY; Describes the user that created the comment UserInfo *UserInfo `json:"userInfo,omitempty"` } @@ -3513,52 +3861,308 @@ func NewCaseListPage(getNextPage func(context.Context, CaseList) (CaseList, erro // CaseProperties describes case properties type CaseProperties struct { - // LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated - LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` + // CaseNumber - READ-ONLY; a sequential number + CaseNumber *int32 `json:"caseNumber,omitempty"` + // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other' + CloseReason CloseReason `json:"closeReason,omitempty"` + // ClosedReasonText - the case close reason details + ClosedReasonText *string `json:"closedReasonText,omitempty"` // CreatedTimeUtc - READ-ONLY; The time the case was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Description - The description of the case + Description *string `json:"description,omitempty"` // EndTimeUtc - The end time of the case EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` - // StartTimeUtc - The start time of the case - StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Labels - List of labels relevant to this case Labels *[]string `json:"labels,omitempty"` - // Description - The description of the case - Description *string `json:"description,omitempty"` - // Title - The title of the case - Title *string `json:"title,omitempty"` + // LastComment - READ-ONLY; the last comment in the case + LastComment *string `json:"lastComment,omitempty"` + // LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated + LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` // Owner - Describes a user that the case is assigned to Owner *UserInfo `json:"owner,omitempty"` + // RelatedAlertIds - READ-ONLY; List of related alert identifiers + RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"` // Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational' Severity CaseSeverity `json:"severity,omitempty"` + // StartTimeUtc - The start time of the case + StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed' Status CaseStatus `json:"status,omitempty"` - // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other' - CloseReason CloseReason `json:"closeReason,omitempty"` - // ClosedReasonText - the case close reason details - ClosedReasonText *string `json:"closedReasonText,omitempty"` - // RelatedAlertIds - READ-ONLY; List of related alert identifiers - RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"` - // CaseNumber - READ-ONLY; a sequential number - CaseNumber *int32 `json:"caseNumber,omitempty"` - // LastComment - READ-ONLY; the last comment in the case - LastComment *string `json:"lastComment,omitempty"` + // Title - The title of the case + Title *string `json:"title,omitempty"` // TotalComments - READ-ONLY; the number of total comments in the case TotalComments *int32 `json:"totalComments,omitempty"` } -// CasesAggregation represents aggregations results for cases. -type CasesAggregation struct { - // CasesAggregationProperties - Properties of aggregations results of cases. - *CasesAggregationProperties `json:"properties,omitempty"` +// CaseRelation represents a case relation +type CaseRelation struct { + autorest.Response `json:"-"` + // CaseRelationProperties - Case relation properties + *CaseRelationProperties `json:"properties,omitempty"` + // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' + Kind RelationTypes `json:"kind,omitempty"` + // Etag - ETag for relation + Etag *string `json:"etag,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for CaseRelation. +func (cr CaseRelation) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if cr.CaseRelationProperties != nil { + objectMap["properties"] = cr.CaseRelationProperties + } + if cr.Etag != nil { + objectMap["etag"] = cr.Etag + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for CaseRelation struct. +func (cr *CaseRelation) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var caseRelationProperties CaseRelationProperties + err = json.Unmarshal(*v, &caseRelationProperties) + if err != nil { + return err + } + cr.CaseRelationProperties = &caseRelationProperties + } + case "kind": + if v != nil { + var kind RelationTypes + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + cr.Kind = kind + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + cr.Etag = &etag + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + cr.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + cr.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + cr.Type = &typeVar + } + } + } + + return nil +} + +// CaseRelationList list of case relations. +type CaseRelationList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of relations. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of relations. + Value *[]CaseRelation `json:"value,omitempty"` +} + +// CaseRelationListIterator provides access to a complete listing of CaseRelation values. +type CaseRelationListIterator struct { + i int + page CaseRelationListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *CaseRelationListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseRelationListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *CaseRelationListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter CaseRelationListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter CaseRelationListIterator) Response() CaseRelationList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter CaseRelationListIterator) Value() CaseRelation { + if !iter.page.NotDone() { + return CaseRelation{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the CaseRelationListIterator type. +func NewCaseRelationListIterator(page CaseRelationListPage) CaseRelationListIterator { + return CaseRelationListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (crl CaseRelationList) IsEmpty() bool { + return crl.Value == nil || len(*crl.Value) == 0 +} + +// caseRelationListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (crl CaseRelationList) caseRelationListPreparer(ctx context.Context) (*http.Request, error) { + if crl.NextLink == nil || len(to.String(crl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(crl.NextLink))) +} + +// CaseRelationListPage contains a page of CaseRelation values. +type CaseRelationListPage struct { + fn func(context.Context, CaseRelationList) (CaseRelationList, error) + crl CaseRelationList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *CaseRelationListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseRelationListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.crl) + if err != nil { + return err + } + page.crl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *CaseRelationListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page CaseRelationListPage) NotDone() bool { + return !page.crl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page CaseRelationListPage) Response() CaseRelationList { + return page.crl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page CaseRelationListPage) Values() []CaseRelation { + if page.crl.IsEmpty() { + return nil + } + return *page.crl.Value +} + +// Creates a new instance of the CaseRelationListPage type. +func NewCaseRelationListPage(getNextPage func(context.Context, CaseRelationList) (CaseRelationList, error)) CaseRelationListPage { + return CaseRelationListPage{fn: getNextPage} +} + +// CaseRelationProperties case relation properties +type CaseRelationProperties struct { + // RelationName - Name of relation + RelationName *string `json:"relationName,omitempty"` + // BookmarkID - The case related bookmark id + BookmarkID *string `json:"bookmarkId,omitempty"` + // CaseIdentifier - The case identifier + CaseIdentifier *string `json:"caseIdentifier,omitempty"` + // BookmarkName - The case related bookmark name + BookmarkName *string `json:"bookmarkName,omitempty"` +} + +// CasesAggregation represents aggregations results for cases. +type CasesAggregation struct { + // CasesAggregationProperties - Properties of aggregations results of cases. + *CasesAggregationProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation' - Kind KindBasicAggregations `json:"kind,omitempty"` + Kind Kind `json:"kind,omitempty"` } // MarshalJSON is the custom marshaler for CasesAggregation. @@ -3616,27 +4220,27 @@ func (ca *CasesAggregation) UnmarshalJSON(body []byte) error { } ca.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - ca.Type = &typeVar + ca.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - ca.Name = &name + ca.Type = &typeVar } case "kind": if v != nil { - var kind KindBasicAggregations + var kind Kind err = json.Unmarshal(*v, &kind) if err != nil { return err @@ -3655,24 +4259,24 @@ type CasesAggregationBySeverityProperties struct { TotalCriticalSeverity *int32 `json:"totalCriticalSeverity,omitempty"` // TotalHighSeverity - READ-ONLY; Total amount of open cases with severity High TotalHighSeverity *int32 `json:"totalHighSeverity,omitempty"` - // TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium - TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"` - // TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low - TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"` // TotalInformationalSeverity - READ-ONLY; Total amount of open cases with severity Informational TotalInformationalSeverity *int32 `json:"totalInformationalSeverity,omitempty"` + // TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low + TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"` + // TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium + TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"` } // CasesAggregationByStatusProperties aggregative results of cases by status property bag. type CasesAggregationByStatusProperties struct { - // TotalNewStatus - READ-ONLY; Total amount of open cases with status New - TotalNewStatus *int32 `json:"totalNewStatus,omitempty"` + // TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed + TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"` // TotalInProgressStatus - READ-ONLY; Total amount of open cases with status InProgress TotalInProgressStatus *int32 `json:"totalInProgressStatus,omitempty"` + // TotalNewStatus - READ-ONLY; Total amount of open cases with status New + TotalNewStatus *int32 `json:"totalNewStatus,omitempty"` // TotalResolvedStatus - READ-ONLY; Total amount of open cases with status Resolved TotalResolvedStatus *int32 `json:"totalResolvedStatus,omitempty"` - // TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed - TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"` } // CasesAggregationProperties aggregative results of cases property bag. @@ -3689,11 +4293,11 @@ type CloudApplicationEntity struct { *CloudApplicationEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -3715,18 +4319,23 @@ func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return &cae, true +} + +// AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsFileEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } @@ -3735,48 +4344,43 @@ func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsHostEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsIPEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return &cae, true -} - // AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity. func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -3822,23 +4426,23 @@ func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error { } cae.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - cae.Type = &typeVar + cae.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - cae.Name = &name + cae.Type = &typeVar } case "kind": if v != nil { @@ -3863,10 +4467,10 @@ type CloudApplicationEntityProperties struct { AppName *string `json:"appName,omitempty"` // InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. InstanceName *string `json:"instanceName,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for CloudApplicationEntityProperties. @@ -3924,29 +4528,23 @@ type CloudErrorBody struct { // BasicDataConnector data connector. type BasicDataConnector interface { - AsOfficeDataConnector() (*OfficeDataConnector, bool) - AsTIDataConnector() (*TIDataConnector, bool) - AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsAADDataConnector() (*AADDataConnector, bool) + AsAATPDataConnector() (*AATPDataConnector, bool) AsASCDataConnector() (*ASCDataConnector, bool) + AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsMCASDataConnector() (*MCASDataConnector, bool) - AsAATPDataConnector() (*AATPDataConnector, bool) AsMDATPDataConnector() (*MDATPDataConnector, bool) + AsOfficeDataConnector() (*OfficeDataConnector, bool) + AsTIDataConnector() (*TIDataConnector, bool) AsDataConnector() (*DataConnector, bool) } // DataConnector data connector. type DataConnector struct { autorest.Response `json:"-"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -3958,38 +4556,38 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { } switch m["kind"] { - case string(KindOffice365): - var odc OfficeDataConnector - err := json.Unmarshal(body, &odc) - return odc, err - case string(KindThreatIntelligence): - var tdc TIDataConnector - err := json.Unmarshal(body, &tdc) - return tdc, err - case string(KindAmazonWebServicesCloudTrail): - var actdc AwsCloudTrailDataConnector - err := json.Unmarshal(body, &actdc) - return actdc, err case string(KindAzureActiveDirectory): var adc AADDataConnector err := json.Unmarshal(body, &adc) return adc, err + case string(KindAzureAdvancedThreatProtection): + var adc AATPDataConnector + err := json.Unmarshal(body, &adc) + return adc, err case string(KindAzureSecurityCenter): var adc ASCDataConnector err := json.Unmarshal(body, &adc) return adc, err + case string(KindAmazonWebServicesCloudTrail): + var actdc AwsCloudTrailDataConnector + err := json.Unmarshal(body, &actdc) + return actdc, err case string(KindMicrosoftCloudAppSecurity): var mdc MCASDataConnector err := json.Unmarshal(body, &mdc) return mdc, err - case string(KindAzureAdvancedThreatProtection): - var adc AATPDataConnector - err := json.Unmarshal(body, &adc) - return adc, err case string(KindMicrosoftDefenderAdvancedThreatProtection): var mdc MDATPDataConnector err := json.Unmarshal(body, &mdc) return mdc, err + case string(KindOffice365): + var odc OfficeDataConnector + err := json.Unmarshal(body, &odc) + return odc, err + case string(KindThreatIntelligence): + var tdc TIDataConnector + err := json.Unmarshal(body, &tdc) + return tdc, err default: var dc DataConnector err := json.Unmarshal(body, &dc) @@ -4028,43 +4626,43 @@ func (dc DataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -4285,6 +4883,21 @@ func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error { return nil } +// DataConnectorRequirementsState data connector requirements status. +type DataConnectorRequirementsState struct { + autorest.Response `json:"-"` + // AuthorizationState - The state of the user's authorization for this connector. Possible values include: 'Valid', 'Invalid' + AuthorizationState DataConnectorAuthorizationState `json:"authorizationState,omitempty"` + // LicenseState - A list indicating the user's license state for this connector. + LicenseState *[]DataConnectorLicenseState `json:"licenseState,omitempty"` +} + +// DataConnectorsCheckRequirements data connector requirements properties. +type DataConnectorsCheckRequirements struct { + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + Kind DataConnectorKind `json:"kind,omitempty"` +} + // DataConnectorStatus alert rule template data connector status type DataConnectorStatus struct { // ConnectorID - the connector id @@ -4323,11 +4936,11 @@ type DNSEntity struct { *DNSEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -4349,43 +4962,43 @@ func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false +// AsDNSEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool) { + return &de, true } -// AsFileHashEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -4394,23 +5007,23 @@ func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool) { - return &de, true +// AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false } -// AsIPEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -4456,23 +5069,23 @@ func (de *DNSEntity) UnmarshalJSON(body []byte) error { } de.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - de.Type = &typeVar + de.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - de.Name = &name + de.Type = &typeVar } case "kind": if v != nil { @@ -4491,18 +5104,18 @@ func (de *DNSEntity) UnmarshalJSON(body []byte) error { // DNSEntityProperties dns entity property bag. type DNSEntityProperties struct { - // DomainName - READ-ONLY; The name of the dns record associated with the alert - DomainName *string `json:"domainName,omitempty"` - // IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address. - IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"` // DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"` + // DomainName - READ-ONLY; The name of the dns record associated with the alert + DomainName *string `json:"domainName,omitempty"` // HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address. + IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for DNSEntityProperties. @@ -4514,19 +5127,19 @@ func (dep DNSEntityProperties) MarshalJSON() ([]byte, error) { // BasicEntity specific entity. type BasicEntity interface { AsAccountEntity() (*AccountEntity, bool) - AsHostEntity() (*HostEntity, bool) - AsFileEntity() (*FileEntity, bool) - AsSecurityAlert() (*SecurityAlert, bool) - AsFileHashEntity() (*FileHashEntity, bool) - AsMalwareEntity() (*MalwareEntity, bool) - AsSecurityGroupEntity() (*SecurityGroupEntity, bool) AsAzureResourceEntity() (*AzureResourceEntity, bool) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) - AsProcessEntity() (*ProcessEntity, bool) AsDNSEntity() (*DNSEntity, bool) + AsFileEntity() (*FileEntity, bool) + AsFileHashEntity() (*FileHashEntity, bool) + AsHostEntity() (*HostEntity, bool) AsIPEntity() (*IPEntity, bool) + AsMalwareEntity() (*MalwareEntity, bool) + AsProcessEntity() (*ProcessEntity, bool) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) AsRegistryValueEntity() (*RegistryValueEntity, bool) + AsSecurityAlert() (*SecurityAlert, bool) + AsSecurityGroupEntity() (*SecurityGroupEntity, bool) AsURLEntity() (*URLEntity, bool) AsEntity() (*Entity, bool) } @@ -4536,11 +5149,11 @@ type Entity struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -4556,30 +5169,6 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var ae AccountEntity err := json.Unmarshal(body, &ae) return ae, err - case string(KindHost): - var he HostEntity - err := json.Unmarshal(body, &he) - return he, err - case string(KindFile): - var fe FileEntity - err := json.Unmarshal(body, &fe) - return fe, err - case string(KindSecurityAlert): - var sa SecurityAlert - err := json.Unmarshal(body, &sa) - return sa, err - case string(KindFileHash): - var fhe FileHashEntity - err := json.Unmarshal(body, &fhe) - return fhe, err - case string(KindMalware): - var me MalwareEntity - err := json.Unmarshal(body, &me) - return me, err - case string(KindSecurityGroup): - var sge SecurityGroupEntity - err := json.Unmarshal(body, &sge) - return sge, err case string(KindAzureResource): var are AzureResourceEntity err := json.Unmarshal(body, &are) @@ -4588,19 +5177,35 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var cae CloudApplicationEntity err := json.Unmarshal(body, &cae) return cae, err - case string(KindProcess): - var peVar ProcessEntity - err := json.Unmarshal(body, &peVar) - return peVar, err case string(KindDNSResolution): var de DNSEntity err := json.Unmarshal(body, &de) return de, err - case string(KindIP): - var ie IPEntity - err := json.Unmarshal(body, &ie) - return ie, err - case string(KindRegistryKey): + case string(KindFile): + var fe FileEntity + err := json.Unmarshal(body, &fe) + return fe, err + case string(KindFileHash): + var fhe FileHashEntity + err := json.Unmarshal(body, &fhe) + return fhe, err + case string(KindHost): + var he HostEntity + err := json.Unmarshal(body, &he) + return he, err + case string(KindIP): + var ie IPEntity + err := json.Unmarshal(body, &ie) + return ie, err + case string(KindMalware): + var me MalwareEntity + err := json.Unmarshal(body, &me) + return me, err + case string(KindProcess): + var peVar ProcessEntity + err := json.Unmarshal(body, &peVar) + return peVar, err + case string(KindRegistryKey): var rke RegistryKeyEntity err := json.Unmarshal(body, &rke) return rke, err @@ -4608,6 +5213,14 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var rve RegistryValueEntity err := json.Unmarshal(body, &rve) return rve, err + case string(KindSecurityAlert): + var sa SecurityAlert + err := json.Unmarshal(body, &sa) + return sa, err + case string(KindSecurityGroup): + var sge SecurityGroupEntity + err := json.Unmarshal(body, &sge) + return sge, err case string(KindURL): var ue URLEntity err := json.Unmarshal(body, &ue) @@ -4652,43 +5265,43 @@ func (e Entity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for Entity. -func (e Entity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for Entity. +func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for Entity. -func (e Entity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for Entity. +func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for Entity. -func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for Entity. +func (e Entity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for Entity. -func (e Entity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for Entity. +func (e Entity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for Entity. -func (e Entity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for Entity. +func (e Entity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for Entity. -func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for Entity. +func (e Entity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for Entity. -func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for Entity. +func (e Entity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for Entity. -func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for Entity. +func (e Entity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -4697,23 +5310,23 @@ func (e Entity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for Entity. -func (e Entity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for Entity. +func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for Entity. -func (e Entity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for Entity. +func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for Entity. -func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for Entity. -func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -4734,10 +5347,10 @@ func (e Entity) AsBasicEntity() (BasicEntity, bool) { // EntityCommonProperties entity common property bag. type EntityCommonProperties struct { - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for EntityCommonProperties. @@ -4748,21 +5361,21 @@ func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error) { // EntityExpandParameters the parameters required to execute an expand operation on the given entity. type EntityExpandParameters struct { + // EndTime - The end date filter, so the only expansion results returned are before this date. + EndTime *date.Time `json:"endTime,omitempty"` // ExpansionID - The Id of the expansion to perform. ExpansionID *uuid.UUID `json:"expansionId,omitempty"` // StartTime - The start date filter, so the only expansion results returned are after this date. StartTime *date.Time `json:"startTime,omitempty"` - // EndTime - The end date filter, so the only expansion results returned are before this date. - EndTime *date.Time `json:"endTime,omitempty"` } // EntityExpandResponse the entity expansion result operation response. type EntityExpandResponse struct { autorest.Response `json:"-"` - // Value - The expansion result values. - Value *EntityExpandResponseValue `json:"value,omitempty"` // MetaData - The metadata from the expansion operation results. MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` + // Value - The expansion result values. + Value *EntityExpandResponseValue `json:"value,omitempty"` } // EntityExpandResponseValue the expansion result values. @@ -5002,10 +5615,10 @@ type EntityQuery struct { *EntityQueryProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for EntityQuery. @@ -5044,23 +5657,23 @@ func (eq *EntityQuery) UnmarshalJSON(body []byte) error { } eq.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - eq.Type = &typeVar + eq.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - eq.Name = &name + eq.Type = &typeVar } } } @@ -5216,30 +5829,30 @@ func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) ( // EntityQueryProperties describes entity query properties type EntityQueryProperties struct { - // QueryTemplate - The template query string to be parsed and formatted - QueryTemplate *string `json:"queryTemplate,omitempty"` + // DataSources - List of the data sources that are required to run the query + DataSources *[]string `json:"dataSources,omitempty"` + // DisplayName - The query display name + DisplayName *string `json:"displayName,omitempty"` // InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark' InputEntityType EntityType `json:"inputEntityType,omitempty"` // InputFields - List of the fields of the source entity that are required to run the query InputFields *[]string `json:"inputFields,omitempty"` // OutputEntityTypes - List of the desired output types to be constructed from the result OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"` - // DataSources - List of the data sources that are required to run the query - DataSources *[]string `json:"dataSources,omitempty"` - // DisplayName - The query display name - DisplayName *string `json:"displayName,omitempty"` + // QueryTemplate - The template query string to be parsed and formatted + QueryTemplate *string `json:"queryTemplate,omitempty"` } // ExpansionResultAggregation information of a specific aggregation in the expansion result. type ExpansionResultAggregation struct { - // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' - EntityKind EntityKind `json:"entityKind,omitempty"` - // Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. - Count *int32 `json:"count,omitempty"` // AggregationType - The common type of the aggregation. (for e.g. entity field name) AggregationType *string `json:"aggregationType,omitempty"` + // Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. + Count *int32 `json:"count,omitempty"` // DisplayName - The display name of the aggregation by type. DisplayName *string `json:"displayName,omitempty"` + // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' + EntityKind EntityKind `json:"entityKind,omitempty"` } // ExpansionResultsMetadata expansion result metadata. @@ -5254,11 +5867,11 @@ type FileEntity struct { *FileEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5280,43 +5893,43 @@ func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsFileEntity() (*FileEntity, bool) { - return &fe, true +// AsCloudApplicationEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false } -// AsSecurityAlert is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false +// AsFileEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsFileEntity() (*FileEntity, bool) { + return &fe, true } -// AsMalwareEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -5325,23 +5938,23 @@ func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -5387,23 +6000,23 @@ func (fe *FileEntity) UnmarshalJSON(body []byte) error { } fe.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - fe.Type = &typeVar + fe.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - fe.Name = &name + fe.Type = &typeVar } case "kind": if v != nil { @@ -5424,16 +6037,16 @@ func (fe *FileEntity) UnmarshalJSON(body []byte) error { type FileEntityProperties struct { // Directory - READ-ONLY; The full path to the file. Directory *string `json:"directory,omitempty"` + // FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file + FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"` // FileName - READ-ONLY; The file name without path (some alerts might not include path). FileName *string `json:"fileName,omitempty"` // HostEntityID - READ-ONLY; The Host entity id which the file belongs to HostEntityID *string `json:"hostEntityId,omitempty"` - // FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file - FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for FileEntityProperties. @@ -5448,11 +6061,11 @@ type FileHashEntity struct { *FileHashEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5474,18 +6087,23 @@ func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } @@ -5494,23 +6112,18 @@ func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool) { return &fhe, true } -// AsMalwareEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -5519,23 +6132,23 @@ func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -5581,23 +6194,23 @@ func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { } fhe.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - fhe.Type = &typeVar + fhe.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - fhe.Name = &name + fhe.Type = &typeVar } case "kind": if v != nil { @@ -5616,14 +6229,14 @@ func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { // FileHashEntityProperties fileHash entity property bag. type FileHashEntityProperties struct { - // HashValue - READ-ONLY; The file hash value. - HashValue *string `json:"hashValue,omitempty"` // Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC' Algorithm FileHashAlgorithm `json:"algorithm,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // HashValue - READ-ONLY; The file hash value. + HashValue *string `json:"hashValue,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for FileHashEntityProperties. @@ -5632,65 +6245,59 @@ func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// FilterAlertRuleTemplate represents filter alert rule template. -type FilterAlertRuleTemplate struct { - // FilterAlertRuleTemplateProperties - Filter alert rule template properties - *FilterAlertRuleTemplateProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. +// FusionAlertRule represents Fusion alert rule. +type FusionAlertRule struct { + // FusionAlertRuleProperties - Fusion alert rule properties + *FusionAlertRuleProperties `json:"properties,omitempty"` + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' - Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind KindBasicAlertRule `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for FilterAlertRuleTemplate. -func (fart FilterAlertRuleTemplate) MarshalJSON() ([]byte, error) { - fart.Kind = KindBasicAlertRuleTemplateKindFilter +// MarshalJSON is the custom marshaler for FusionAlertRule. +func (far FusionAlertRule) MarshalJSON() ([]byte, error) { + far.Kind = KindFusion objectMap := make(map[string]interface{}) - if fart.FilterAlertRuleTemplateProperties != nil { - objectMap["properties"] = fart.FilterAlertRuleTemplateProperties + if far.FusionAlertRuleProperties != nil { + objectMap["properties"] = far.FusionAlertRuleProperties } - if fart.Etag != nil { - objectMap["etag"] = fart.Etag + if far.Etag != nil { + objectMap["etag"] = far.Etag } - if fart.Kind != "" { - objectMap["kind"] = fart.Kind + if far.Kind != "" { + objectMap["kind"] = far.Kind } return json.Marshal(objectMap) } -// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. -func (fart FilterAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { - return nil, false +// AsFusionAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { + return &far, true } -// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. -func (fart FilterAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { - return &fart, true +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return nil, false } -// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. -func (fart FilterAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { +// AsScheduledAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { return nil, false } -// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. -func (fart FilterAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { +// AsAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool) { return nil, false } -// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. -func (fart FilterAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { - return &fart, true +// AsBasicAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &far, true } -// UnmarshalJSON is the custom unmarshaler for FilterAlertRuleTemplate struct. -func (fart *FilterAlertRuleTemplate) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for FusionAlertRule struct. +func (far *FusionAlertRule) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -5700,39 +6307,12 @@ func (fart *FilterAlertRuleTemplate) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var filterAlertRuleTemplateProperties FilterAlertRuleTemplateProperties - err = json.Unmarshal(*v, &filterAlertRuleTemplateProperties) - if err != nil { - return err - } - fart.FilterAlertRuleTemplateProperties = &filterAlertRuleTemplateProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - fart.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - fart.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var fusionAlertRuleProperties FusionAlertRuleProperties + err = json.Unmarshal(*v, &fusionAlertRuleProperties) if err != nil { return err } - fart.Name = &name + far.FusionAlertRuleProperties = &fusionAlertRuleProperties } case "etag": if v != nil { @@ -5741,16 +6321,16 @@ func (fart *FilterAlertRuleTemplate) UnmarshalJSON(body []byte) error { if err != nil { return err } - fart.Etag = &etag + far.Etag = &etag } case "kind": if v != nil { - var kind KindBasicAlertRuleTemplate + var kind KindBasicAlertRule err = json.Unmarshal(*v, &kind) if err != nil { return err } - fart.Kind = kind + far.Kind = kind } } } @@ -5758,53 +6338,35 @@ func (fart *FilterAlertRuleTemplate) UnmarshalJSON(body []byte) error { return nil } -// FilterAlertRuleTemplateProperties filter alert rule template properties -type FilterAlertRuleTemplateProperties struct { - // DisplayName - The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule template. +// FusionAlertRuleProperties fusion alert rule base property bag. +type FusionAlertRuleProperties struct { + // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + // Description - READ-ONLY; The description of the alert rule. Description *string `json:"description,omitempty"` - // Tactics - The tactics of the alert rule template + // DisplayName - READ-ONLY; The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. + LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` + // Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Tactics - READ-ONLY; The tactics of the alert rule Tactics *[]AttackTactic `json:"tactics,omitempty"` - // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. - CreatedDateUTC *string `json:"createdDateUTC,omitempty"` - // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' - Status TemplateStatus `json:"status,omitempty"` - // RequiredDataConnectors - The required data connectors for this template - RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` - // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` - // FilterProduct - The filter product name for this template rule. - FilterProduct *string `json:"filterProduct,omitempty"` - // FilterSeverities - the alert’s severities on which the cases will be generated - FilterSeverities *[]AlertSeverity `json:"filterSeverities,omitempty"` - // FilterTitles - the alert’s titles on which the cases will be generated - FilterTitles *[]string `json:"filterTitles,omitempty"` -} - -// FilterAlertRuleTemplatePropertiesModel filter alert rule template property bag. -type FilterAlertRuleTemplatePropertiesModel struct { - // FilterProduct - The filter product name for this template rule. - FilterProduct *string `json:"filterProduct,omitempty"` - // FilterSeverities - the alert’s severities on which the cases will be generated - FilterSeverities *[]AlertSeverity `json:"filterSeverities,omitempty"` - // FilterTitles - the alert’s titles on which the cases will be generated - FilterTitles *[]string `json:"filterTitles,omitempty"` } -// FusionAlertRuleTemplate represents fusion alert rule template. +// FusionAlertRuleTemplate represents Fusion alert rule template. type FusionAlertRuleTemplate struct { // FusionAlertRuleTemplateProperties - Fusion alert rule template properties *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } @@ -5815,28 +6377,25 @@ func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { if fart.FusionAlertRuleTemplateProperties != nil { objectMap["properties"] = fart.FusionAlertRuleTemplateProperties } - if fart.Etag != nil { - objectMap["etag"] = fart.Etag - } if fart.Kind != "" { objectMap["kind"] = fart.Kind } return json.Marshal(objectMap) } -// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. -func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { - return nil, false +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return &fart, true } -// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. -func (fart FusionAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { return nil, false } -// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. -func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { - return &fart, true +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false } // AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. @@ -5876,15 +6435,6 @@ func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { } fart.ID = &ID } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - fart.Type = &typeVar - } case "name": if v != nil { var name string @@ -5894,14 +6444,14 @@ func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { } fart.Name = &name } - case "etag": + case "type": if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - fart.Etag = &etag + fart.Type = &typeVar } case "kind": if v != nil { @@ -5920,46 +6470,40 @@ func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { // FusionAlertRuleTemplateProperties fusion alert rule template properties type FusionAlertRuleTemplateProperties struct { - // DisplayName - The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` // Description - The description of the alert rule template. Description *string `json:"description,omitempty"` - // Tactics - The tactics of the alert rule template - Tactics *[]AttackTactic `json:"tactics,omitempty"` - // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. - CreatedDateUTC *string `json:"createdDateUTC,omitempty"` - // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' - Status TemplateStatus `json:"status,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data connectors for this template RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` - // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` -} - -// FusionAlertRuleTemplatePropertiesModel filter alert rule template property bag. -type FusionAlertRuleTemplatePropertiesModel struct { - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` } // GeoLocation the geo-location context attached to the ip entity type GeoLocation struct { + // Asn - READ-ONLY; Autonomous System Number + Asn *int32 `json:"asn,omitempty"` + // City - READ-ONLY; City name + City *string `json:"city,omitempty"` // CountryCode - READ-ONLY; The country code according to ISO 3166 format CountryCode *string `json:"countryCode,omitempty"` // CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name CountryName *string `json:"countryName,omitempty"` - // State - READ-ONLY; State name - State *string `json:"state,omitempty"` - // City - READ-ONLY; City name - City *string `json:"city,omitempty"` - // Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. - Longitude *float64 `json:"longitude,omitempty"` // Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. Latitude *float64 `json:"latitude,omitempty"` - // Asn - READ-ONLY; Autonomous System Number - Asn *int32 `json:"asn,omitempty"` + // Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. + Longitude *float64 `json:"longitude,omitempty"` + // State - READ-ONLY; State name + State *string `json:"state,omitempty"` } // HostEntity represents a host entity. @@ -5968,11 +6512,11 @@ type HostEntity struct { *HostEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5994,43 +6538,43 @@ func (he HostEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsHostEntity() (*HostEntity, bool) { - return &he, true +// AsAzureResourceEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false } -// AsFileEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false +// AsHostEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsHostEntity() (*HostEntity, bool) { + return &he, true } -// AsAzureResourceEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -6039,23 +6583,23 @@ func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -6101,23 +6645,23 @@ func (he *HostEntity) UnmarshalJSON(body []byte) error { } he.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - he.Type = &typeVar + he.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - he.Name = &name + he.Type = &typeVar } case "kind": if v != nil { @@ -6136,28 +6680,28 @@ func (he *HostEntity) UnmarshalJSON(body []byte) error { // HostEntityProperties host entity property bag. type HostEntityProperties struct { + // AzureID - READ-ONLY; The azure resource id of the VM. + AzureID *string `json:"azureID,omitempty"` // DNSDomain - READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain DNSDomain *string `json:"dnsDomain,omitempty"` - // NtDomain - READ-ONLY; The NT domain that this host belongs to. - NtDomain *string `json:"ntDomain,omitempty"` // HostName - READ-ONLY; The hostname without the domain suffix. HostName *string `json:"hostName,omitempty"` + // IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain. + IsDomainJoined *bool `json:"isDomainJoined,omitempty"` // NetBiosName - READ-ONLY; The host name (pre-windows2000). NetBiosName *string `json:"netBiosName,omitempty"` - // AzureID - READ-ONLY; The azure resource id of the VM. - AzureID *string `json:"azureID,omitempty"` + // NtDomain - READ-ONLY; The NT domain that this host belongs to. + NtDomain *string `json:"ntDomain,omitempty"` // OmsAgentID - READ-ONLY; The OMS agent id, if the host has OMS agent installed. OmsAgentID *string `json:"omsAgentID,omitempty"` // OsFamily - The operating system type. Possible values include: 'Linux', 'Windows', 'Android', 'IOS' OsFamily OSFamily `json:"osFamily,omitempty"` // OsVersion - READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration OsVersion *string `json:"osVersion,omitempty"` - // IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain. - IsDomainJoined *bool `json:"isDomainJoined,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for HostEntityProperties. @@ -6175,11 +6719,11 @@ type IPEntity struct { *IPEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -6201,43 +6745,43 @@ func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false +// AsIPEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsIPEntity() (*IPEntity, bool) { + return &ie, true } -// AsCloudApplicationEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -6246,23 +6790,23 @@ func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsIPEntity() (*IPEntity, bool) { - return &ie, true +// AsRegistryValueEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -6308,23 +6852,23 @@ func (ie *IPEntity) UnmarshalJSON(body []byte) error { } ie.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - ie.Type = &typeVar + ie.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - ie.Name = &name + ie.Type = &typeVar } case "kind": if v != nil { @@ -6349,10 +6893,10 @@ type IPEntityProperties struct { Location *GeoLocation `json:"location,omitempty"` // ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity. ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for IPEntityProperties. @@ -6370,11 +6914,11 @@ type MalwareEntity struct { *MalwareEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -6396,44 +6940,44 @@ func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return &me, true +// AsFileHashEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false +// AsMalwareEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return &me, true } // AsProcessEntity is the BasicEntity implementation for MalwareEntity. @@ -6441,23 +6985,23 @@ func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -6503,23 +7047,23 @@ func (me *MalwareEntity) UnmarshalJSON(body []byte) error { } me.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - me.Type = &typeVar + me.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - me.Name = &name + me.Type = &typeVar } case "kind": if v != nil { @@ -6538,18 +7082,18 @@ func (me *MalwareEntity) UnmarshalJSON(body []byte) error { // MalwareEntityProperties malware entity property bag. type MalwareEntityProperties struct { - // MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn - MalwareName *string `json:"malwareName,omitempty"` // Category - READ-ONLY; The malware category by the vendor, e.g. Trojan Category *string `json:"category,omitempty"` // FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found FileEntityIds *[]string `json:"fileEntityIds,omitempty"` + // MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn + MalwareName *string `json:"malwareName,omitempty"` // ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found. ProcessEntityIds *[]string `json:"processEntityIds,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for MalwareEntityProperties. @@ -6558,19 +7102,19 @@ func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// MCASCheckRequirements MCAS (Microsoft Cloud App Security) requirements check properties. +type MCASCheckRequirements struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + // MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector. type MCASDataConnector struct { // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. *MCASDataConnectorProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -6590,6 +7134,36 @@ func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return &mdc, true +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -6600,48 +7174,268 @@ func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false +// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true +} + +// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. +func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var mCASDataConnectorProperties MCASDataConnectorProperties + err = json.Unmarshal(*v, &mCASDataConnectorProperties) + if err != nil { + return err + } + mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + mdc.Kind = kind + } + } + } + + return nil +} + +// MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data +// connector. +type MCASDataConnectorDataTypes struct { + // DiscoveryLogs - Discovery log data type connection. + DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"` + // Alerts - Alerts data type connection. + Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` +} + +// MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection. +type MCASDataConnectorDataTypesDiscoveryLogs struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. +type MCASDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// MDATPCheckRequirements MDATP (Microsoft Defender Advanced Threat Protection) requirements check +// properties. +type MDATPCheckRequirements struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. +type MDATPDataConnector struct { + // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. + *MDATPDataConnectorProperties `json:"properties,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for MDATPDataConnector. +func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftDefenderAdvancedThreatProtection + objectMap := make(map[string]interface{}) + if mdc.MDATPDataConnectorProperties != nil { + objectMap["properties"] = mdc.MDATPDataConnectorProperties + } + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag + } + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return &mdc, true +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true +} + +// UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct. +func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var mDATPDataConnectorProperties MDATPDataConnectorProperties + err = json.Unmarshal(*v, &mDATPDataConnectorProperties) + if err != nil { + return err + } + mdc.MDATPDataConnectorProperties = &mDATPDataConnectorProperties + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + mdc.Kind = kind + } + } + } + + return nil } -// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return nil, false +// MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector +// properties. +type MDATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } -// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { - return nil, false +// MicrosoftSecurityIncidentCreationAlertRule represents MicrosoftSecurityIncidentCreation rule. +type MicrosoftSecurityIncidentCreationAlertRule struct { + // MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule properties + *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind KindBasicAlertRule `json:"kind,omitempty"` } -// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return &mdc, true +// MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error) { + msicar.Kind = KindMicrosoftSecurityIncidentCreation + objectMap := make(map[string]interface{}) + if msicar.MicrosoftSecurityIncidentCreationAlertRuleProperties != nil { + objectMap["properties"] = msicar.MicrosoftSecurityIncidentCreationAlertRuleProperties + } + if msicar.Etag != nil { + objectMap["etag"] = msicar.Etag + } + if msicar.Kind != "" { + objectMap["kind"] = msicar.Kind + } + return json.Marshal(objectMap) } -// AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsFusionAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return &msicar, true +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { return nil, false } -// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule() (*AlertRule, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &mdc, true +// AsBasicAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &msicar, true } -// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. -func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRule struct. +func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -6651,39 +7445,12 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var mCASDataConnectorProperties MCASDataConnectorProperties - err = json.Unmarshal(*v, &mCASDataConnectorProperties) - if err != nil { - return err - } - mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - mdc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - mdc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var microsoftSecurityIncidentCreationAlertRuleProperties MicrosoftSecurityIncidentCreationAlertRuleProperties + err = json.Unmarshal(*v, µsoftSecurityIncidentCreationAlertRuleProperties) if err != nil { return err } - mdc.Name = &name + msicar.MicrosoftSecurityIncidentCreationAlertRuleProperties = µsoftSecurityIncidentCreationAlertRuleProperties } case "etag": if v != nil { @@ -6692,16 +7459,16 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Etag = &etag + msicar.Etag = &etag } case "kind": if v != nil { - var kind KindBasicDataConnector + var kind KindBasicAlertRule err = json.Unmarshal(*v, &kind) if err != nil { return err } - mdc.Kind = kind + msicar.Kind = kind } } } @@ -6709,113 +7476,95 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { return nil } -// MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data -// connector. -type MCASDataConnectorDataTypes struct { - // DiscoveryLogs - Discovery log data type connection. - DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"` - // Alerts - Alerts data type connection. - Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` -} - -// MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection. -type MCASDataConnectorDataTypesDiscoveryLogs struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` -} - -// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. -type MCASDataConnectorProperties struct { - // DataTypes - The available data types for the connector. - DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` +// MicrosoftSecurityIncidentCreationAlertRuleCommonProperties microsoftSecurityIncidentCreation rule common +// property bag. +type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct { + // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated + DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection' + ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` + // SeveritiesFilter - the alerts' severities on which the cases will be generated + SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` } -// MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. -type MDATPDataConnector struct { - // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. - *MDATPDataConnectorProperties `json:"properties,omitempty"` +// MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property +// bag. +type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { + // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + // Description - The description of the alert rule. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. + LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` + // Tactics - The tactics of the alert rule + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated + DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection' + ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` + // SeveritiesFilter - the alerts' severities on which the cases will be generated + SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` +} + +// MicrosoftSecurityIncidentCreationAlertRuleTemplate represents MicrosoftSecurityIncidentCreation rule +// template. +type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct { + // MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties + *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for MDATPDataConnector. -func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error) { - mdc.Kind = KindMicrosoftDefenderAdvancedThreatProtection +// MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error) { + msicart.Kind = KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation objectMap := make(map[string]interface{}) - if mdc.MDATPDataConnectorProperties != nil { - objectMap["properties"] = mdc.MDATPDataConnectorProperties - } - if mdc.Etag != nil { - objectMap["etag"] = mdc.Etag + if msicart.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties != nil { + objectMap["properties"] = msicart.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties } - if mdc.Kind != "" { - objectMap["kind"] = mdc.Kind + if msicart.Kind != "" { + objectMap["kind"] = msicart.Kind } return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false -} - -// AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return nil, false -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false -} - -// AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return nil, false -} - -// AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return nil, false +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { + return &msicart, true } -// AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return &mdc, true -} - -// AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &mdc, true +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &msicart, true } -// UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct. -func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate struct. +func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -6825,12 +7574,12 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var mDATPDataConnectorProperties MDATPDataConnectorProperties - err = json.Unmarshal(*v, &mDATPDataConnectorProperties) + var microsoftSecurityIncidentCreationAlertRuleTemplateProperties MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties + err = json.Unmarshal(*v, µsoftSecurityIncidentCreationAlertRuleTemplateProperties) if err != nil { return err } - mdc.MDATPDataConnectorProperties = &mDATPDataConnectorProperties + msicart.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = µsoftSecurityIncidentCreationAlertRuleTemplateProperties } case "id": if v != nil { @@ -6839,16 +7588,7 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - mdc.Type = &typeVar + msicart.ID = &ID } case "name": if v != nil { @@ -6857,25 +7597,25 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Name = &name + msicart.Name = &name } - case "etag": + case "type": if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - mdc.Etag = &etag + msicart.Type = &typeVar } case "kind": if v != nil { - var kind KindBasicDataConnector + var kind KindBasicAlertRuleTemplate err = json.Unmarshal(*v, &kind) if err != nil { return err } - mdc.Kind = kind + msicart.Kind = kind } } } @@ -6883,13 +7623,29 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { return nil } -// MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector -// properties. -type MDATPDataConnectorProperties struct { - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` - // DataTypes - The available data types for the connector. - DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule +// template properties +type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated + DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection' + ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` + // SeveritiesFilter - the alerts' severities on which the cases will be generated + SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` } // OfficeConsent consent for Office365 tenant that already made. @@ -6899,10 +7655,10 @@ type OfficeConsent struct { *OfficeConsentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for OfficeConsent. @@ -6941,23 +7697,23 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { } oc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - oc.Type = &typeVar + oc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - oc.Name = &name + oc.Type = &typeVar } } } @@ -7123,15 +7879,9 @@ type OfficeConsentProperties struct { type OfficeDataConnector struct { // OfficeDataConnectorProperties - Office data connector properties. *OfficeDataConnectorProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -7151,28 +7901,23 @@ func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return &odc, true -} - -// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } @@ -7181,13 +7926,18 @@ func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return &odc, true +} + +// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -7219,33 +7969,6 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { } odc.OfficeDataConnectorProperties = &officeDataConnectorProperties } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - odc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - odc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - odc.Name = &name - } case "etag": if v != nil { var etag string @@ -7272,10 +7995,10 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { // OfficeDataConnectorDataTypes the available data types for office data connector. type OfficeDataConnectorDataTypes struct { - // SharePoint - SharePoint data type connection. - SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` // Exchange - Exchange data type connection. Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` + // SharePoint - SharePoint data type connection. + SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` } // OfficeDataConnectorDataTypesExchange exchange data type connection. @@ -7298,24 +8021,30 @@ type OfficeDataConnectorProperties struct { TenantID *string `json:"tenantId,omitempty"` } +// OfficeDataConnectorRequirementsCheck office data connector properties. +type OfficeDataConnectorRequirementsCheck struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + // Operation operation provided by provider type Operation struct { - // Name - Name of the operation - Name *string `json:"name,omitempty"` // Display - Properties of the operation Display *OperationDisplay `json:"display,omitempty"` + // Name - Name of the operation + Name *string `json:"name,omitempty"` } // OperationDisplay properties of the operation type OperationDisplay struct { + // Description - Description of the operation + Description *string `json:"description,omitempty"` + // Operation - Operation name + Operation *string `json:"operation,omitempty"` // Provider - Provider name Provider *string `json:"provider,omitempty"` // Resource - Resource name Resource *string `json:"resource,omitempty"` - // Operation - Operation name - Operation *string `json:"operation,omitempty"` - // Description - Description of the operation - Description *string `json:"description,omitempty"` } // OperationsList lists the operations available in the SecurityInsights RP. @@ -7470,11 +8199,11 @@ type ProcessEntity struct { *ProcessEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7496,43 +8225,43 @@ func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -7541,23 +8270,23 @@ func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool) { return &peVar, true } -// AsDNSEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -7603,23 +8332,23 @@ func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error { } peVar.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - peVar.Type = &typeVar + peVar.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - peVar.Name = &name + peVar.Type = &typeVar } case "kind": if v != nil { @@ -7638,28 +8367,28 @@ func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error { // ProcessEntityProperties process entity property bag. type ProcessEntityProperties struct { - // ProcessID - READ-ONLY; The process ID - ProcessID *string `json:"processId,omitempty"` + // AccountEntityID - READ-ONLY; The account entity id running the processes. + AccountEntityID *string `json:"accountEntityId,omitempty"` // CommandLine - READ-ONLY; The command line used to create the process CommandLine *string `json:"commandLine,omitempty"` - // ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited' - ElevationToken ElevationToken `json:"elevationToken,omitempty"` // CreationTimeUtc - READ-ONLY; The time when the process started to run CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"` - // ImageFileEntityID - READ-ONLY; Image file entity id - ImageFileEntityID *string `json:"imageFileEntityId,omitempty"` - // AccountEntityID - READ-ONLY; The account entity id running the processes. - AccountEntityID *string `json:"accountEntityId,omitempty"` - // ParentProcessEntityID - READ-ONLY; The parent process entity id. - ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"` + // ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited' + ElevationToken ElevationToken `json:"elevationToken,omitempty"` // HostEntityID - READ-ONLY; The host entity id on which the process was running HostEntityID *string `json:"hostEntityId,omitempty"` // HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // ImageFileEntityID - READ-ONLY; Image file entity id + ImageFileEntityID *string `json:"imageFileEntityId,omitempty"` + // ParentProcessEntityID - READ-ONLY; The parent process entity id. + ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"` + // ProcessID - READ-ONLY; The process ID + ProcessID *string `json:"processId,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for ProcessEntityProperties. @@ -7677,11 +8406,11 @@ type RegistryKeyEntity struct { *RegistryKeyEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7703,43 +8432,43 @@ func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -7748,16 +8477,6 @@ func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - // AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity. func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return &rke, true @@ -7768,6 +8487,16 @@ func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool return nil, false } +// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + // AsURLEntity is the BasicEntity implementation for RegistryKeyEntity. func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool) { return nil, false @@ -7810,23 +8539,23 @@ func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error { } rke.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - rke.Type = &typeVar + rke.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - rke.Name = &name + rke.Type = &typeVar } case "kind": if v != nil { @@ -7849,10 +8578,10 @@ type RegistryKeyEntityProperties struct { Hive RegistryHive `json:"hive,omitempty"` // Key - READ-ONLY; The registry key path. Key *string `json:"key,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for RegistryKeyEntityProperties. @@ -7867,11 +8596,11 @@ type RegistryValueEntity struct { *RegistryValueEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7893,58 +8622,48 @@ func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsDNSEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsFileEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsHostEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } - -// AsProcessEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool) { + +// AsIPEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool) { +// AsProcessEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } @@ -7958,6 +8677,16 @@ func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bo return &rve, true } +// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + // AsURLEntity is the BasicEntity implementation for RegistryValueEntity. func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool) { return nil, false @@ -8000,23 +8729,23 @@ func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error { } rve.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - rve.Type = &typeVar + rve.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - rve.Name = &name + rve.Type = &typeVar } case "kind": if v != nil { @@ -8035,18 +8764,18 @@ func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error { // RegistryValueEntityProperties registryValue entity property bag. type RegistryValueEntityProperties struct { - // ValueName - READ-ONLY; The registry value name. - ValueName *string `json:"valueName,omitempty"` + // KeyEntityID - READ-ONLY; The registry key entity id. + KeyEntityID *string `json:"keyEntityId,omitempty"` // ValueData - READ-ONLY; String formatted representation of the value data. ValueData *string `json:"valueData,omitempty"` + // ValueName - READ-ONLY; The registry value name. + ValueName *string `json:"valueName,omitempty"` // ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord' ValueType RegistryValueKind `json:"valueType,omitempty"` - // KeyEntityID - READ-ONLY; The registry key entity id. - KeyEntityID *string `json:"keyEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for RegistryValueEntityProperties. @@ -8055,30 +8784,184 @@ func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// Resource an azure resource object -type Resource struct { +// RelationBase represents a relation +type RelationBase struct { + // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' + Kind RelationTypes `json:"kind,omitempty"` + // Etag - ETag for relation + Etag *string `json:"etag,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` +} + +// RelationNode relation node +type RelationNode struct { + // RelationNodeID - Relation Node Id + RelationNodeID *string `json:"relationNodeId,omitempty"` + // RelationNodeKind - READ-ONLY; The type of relation node. Possible values include: 'RelationNodeKindCase', 'RelationNodeKindBookmark' + RelationNodeKind RelationNodeKind `json:"relationNodeKind,omitempty"` + // Etag - Etag for relation node + Etag *string `json:"etag,omitempty"` + // RelationAdditionalProperties - Additional set of properties + RelationAdditionalProperties map[string]*string `json:"relationAdditionalProperties"` +} + +// MarshalJSON is the custom marshaler for RelationNode. +func (rn RelationNode) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if rn.RelationNodeID != nil { + objectMap["relationNodeId"] = rn.RelationNodeID + } + if rn.Etag != nil { + objectMap["etag"] = rn.Etag + } + if rn.RelationAdditionalProperties != nil { + objectMap["relationAdditionalProperties"] = rn.RelationAdditionalProperties + } + return json.Marshal(objectMap) +} + +// RelationsModelInput relation input model +type RelationsModelInput struct { + // RelationsModelInputProperties - Relation input properties + *RelationsModelInputProperties `json:"properties,omitempty"` + // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' + Kind RelationTypes `json:"kind,omitempty"` + // Etag - ETag for relation + Etag *string `json:"etag,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } -// ScheduledAlertRule represents scheduled alert rule. -type ScheduledAlertRule struct { - // ScheduledAlertRuleProperties - Scheduled alert rule properties - *ScheduledAlertRuleProperties `json:"properties,omitempty"` +// MarshalJSON is the custom marshaler for RelationsModelInput. +func (rmi RelationsModelInput) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if rmi.RelationsModelInputProperties != nil { + objectMap["properties"] = rmi.RelationsModelInputProperties + } + if rmi.Etag != nil { + objectMap["etag"] = rmi.Etag + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for RelationsModelInput struct. +func (rmi *RelationsModelInput) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var relationsModelInputProperties RelationsModelInputProperties + err = json.Unmarshal(*v, &relationsModelInputProperties) + if err != nil { + return err + } + rmi.RelationsModelInputProperties = &relationsModelInputProperties + } + case "kind": + if v != nil { + var kind RelationTypes + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + rmi.Kind = kind + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + rmi.Etag = &etag + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + rmi.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + rmi.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + rmi.Type = &typeVar + } + } + } + + return nil +} + +// RelationsModelInputProperties relation input properties +type RelationsModelInputProperties struct { + // RelationName - Name of relation + RelationName *string `json:"relationName,omitempty"` + // SourceRelationNode - Relation source node + SourceRelationNode *RelationNode `json:"sourceRelationNode,omitempty"` + // TargetRelationNode - Relation target node + TargetRelationNode *RelationNode `json:"targetRelationNode,omitempty"` +} + +// Resource an azure resource object +type Resource struct { // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` +} + +// ResourceWithEtag an azure resource object with an Etag property +type ResourceWithEtag struct { + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// ScheduledAlertRule represents scheduled alert rule. +type ScheduledAlertRule struct { + // ScheduledAlertRuleProperties - Scheduled alert rule properties + *ScheduledAlertRuleProperties `json:"properties,omitempty"` + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' - Kind Kind `json:"kind,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind KindBasicAlertRule `json:"kind,omitempty"` } // MarshalJSON is the custom marshaler for ScheduledAlertRule. @@ -8097,6 +8980,16 @@ func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// AsFusionAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return nil, false +} + // AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { return &sar, true @@ -8130,33 +9023,6 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { } sar.ScheduledAlertRuleProperties = &scheduledAlertRuleProperties } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - sar.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - sar.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - sar.Name = &name - } case "etag": if v != nil { var etag string @@ -8168,7 +9034,7 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { } case "kind": if v != nil { - var kind Kind + var kind KindBasicAlertRule err = json.Unmarshal(*v, &kind) if err != nil { return err @@ -8181,32 +9047,52 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { return nil } -// ScheduledAlertRuleProperties alert rule property bag. +// ScheduledAlertRuleCommonProperties schedule alert rule template property bag. +type ScheduledAlertRuleCommonProperties struct { + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` +} + +// ScheduledAlertRuleProperties scheduled alert rule base property bag. type ScheduledAlertRuleProperties struct { - // DisplayName - The display name for alerts created by this alert rule. - DisplayName *string `json:"displayName,omitempty"` + // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // Description - The description of the alert rule. Description *string `json:"description,omitempty"` - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` + // DisplayName - The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` // Enabled - Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified. + LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` + // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. + SuppressionDuration *string `json:"suppressionDuration,omitempty"` + // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. + SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` + // Tactics - The tactics of the alert rule + Tactics *[]AttackTactic `json:"tactics,omitempty"` // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` - // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. - SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` - // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. - SuppressionDuration *string `json:"suppressionDuration,omitempty"` - // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` } // ScheduledAlertRuleTemplate represents scheduled alert rule template. @@ -8215,13 +9101,11 @@ type ScheduledAlertRuleTemplate struct { *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } @@ -8232,28 +9116,25 @@ func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) { if sart.ScheduledAlertRuleTemplateProperties != nil { objectMap["properties"] = sart.ScheduledAlertRuleTemplateProperties } - if sart.Etag != nil { - objectMap["etag"] = sart.Etag - } if sart.Kind != "" { objectMap["kind"] = sart.Kind } return json.Marshal(objectMap) } -// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. -func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { - return &sart, true +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false } -// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. -func (sart ScheduledAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { return nil, false } -// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. -func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { - return nil, false +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return &sart, true } // AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. @@ -8293,15 +9174,6 @@ func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { } sart.ID = &ID } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - sart.Type = &typeVar - } case "name": if v != nil { var name string @@ -8311,14 +9183,14 @@ func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { } sart.Name = &name } - case "etag": + case "type": if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - sart.Etag = &etag + sart.Type = &typeVar } case "kind": if v != nil { @@ -8337,44 +9209,28 @@ func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { // ScheduledAlertRuleTemplateProperties scheduled alert rule template properties type ScheduledAlertRuleTemplateProperties struct { - // DisplayName - The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` // Description - The description of the alert rule template. Description *string `json:"description,omitempty"` - // Tactics - The tactics of the alert rule template - Tactics *[]AttackTactic `json:"tactics,omitempty"` - // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. - CreatedDateUTC *string `json:"createdDateUTC,omitempty"` - // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' - Status TemplateStatus `json:"status,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data connectors for this template RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` - // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` - // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' - TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` - // TriggerThreshold - The threshold triggers this alert rule. - TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` -} - -// ScheduledAlertRuleTemplatePropertiesModel schedule alert rule template property bag. -type ScheduledAlertRuleTemplatePropertiesModel struct { // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` - // Query - The query that creates alerts for this rule. - Query *string `json:"query,omitempty"` - // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. - QueryFrequency *string `json:"queryFrequency,omitempty"` - // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. - QueryPeriod *string `json:"queryPeriod,omitempty"` // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. @@ -8387,11 +9243,11 @@ type SecurityAlert struct { *SecurityAlertProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -8413,43 +9269,43 @@ func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { - return &sa, true +// AsDNSEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool) { + return nil, false } -// AsFileHashEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -8458,23 +9314,23 @@ func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false +// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { + return &sa, true } -// AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -8520,23 +9376,23 @@ func (sa *SecurityAlert) UnmarshalJSON(body []byte) error { } sa.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - sa.Type = &typeVar + sa.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - sa.Name = &name + sa.Type = &typeVar } case "kind": if v != nil { @@ -8555,52 +9411,52 @@ func (sa *SecurityAlert) UnmarshalJSON(body []byte) error { // SecurityAlertProperties securityAlert entity property bag. type SecurityAlertProperties struct { - // SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product. - SystemAlertID *string `json:"systemAlertId,omitempty"` + // AlertDisplayName - READ-ONLY; The display name of the alert. + AlertDisplayName *string `json:"alertDisplayName,omitempty"` + // AlertType - READ-ONLY; The type name of the alert. + AlertType *string `json:"alertType,omitempty"` + // CompromisedEntity - READ-ONLY; Display name of the main entity being reported on. + CompromisedEntity *string `json:"compromisedEntity,omitempty"` + // ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh' + ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"` // ConfidenceReasons - READ-ONLY; The confidence reasons ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"` - // ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final' - ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` - // Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact' - Intent KillChainIntent `json:"intent,omitempty"` // ConfidenceScore - READ-ONLY; The confidence score of the alert. ConfidenceScore *float64 `json:"confidenceScore,omitempty"` - // AlertDisplayName - READ-ONLY; The display name of the alert. - AlertDisplayName *string `json:"alertDisplayName,omitempty"` + // ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final' + ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` // Description - READ-ONLY; Alert description. Description *string `json:"description,omitempty"` - // RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert. - RemediationSteps *[]string `json:"remediationSteps,omitempty"` - // ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh' - ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"` - // Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` - // VendorName - READ-ONLY; The name of the vendor that raise the alert. - VendorName *string `json:"vendorName,omitempty"` - // ProductName - READ-ONLY; The name of the product which published this alert. - ProductName *string `json:"productName,omitempty"` + // EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert). + EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` + // Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact' + Intent KillChainIntent `json:"intent,omitempty"` + // ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption. + ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"` // ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert. ProductComponentName *string `json:"productComponentName,omitempty"` - // AlertType - READ-ONLY; The type name of the alert. - AlertType *string `json:"alertType,omitempty"` + // ProductName - READ-ONLY; The name of the product which published this alert. + ProductName *string `json:"productName,omitempty"` // ProductVersion - READ-ONLY; The version of the product generating the alert. ProductVersion *string `json:"productVersion,omitempty"` - // ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption. - ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"` - // Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress' - Status AlertStatus `json:"status,omitempty"` - // EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert). - EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` + // RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert. + RemediationSteps *[]string `json:"remediationSteps,omitempty"` + // Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` // StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert). StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` + // Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress' + Status AlertStatus `json:"status,omitempty"` + // SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product. + SystemAlertID *string `json:"systemAlertId,omitempty"` // TimeGenerated - READ-ONLY; The time the alert was generated. TimeGenerated *date.Time `json:"timeGenerated,omitempty"` - // CompromisedEntity - READ-ONLY; Display name of the main entity being reported on. - CompromisedEntity *string `json:"compromisedEntity,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // VendorName - READ-ONLY; The name of the vendor that raise the alert. + VendorName *string `json:"vendorName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for SecurityAlertProperties. @@ -8614,10 +9470,10 @@ func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error) { // SecurityAlertPropertiesConfidenceReasonsItem confidence reason item type SecurityAlertPropertiesConfidenceReasonsItem struct { - // ReasonType - READ-ONLY; The type (category) of the reason - ReasonType *string `json:"reasonType,omitempty"` // Reason - READ-ONLY; The reason's description Reason *string `json:"reason,omitempty"` + // ReasonType - READ-ONLY; The type (category) of the reason + ReasonType *string `json:"reasonType,omitempty"` } // SecurityGroupEntity represents a security group entity. @@ -8626,11 +9482,11 @@ type SecurityGroupEntity struct { *SecurityGroupEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -8652,43 +9508,43 @@ func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return &sge, true +// AsHostEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -8697,24 +9553,24 @@ func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false +// AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return &sge, true } // AsURLEntity is the BasicEntity implementation for SecurityGroupEntity. @@ -8759,23 +9615,23 @@ func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { } sge.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - sge.Type = &typeVar + sge.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - sge.Name = &name + sge.Type = &typeVar } case "kind": if v != nil { @@ -8796,14 +9652,14 @@ func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { type SecurityGroupEntityProperties struct { // DistinguishedName - READ-ONLY; The group distinguished name DistinguishedName *string `json:"distinguishedName,omitempty"` - // Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group - Sid *string `json:"sid,omitempty"` // ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory. ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group + Sid *string `json:"sid,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for SecurityGroupEntityProperties. @@ -8814,23 +9670,17 @@ func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) { // BasicSettings the Setting. type BasicSettings interface { - AsUebaSettings() (*UebaSettings, bool) AsToggleSettings() (*ToggleSettings, bool) + AsUebaSettings() (*UebaSettings, bool) AsSettings() (*Settings, bool) } // Settings the Setting. type Settings struct { autorest.Response `json:"-"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings' + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -8842,14 +9692,14 @@ func unmarshalBasicSettings(body []byte) (BasicSettings, error) { } switch m["kind"] { - case string(KindUebaSettings): - var us UebaSettings - err := json.Unmarshal(body, &us) - return us, err case string(KindToggleSettings): var ts ToggleSettings err := json.Unmarshal(body, &ts) return ts, err + case string(KindUebaSettings): + var us UebaSettings + err := json.Unmarshal(body, &us) + return us, err default: var s Settings err := json.Unmarshal(body, &s) @@ -8888,13 +9738,13 @@ func (s Settings) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsUebaSettings is the BasicSettings implementation for Settings. -func (s Settings) AsUebaSettings() (*UebaSettings, bool) { +// AsToggleSettings is the BasicSettings implementation for Settings. +func (s Settings) AsToggleSettings() (*ToggleSettings, bool) { return nil, false } -// AsToggleSettings is the BasicSettings implementation for Settings. -func (s Settings) AsToggleSettings() (*ToggleSettings, bool) { +// AsUebaSettings is the BasicSettings implementation for Settings. +func (s Settings) AsUebaSettings() (*UebaSettings, bool) { return nil, false } @@ -8933,33 +9783,33 @@ func (sm *SettingsModel) UnmarshalJSON(body []byte) error { // ThreatIntelligence threatIntelligence property bag. type ThreatIntelligence struct { - // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received - ProviderName *string `json:"providerName,omitempty"` - // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") - ThreatType *string `json:"threatType,omitempty"` - // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") - ThreatName *string `json:"threatName,omitempty"` // Confidence - READ-ONLY; Confidence (must be between 0 and 1) Confidence *float64 `json:"confidence,omitempty"` + // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received + ProviderName *string `json:"providerName,omitempty"` // ReportLink - READ-ONLY; Report link ReportLink *string `json:"reportLink,omitempty"` // ThreatDescription - READ-ONLY; Threat description (free text) ThreatDescription *string `json:"threatDescription,omitempty"` + // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") + ThreatName *string `json:"threatName,omitempty"` + // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") + ThreatType *string `json:"threatType,omitempty"` +} + +// TICheckRequirements TI (Threat Intelligence) requirements check properties. +type TICheckRequirements struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` } // TIDataConnector represents threat intelligence data connector. type TIDataConnector struct { // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. *TIDataConnectorProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -8979,28 +9829,23 @@ func (tdc TIDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return &tdc, true -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } @@ -9009,16 +9854,21 @@ func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } +// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return &tdc, true +} + // AsDataConnector is the BasicDataConnector implementation for TIDataConnector. func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -9047,33 +9897,6 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { } tdc.TIDataConnectorProperties = &tIDataConnectorProperties } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - tdc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - tdc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - tdc.Name = &name - } case "etag": if v != nil { var etag string @@ -9122,15 +9945,9 @@ type TIDataConnectorProperties struct { type ToggleSettings struct { // ToggleSettingsProperties - toggle properties *ToggleSettingsProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings' + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -9150,16 +9967,16 @@ func (ts ToggleSettings) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsUebaSettings is the BasicSettings implementation for ToggleSettings. -func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool) { - return nil, false -} - // AsToggleSettings is the BasicSettings implementation for ToggleSettings. func (ts ToggleSettings) AsToggleSettings() (*ToggleSettings, bool) { return &ts, true } +// AsUebaSettings is the BasicSettings implementation for ToggleSettings. +func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool) { + return nil, false +} + // AsSettings is the BasicSettings implementation for ToggleSettings. func (ts ToggleSettings) AsSettings() (*Settings, bool) { return nil, false @@ -9188,33 +10005,6 @@ func (ts *ToggleSettings) UnmarshalJSON(body []byte) error { } ts.ToggleSettingsProperties = &toggleSettingsProperties } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - ts.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - ts.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - ts.Name = &name - } case "etag": if v != nil { var etag string @@ -9249,15 +10039,9 @@ type ToggleSettingsProperties struct { type UebaSettings struct { // UebaSettingsProperties - User and Entity Behavior Analytics settings properties *UebaSettingsProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. + // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings' + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -9277,16 +10061,16 @@ func (us UebaSettings) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsUebaSettings is the BasicSettings implementation for UebaSettings. -func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool) { - return &us, true -} - // AsToggleSettings is the BasicSettings implementation for UebaSettings. func (us UebaSettings) AsToggleSettings() (*ToggleSettings, bool) { return nil, false } +// AsUebaSettings is the BasicSettings implementation for UebaSettings. +func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool) { + return &us, true +} + // AsSettings is the BasicSettings implementation for UebaSettings. func (us UebaSettings) AsSettings() (*Settings, bool) { return nil, false @@ -9315,33 +10099,6 @@ func (us *UebaSettings) UnmarshalJSON(body []byte) error { } us.UebaSettingsProperties = &uebaSettingsProperties } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - us.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - us.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - us.Name = &name - } case "etag": if v != nil { var etag string @@ -9368,12 +10125,12 @@ func (us *UebaSettings) UnmarshalJSON(body []byte) error { // UebaSettingsProperties user and Entity Behavior Analytics settings property bag. type UebaSettingsProperties struct { + // AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled' + AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` // IsEnabled - Determines whether User and Entity Behavior Analytics is enabled for this workspace. IsEnabled *bool `json:"isEnabled,omitempty"` // StatusInMcas - READ-ONLY; Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: 'StatusInMcasEnabled', 'StatusInMcasDisabled' StatusInMcas StatusInMcas `json:"statusInMcas,omitempty"` - // AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled' - AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` } // URLEntity represents a url entity. @@ -9382,11 +10139,11 @@ type URLEntity struct { *URLEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -9408,43 +10165,43 @@ func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -9453,23 +10210,23 @@ func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -9515,23 +10272,23 @@ func (ue *URLEntity) UnmarshalJSON(body []byte) error { } ue.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - ue.Type = &typeVar + ue.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - ue.Name = &name + ue.Type = &typeVar } case "kind": if v != nil { @@ -9552,10 +10309,10 @@ func (ue *URLEntity) UnmarshalJSON(body []byte) error { type URLEntityProperties struct { // URL - READ-ONLY; A full URL the entity points to URL *string `json:"url,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for URLEntityProperties. @@ -9566,10 +10323,10 @@ func (uep URLEntityProperties) MarshalJSON() ([]byte, error) { // UserInfo user information that made some action type UserInfo struct { - // ObjectID - The object id of the user. - ObjectID *uuid.UUID `json:"objectId,omitempty"` // Email - READ-ONLY; The email of the user. Email *string `json:"email,omitempty"` // Name - READ-ONLY; The name of the user. Name *string `json:"name,omitempty"` + // ObjectID - The object id of the user. + ObjectID *uuid.UUID `json:"objectId,omitempty"` } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go index 854841ce503f..f277216e48ed 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go @@ -33,11 +33,11 @@ var _ OperationsClientAPI = (*securityinsight.OperationsClient)(nil) // AlertRulesClientAPI contains the set of methods on the AlertRulesClient type. type AlertRulesClientAPI interface { CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule securityinsight.BasicAlertRule) (result securityinsight.AlertRuleModel, err error) - CreateOrUpdateAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action securityinsight.Action) (result securityinsight.Action, err error) + CreateOrUpdateAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action securityinsight.ActionRequest) (result securityinsight.ActionResponse, err error) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result autorest.Response, err error) DeleteAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result securityinsight.AlertRuleModel, err error) - GetAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result securityinsight.Action, err error) + GetAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result securityinsight.ActionResponse, err error) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.AlertRulesListPage, err error) } @@ -93,6 +93,26 @@ type BookmarksClientAPI interface { var _ BookmarksClientAPI = (*securityinsight.BookmarksClient)(nil) +// CaseRelationsClientAPI contains the set of methods on the CaseRelationsClient type. +type CaseRelationsClientAPI interface { + CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel securityinsight.RelationsModelInput) (result securityinsight.CaseRelation, err error) + DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result autorest.Response, err error) + GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result securityinsight.CaseRelation, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.CaseRelationListPage, err error) +} + +var _ CaseRelationsClientAPI = (*securityinsight.CaseRelationsClient)(nil) + +// BookmarkRelationsClientAPI contains the set of methods on the BookmarkRelationsClient type. +type BookmarkRelationsClientAPI interface { + CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relationInputModel securityinsight.RelationsModelInput) (result securityinsight.BookmarkRelation, err error) + DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result autorest.Response, err error) + GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result securityinsight.BookmarkRelation, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.BookmarkRelationListPage, err error) +} + +var _ BookmarkRelationsClientAPI = (*securityinsight.BookmarkRelationsClient)(nil) + // DataConnectorsClientAPI contains the set of methods on the DataConnectorsClient type. type DataConnectorsClientAPI interface { CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector securityinsight.BasicDataConnector) (result securityinsight.DataConnectorModel, err error) @@ -103,6 +123,13 @@ type DataConnectorsClientAPI interface { var _ DataConnectorsClientAPI = (*securityinsight.DataConnectorsClient)(nil) +// DataConnectorRequirementsClientAPI contains the set of methods on the DataConnectorRequirementsClient type. +type DataConnectorRequirementsClientAPI interface { + List(ctx context.Context, resourceGroupName string, workspaceName string, operationalInsightsResourceProvider string, dataConnectorsCheckRequirements securityinsight.DataConnectorsCheckRequirements) (result securityinsight.DataConnectorRequirementsState, err error) +} + +var _ DataConnectorRequirementsClientAPI = (*securityinsight.DataConnectorRequirementsClient)(nil) + // EntitiesClientAPI contains the set of methods on the EntitiesClient type. type EntitiesClientAPI interface { Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters securityinsight.EntityExpandParameters) (result securityinsight.EntityExpandResponse, err error)