From 9f82b4f543de500f17490e549fc0b01577b8a98e Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Thu, 18 Jul 2019 11:02:35 +0000 Subject: [PATCH 1/3] Generated from 27abe226e56bd1a6d13985c9bc8871148a8c34ad Merge branch 'master' into InvestigationSwagger --- .../mgmt/securityinsight/models.go | 231 +- .../securityinsight/cases.go | 4 +- .../securityinsight/entities.go | 102 + .../securityinsight/models.go | 4815 ++++++++++++++--- .../securityinsightapi/interfaces.go | 1 + 5 files changed, 4459 insertions(+), 694 deletions(-) diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go index c922c6c0f486..9701778bed57 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go @@ -50,6 +50,16 @@ const ( Medium AlertSeverity = original.Medium ) +type AlertStatus = original.AlertStatus + +const ( + AlertStatusDismissed AlertStatus = original.AlertStatusDismissed + AlertStatusInProgress AlertStatus = original.AlertStatusInProgress + AlertStatusNew AlertStatus = original.AlertStatusNew + AlertStatusResolved AlertStatus = original.AlertStatusResolved + AlertStatusUnknown AlertStatus = original.AlertStatusUnknown +) + type CaseSeverity = original.CaseSeverity const ( @@ -77,17 +87,34 @@ const ( Resolved CloseReason = original.Resolved ) +type ConfidenceLevel = original.ConfidenceLevel + +const ( + ConfidenceLevelHigh ConfidenceLevel = original.ConfidenceLevelHigh + ConfidenceLevelLow ConfidenceLevel = original.ConfidenceLevelLow + ConfidenceLevelUnknown ConfidenceLevel = original.ConfidenceLevelUnknown +) + +type ConfidenceScoreStatus = original.ConfidenceScoreStatus + +const ( + Final ConfidenceScoreStatus = original.Final + InProcess ConfidenceScoreStatus = original.InProcess + NotApplicable ConfidenceScoreStatus = original.NotApplicable + NotFinal ConfidenceScoreStatus = original.NotFinal +) + type DataConnectorKind = original.DataConnectorKind const ( - AmazonWebServicesCloudTrail DataConnectorKind = original.AmazonWebServicesCloudTrail - AzureActiveDirectory DataConnectorKind = original.AzureActiveDirectory - AzureAdvancedThreatProtection DataConnectorKind = original.AzureAdvancedThreatProtection - AzureSecurityCenter DataConnectorKind = original.AzureSecurityCenter - MicrosoftCloudAppSecurity DataConnectorKind = original.MicrosoftCloudAppSecurity - MicrosoftDefenderAdvancedThreatProtection DataConnectorKind = original.MicrosoftDefenderAdvancedThreatProtection - Office365 DataConnectorKind = original.Office365 - ThreatIntelligence DataConnectorKind = original.ThreatIntelligence + DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = original.DataConnectorKindAmazonWebServicesCloudTrail + DataConnectorKindAzureActiveDirectory DataConnectorKind = original.DataConnectorKindAzureActiveDirectory + DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = original.DataConnectorKindAzureAdvancedThreatProtection + DataConnectorKindAzureSecurityCenter DataConnectorKind = original.DataConnectorKindAzureSecurityCenter + DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = original.DataConnectorKindMicrosoftCloudAppSecurity + DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = original.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection + DataConnectorKindOffice365 DataConnectorKind = original.DataConnectorKindOffice365 + DataConnectorKindThreatIntelligence DataConnectorKind = original.DataConnectorKindThreatIntelligence ) type DataTypeState = original.DataTypeState @@ -97,12 +124,83 @@ const ( Enabled DataTypeState = original.Enabled ) +type ElevationToken = original.ElevationToken + +const ( + Default ElevationToken = original.Default + Full ElevationToken = original.Full + Limited ElevationToken = original.Limited +) + type EntityKind = original.EntityKind const ( - Account EntityKind = original.Account - File EntityKind = original.File - Host EntityKind = original.Host + EntityKindAccount EntityKind = original.EntityKindAccount + EntityKindAzureResource EntityKind = original.EntityKindAzureResource + EntityKindBookmark EntityKind = original.EntityKindBookmark + EntityKindCloudApplication EntityKind = original.EntityKindCloudApplication + EntityKindDNSResolution EntityKind = original.EntityKindDNSResolution + EntityKindFile EntityKind = original.EntityKindFile + EntityKindFileHash EntityKind = original.EntityKindFileHash + EntityKindHost EntityKind = original.EntityKindHost + EntityKindIP EntityKind = original.EntityKindIP + EntityKindMalware EntityKind = original.EntityKindMalware + EntityKindProcess EntityKind = original.EntityKindProcess + EntityKindRegistryKey EntityKind = original.EntityKindRegistryKey + EntityKindRegistryValue EntityKind = original.EntityKindRegistryValue + EntityKindSecurityAlert EntityKind = original.EntityKindSecurityAlert + EntityKindSecurityGroup EntityKind = original.EntityKindSecurityGroup + EntityKindURL EntityKind = original.EntityKindURL +) + +type EntityType = original.EntityType + +const ( + EntityTypeAccount EntityType = original.EntityTypeAccount + EntityTypeAzureResource EntityType = original.EntityTypeAzureResource + EntityTypeCloudApplication EntityType = original.EntityTypeCloudApplication + EntityTypeDNS EntityType = original.EntityTypeDNS + EntityTypeFile EntityType = original.EntityTypeFile + EntityTypeFileHash EntityType = original.EntityTypeFileHash + EntityTypeHost EntityType = original.EntityTypeHost + EntityTypeHuntingBookmark EntityType = original.EntityTypeHuntingBookmark + EntityTypeIP EntityType = original.EntityTypeIP + EntityTypeMalware EntityType = original.EntityTypeMalware + EntityTypeProcess EntityType = original.EntityTypeProcess + EntityTypeRegistryKey EntityType = original.EntityTypeRegistryKey + EntityTypeRegistryValue EntityType = original.EntityTypeRegistryValue + EntityTypeSecurityAlert EntityType = original.EntityTypeSecurityAlert + EntityTypeSecurityGroup EntityType = original.EntityTypeSecurityGroup + EntityTypeURL EntityType = original.EntityTypeURL +) + +type FileHashAlgorithm = original.FileHashAlgorithm + +const ( + MD5 FileHashAlgorithm = original.MD5 + SHA1 FileHashAlgorithm = original.SHA1 + SHA256 FileHashAlgorithm = original.SHA256 + SHA256AC FileHashAlgorithm = original.SHA256AC + Unknown FileHashAlgorithm = original.Unknown +) + +type KillChainIntent = original.KillChainIntent + +const ( + KillChainIntentCollection KillChainIntent = original.KillChainIntentCollection + KillChainIntentCommandAndControl KillChainIntent = original.KillChainIntentCommandAndControl + KillChainIntentCredentialAccess KillChainIntent = original.KillChainIntentCredentialAccess + KillChainIntentDefenseEvasion KillChainIntent = original.KillChainIntentDefenseEvasion + KillChainIntentDiscovery KillChainIntent = original.KillChainIntentDiscovery + KillChainIntentExecution KillChainIntent = original.KillChainIntentExecution + KillChainIntentExfiltration KillChainIntent = original.KillChainIntentExfiltration + KillChainIntentExploitation KillChainIntent = original.KillChainIntentExploitation + KillChainIntentImpact KillChainIntent = original.KillChainIntentImpact + KillChainIntentLateralMovement KillChainIntent = original.KillChainIntentLateralMovement + KillChainIntentPersistence KillChainIntent = original.KillChainIntentPersistence + KillChainIntentPrivilegeEscalation KillChainIntent = original.KillChainIntentPrivilegeEscalation + KillChainIntentProbing KillChainIntent = original.KillChainIntentProbing + KillChainIntentUnknown KillChainIntent = original.KillChainIntentUnknown ) type Kind = original.Kind @@ -136,10 +234,23 @@ const ( type KindBasicEntity = original.KindBasicEntity const ( - KindAccount KindBasicEntity = original.KindAccount - KindEntity KindBasicEntity = original.KindEntity - KindFile KindBasicEntity = original.KindFile - KindHost KindBasicEntity = original.KindHost + KindAccount KindBasicEntity = original.KindAccount + KindAzureResource KindBasicEntity = original.KindAzureResource + KindBookmark KindBasicEntity = original.KindBookmark + KindCloudApplication KindBasicEntity = original.KindCloudApplication + KindDNSResolution KindBasicEntity = original.KindDNSResolution + KindEntity KindBasicEntity = original.KindEntity + KindFile KindBasicEntity = original.KindFile + KindFileHash KindBasicEntity = original.KindFileHash + KindHost KindBasicEntity = original.KindHost + KindIP KindBasicEntity = original.KindIP + KindMalware KindBasicEntity = original.KindMalware + KindProcess KindBasicEntity = original.KindProcess + KindRegistryKey KindBasicEntity = original.KindRegistryKey + KindRegistryValue KindBasicEntity = original.KindRegistryValue + KindSecurityAlert KindBasicEntity = original.KindSecurityAlert + KindSecurityGroup KindBasicEntity = original.KindSecurityGroup + KindURL KindBasicEntity = original.KindURL ) type KindBasicSettings = original.KindBasicSettings @@ -166,6 +277,34 @@ const ( Windows OSFamily = original.Windows ) +type RegistryHive = original.RegistryHive + +const ( + HKEYA RegistryHive = original.HKEYA + HKEYCLASSESROOT RegistryHive = original.HKEYCLASSESROOT + HKEYCURRENTCONFIG RegistryHive = original.HKEYCURRENTCONFIG + HKEYCURRENTUSER RegistryHive = original.HKEYCURRENTUSER + HKEYCURRENTUSERLOCALSETTINGS RegistryHive = original.HKEYCURRENTUSERLOCALSETTINGS + HKEYLOCALMACHINE RegistryHive = original.HKEYLOCALMACHINE + HKEYPERFORMANCEDATA RegistryHive = original.HKEYPERFORMANCEDATA + HKEYPERFORMANCENLSTEXT RegistryHive = original.HKEYPERFORMANCENLSTEXT + HKEYPERFORMANCETEXT RegistryHive = original.HKEYPERFORMANCETEXT + HKEYUSERS RegistryHive = original.HKEYUSERS +) + +type RegistryValueKind = original.RegistryValueKind + +const ( + RegistryValueKindBinary RegistryValueKind = original.RegistryValueKindBinary + RegistryValueKindDWord RegistryValueKind = original.RegistryValueKindDWord + RegistryValueKindExpandString RegistryValueKind = original.RegistryValueKindExpandString + RegistryValueKindMultiString RegistryValueKind = original.RegistryValueKindMultiString + RegistryValueKindNone RegistryValueKind = original.RegistryValueKindNone + RegistryValueKindQWord RegistryValueKind = original.RegistryValueKindQWord + RegistryValueKindString RegistryValueKind = original.RegistryValueKindString + RegistryValueKindUnknown RegistryValueKind = original.RegistryValueKindUnknown +) + type SettingKind = original.SettingKind const ( @@ -219,6 +358,8 @@ type AwsCloudTrailDataConnector = original.AwsCloudTrailDataConnector type AwsCloudTrailDataConnectorDataTypes = original.AwsCloudTrailDataConnectorDataTypes type AwsCloudTrailDataConnectorDataTypesLogs = original.AwsCloudTrailDataConnectorDataTypesLogs type AwsCloudTrailDataConnectorProperties = original.AwsCloudTrailDataConnectorProperties +type AzureResourceEntity = original.AzureResourceEntity +type AzureResourceEntityProperties = original.AzureResourceEntityProperties type BaseClient = original.BaseClient type BasicAggregations = original.BasicAggregations type BasicAlertRule = original.BasicAlertRule @@ -226,6 +367,8 @@ type BasicDataConnector = original.BasicDataConnector type BasicEntity = original.BasicEntity type BasicSettings = original.BasicSettings type Bookmark = original.Bookmark +type BookmarkEntity = original.BookmarkEntity +type BookmarkEntityProperties = original.BookmarkEntityProperties type BookmarkList = original.BookmarkList type BookmarkListIterator = original.BookmarkListIterator type BookmarkListPage = original.BookmarkListPage @@ -242,8 +385,12 @@ type CasesAggregationByStatusProperties = original.CasesAggregationByStatusPrope type CasesAggregationProperties = original.CasesAggregationProperties type CasesAggregationsClient = original.CasesAggregationsClient type CasesClient = original.CasesClient +type CloudApplicationEntity = original.CloudApplicationEntity +type CloudApplicationEntityProperties = original.CloudApplicationEntityProperties type CloudError = original.CloudError type CloudErrorBody = original.CloudErrorBody +type DNSEntity = original.DNSEntity +type DNSEntityProperties = original.DNSEntityProperties type DataConnector = original.DataConnector type DataConnectorDataTypeCommon = original.DataConnectorDataTypeCommon type DataConnectorKind1 = original.DataConnectorKind1 @@ -256,6 +403,10 @@ type DataConnectorWithAlertsProperties = original.DataConnectorWithAlertsPropert type DataConnectorsClient = original.DataConnectorsClient type EntitiesClient = original.EntitiesClient type Entity = original.Entity +type EntityCommonProperties = original.EntityCommonProperties +type EntityExpandParameters = original.EntityExpandParameters +type EntityExpandResponse = original.EntityExpandResponse +type EntityExpandResponseValue = original.EntityExpandResponseValue type EntityKind1 = original.EntityKind1 type EntityList = original.EntityList type EntityListIterator = original.EntityListIterator @@ -267,16 +418,25 @@ type EntityQueryList = original.EntityQueryList type EntityQueryListIterator = original.EntityQueryListIterator type EntityQueryListPage = original.EntityQueryListPage type EntityQueryProperties = original.EntityQueryProperties +type ExpansionResultAggregation = original.ExpansionResultAggregation +type ExpansionResultsMetadata = original.ExpansionResultsMetadata type FileEntity = original.FileEntity type FileEntityProperties = original.FileEntityProperties +type FileHash = original.FileHash +type FileHashEntityProperties = original.FileHashEntityProperties +type GeoLocation = original.GeoLocation type HostEntity = original.HostEntity type HostEntityProperties = original.HostEntityProperties +type IPEntity = original.IPEntity +type IPEntityProperties = original.IPEntityProperties type MCASDataConnector = original.MCASDataConnector type MCASDataConnectorDataTypes = original.MCASDataConnectorDataTypes type MCASDataConnectorDataTypesDiscoveryLogs = original.MCASDataConnectorDataTypesDiscoveryLogs type MCASDataConnectorProperties = original.MCASDataConnectorProperties type MDATPDataConnector = original.MDATPDataConnector type MDATPDataConnectorProperties = original.MDATPDataConnectorProperties +type MalwareEntity = original.MalwareEntity +type MalwareEntityProperties = original.MalwareEntityProperties type OfficeConsent = original.OfficeConsent type OfficeConsentList = original.OfficeConsentList type OfficeConsentListIterator = original.OfficeConsentListIterator @@ -294,10 +454,21 @@ type OperationsClient = original.OperationsClient type OperationsList = original.OperationsList type OperationsListIterator = original.OperationsListIterator type OperationsListPage = original.OperationsListPage +type ProcessEntity = original.ProcessEntity +type ProcessEntityProperties = original.ProcessEntityProperties type ProductSettingsClient = original.ProductSettingsClient +type RegistryKeyEntity = original.RegistryKeyEntity +type RegistryKeyEntityProperties = original.RegistryKeyEntityProperties +type RegistryValueEntity = original.RegistryValueEntity +type RegistryValueEntityProperties = original.RegistryValueEntityProperties type Resource = original.Resource type ScheduledAlertRule = original.ScheduledAlertRule type ScheduledAlertRuleProperties = original.ScheduledAlertRuleProperties +type SecurityAlert = original.SecurityAlert +type SecurityAlertProperties = original.SecurityAlertProperties +type SecurityAlertPropertiesConfidenceReasonsItem = original.SecurityAlertPropertiesConfidenceReasonsItem +type SecurityGroupEntity = original.SecurityGroupEntity +type SecurityGroupEntityProperties = original.SecurityGroupEntityProperties type Settings = original.Settings type SettingsKind = original.SettingsKind type SettingsModel = original.SettingsModel @@ -305,8 +476,11 @@ type TIDataConnector = original.TIDataConnector type TIDataConnectorDataTypes = original.TIDataConnectorDataTypes type TIDataConnectorDataTypesIndicators = original.TIDataConnectorDataTypesIndicators type TIDataConnectorProperties = original.TIDataConnectorProperties +type ThreatIntelligence = original.ThreatIntelligence type ToggleSettings = original.ToggleSettings type ToggleSettingsProperties = original.ToggleSettingsProperties +type URLEntity = original.URLEntity +type URLEntityProperties = original.URLEntityProperties type UebaSettings = original.UebaSettings type UebaSettingsProperties = original.UebaSettingsProperties type UserInfo = original.UserInfo @@ -446,6 +620,9 @@ func PossibleAlertRuleKindValues() []AlertRuleKind { func PossibleAlertSeverityValues() []AlertSeverity { return original.PossibleAlertSeverityValues() } +func PossibleAlertStatusValues() []AlertStatus { + return original.PossibleAlertStatusValues() +} func PossibleCaseSeverityValues() []CaseSeverity { return original.PossibleCaseSeverityValues() } @@ -455,15 +632,33 @@ func PossibleCaseStatusValues() []CaseStatus { func PossibleCloseReasonValues() []CloseReason { return original.PossibleCloseReasonValues() } +func PossibleConfidenceLevelValues() []ConfidenceLevel { + return original.PossibleConfidenceLevelValues() +} +func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { + return original.PossibleConfidenceScoreStatusValues() +} func PossibleDataConnectorKindValues() []DataConnectorKind { return original.PossibleDataConnectorKindValues() } func PossibleDataTypeStateValues() []DataTypeState { return original.PossibleDataTypeStateValues() } +func PossibleElevationTokenValues() []ElevationToken { + return original.PossibleElevationTokenValues() +} func PossibleEntityKindValues() []EntityKind { return original.PossibleEntityKindValues() } +func PossibleEntityTypeValues() []EntityType { + return original.PossibleEntityTypeValues() +} +func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { + return original.PossibleFileHashAlgorithmValues() +} +func PossibleKillChainIntentValues() []KillChainIntent { + return original.PossibleKillChainIntentValues() +} func PossibleKindBasicAggregationsValues() []KindBasicAggregations { return original.PossibleKindBasicAggregationsValues() } @@ -485,6 +680,12 @@ func PossibleLicenseStatusValues() []LicenseStatus { func PossibleOSFamilyValues() []OSFamily { return original.PossibleOSFamilyValues() } +func PossibleRegistryHiveValues() []RegistryHive { + return original.PossibleRegistryHiveValues() +} +func PossibleRegistryValueKindValues() []RegistryValueKind { + return original.PossibleRegistryValueKindValues() +} func PossibleSettingKindValues() []SettingKind { return original.PossibleSettingKindValues() } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go index 9a4eb0d79790..10f08f47c7d0 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go @@ -73,7 +73,9 @@ func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, {TargetValue: caseParameter, Constraints: []validation.Constraint{{Target: "caseParameter.CaseProperties", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.StartTimeUtc", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}, + }}}}}); err != nil { return result, validation.NewError("securityinsight.CasesClient", "CreateOrUpdate", err.Error()) } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go index e72cffc3e2c3..d8d24ad40d01 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go @@ -41,6 +41,108 @@ func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) Entitie return EntitiesClient{NewWithBaseURI(baseURI, subscriptionID)} } +// Expand expands an entity. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// entityID - entity ID +// parameters - the parameters required to execute an expand operation on the given entity. +func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (result EntityExpandResponse, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/EntitiesClient.Expand") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: parameters, + Constraints: []validation.Constraint{{Target: "parameters.ExpansionID", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "parameters.ExpansionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}}}}); err != nil { + return result, validation.NewError("securityinsight.EntitiesClient", "Expand", err.Error()) + } + + req, err := client.ExpandPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, entityID, parameters) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", nil, "Failure preparing request") + return + } + + resp, err := client.ExpandSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", resp, "Failure sending request") + return + } + + result, err = client.ExpandResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", resp, "Failure responding to request") + } + + return +} + +// ExpandPreparer prepares the Expand request. +func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "entityId": autorest.Encode("path", entityID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand", pathParameters), + autorest.WithJSON(parameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ExpandSender sends the Expand request. The method will close the +// http.Response Body if it receives an error. +func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ExpandResponder handles the response to the Expand request. The method always +// closes the http.Response Body. +func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + // Get gets an entity. // Parameters: // resourceGroupName - the name of the resource group within the user's subscription. The name is case diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index 3439ef0034bb..e85a9c64fa3a 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -76,6 +76,27 @@ func PossibleAlertSeverityValues() []AlertSeverity { return []AlertSeverity{High, Informational, Low, Medium} } +// AlertStatus enumerates the values for alert status. +type AlertStatus string + +const ( + // AlertStatusDismissed Alert dismissed as false positive + AlertStatusDismissed AlertStatus = "Dismissed" + // AlertStatusInProgress Alert is being handled + AlertStatusInProgress AlertStatus = "InProgress" + // AlertStatusNew New alert + AlertStatusNew AlertStatus = "New" + // AlertStatusResolved Alert closed after handling + AlertStatusResolved AlertStatus = "Resolved" + // AlertStatusUnknown Unknown value + AlertStatusUnknown AlertStatus = "Unknown" +) + +// PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type. +func PossibleAlertStatusValues() []AlertStatus { + return []AlertStatus{AlertStatusDismissed, AlertStatusInProgress, AlertStatusNew, AlertStatusResolved, AlertStatusUnknown} +} + // CaseSeverity enumerates the values for case severity. type CaseSeverity string @@ -133,31 +154,69 @@ func PossibleCloseReasonValues() []CloseReason { return []CloseReason{Dismissed, Other, Resolved} } +// ConfidenceLevel enumerates the values for confidence level. +type ConfidenceLevel string + +const ( + // ConfidenceLevelHigh High confidence that the alert is true positive malicious + ConfidenceLevelHigh ConfidenceLevel = "High" + // ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an + // attack + ConfidenceLevelLow ConfidenceLevel = "Low" + // ConfidenceLevelUnknown Unknown confidence, the is the default value + ConfidenceLevelUnknown ConfidenceLevel = "Unknown" +) + +// PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type. +func PossibleConfidenceLevelValues() []ConfidenceLevel { + return []ConfidenceLevel{ConfidenceLevelHigh, ConfidenceLevelLow, ConfidenceLevelUnknown} +} + +// ConfidenceScoreStatus enumerates the values for confidence score status. +type ConfidenceScoreStatus string + +const ( + // Final Final score was calculated and available + Final ConfidenceScoreStatus = "Final" + // InProcess No score was set yet and calculation is in progress + InProcess ConfidenceScoreStatus = "InProcess" + // NotApplicable Score will not be calculated for this alert as it is not supported by virtual analyst + NotApplicable ConfidenceScoreStatus = "NotApplicable" + // NotFinal Score is calculated and shown as part of the alert, but may be updated again at a later time + // following the processing of additional data + NotFinal ConfidenceScoreStatus = "NotFinal" +) + +// PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type. +func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { + return []ConfidenceScoreStatus{Final, InProcess, NotApplicable, NotFinal} +} + // DataConnectorKind enumerates the values for data connector kind. type DataConnectorKind string const ( - // AmazonWebServicesCloudTrail ... - AmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" - // AzureActiveDirectory ... - AzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" - // AzureAdvancedThreatProtection ... - AzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" - // AzureSecurityCenter ... - AzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" - // MicrosoftCloudAppSecurity ... - MicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" - // MicrosoftDefenderAdvancedThreatProtection ... - MicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" - // Office365 ... - Office365 DataConnectorKind = "Office365" - // ThreatIntelligence ... - ThreatIntelligence DataConnectorKind = "ThreatIntelligence" + // DataConnectorKindAmazonWebServicesCloudTrail ... + DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" + // DataConnectorKindAzureActiveDirectory ... + DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" + // DataConnectorKindAzureAdvancedThreatProtection ... + DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" + // DataConnectorKindAzureSecurityCenter ... + DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" + // DataConnectorKindMicrosoftCloudAppSecurity ... + DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" + // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... + DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" + // DataConnectorKindOffice365 ... + DataConnectorKindOffice365 DataConnectorKind = "Office365" + // DataConnectorKindThreatIntelligence ... + DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" ) // PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. func PossibleDataConnectorKindValues() []DataConnectorKind { - return []DataConnectorKind{AmazonWebServicesCloudTrail, AzureActiveDirectory, AzureAdvancedThreatProtection, AzureSecurityCenter, MicrosoftCloudAppSecurity, MicrosoftDefenderAdvancedThreatProtection, Office365, ThreatIntelligence} + return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence} } // DataTypeState enumerates the values for data type state. @@ -175,21 +234,206 @@ func PossibleDataTypeStateValues() []DataTypeState { return []DataTypeState{Disabled, Enabled} } +// ElevationToken enumerates the values for elevation token. +type ElevationToken string + +const ( + // Default Default elevation token + Default ElevationToken = "Default" + // Full Full elevation token + Full ElevationToken = "Full" + // Limited Limited elevation token + Limited ElevationToken = "Limited" +) + +// PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type. +func PossibleElevationTokenValues() []ElevationToken { + return []ElevationToken{Default, Full, Limited} +} + // EntityKind enumerates the values for entity kind. type EntityKind string const ( - // Account Entity represents account in the system. - Account EntityKind = "Account" - // File Entity represents file in the system. - File EntityKind = "File" - // Host Entity represents host in the system. - Host EntityKind = "Host" + // EntityKindAccount Entity represents account in the system. + EntityKindAccount EntityKind = "Account" + // EntityKindAzureResource Entity represents azure resource in the system. + EntityKindAzureResource EntityKind = "AzureResource" + // EntityKindBookmark Entity represents bookmark in the system. + EntityKindBookmark EntityKind = "Bookmark" + // EntityKindCloudApplication Entity represents cloud application in the system. + EntityKindCloudApplication EntityKind = "CloudApplication" + // EntityKindDNSResolution Entity represents dns resolution in the system. + EntityKindDNSResolution EntityKind = "DnsResolution" + // EntityKindFile Entity represents file in the system. + EntityKindFile EntityKind = "File" + // EntityKindFileHash Entity represents file hash in the system. + EntityKindFileHash EntityKind = "FileHash" + // EntityKindHost Entity represents host in the system. + EntityKindHost EntityKind = "Host" + // EntityKindIP Entity represents ip in the system. + EntityKindIP EntityKind = "Ip" + // EntityKindMalware Entity represents malware in the system. + EntityKindMalware EntityKind = "Malware" + // EntityKindProcess Entity represents process in the system. + EntityKindProcess EntityKind = "Process" + // EntityKindRegistryKey Entity represents registry key in the system. + EntityKindRegistryKey EntityKind = "RegistryKey" + // EntityKindRegistryValue Entity represents registry value in the system. + EntityKindRegistryValue EntityKind = "RegistryValue" + // EntityKindSecurityAlert Entity represents security alert in the system. + EntityKindSecurityAlert EntityKind = "SecurityAlert" + // EntityKindSecurityGroup Entity represents security group in the system. + EntityKindSecurityGroup EntityKind = "SecurityGroup" + // EntityKindURL Entity represents url in the system. + EntityKindURL EntityKind = "Url" ) // PossibleEntityKindValues returns an array of possible values for the EntityKind const type. func PossibleEntityKindValues() []EntityKind { - return []EntityKind{Account, File, Host} + return []EntityKind{EntityKindAccount, EntityKindAzureResource, EntityKindBookmark, EntityKindCloudApplication, EntityKindDNSResolution, EntityKindFile, EntityKindFileHash, EntityKindHost, EntityKindIP, EntityKindMalware, EntityKindProcess, EntityKindRegistryKey, EntityKindRegistryValue, EntityKindSecurityAlert, EntityKindSecurityGroup, EntityKindURL} +} + +// EntityType enumerates the values for entity type. +type EntityType string + +const ( + // EntityTypeAccount Entity represents account in the system. + EntityTypeAccount EntityType = "Account" + // EntityTypeAzureResource Entity represents azure resource in the system. + EntityTypeAzureResource EntityType = "AzureResource" + // EntityTypeCloudApplication Entity represents cloud application in the system. + EntityTypeCloudApplication EntityType = "CloudApplication" + // EntityTypeDNS Entity represents dns in the system. + EntityTypeDNS EntityType = "DNS" + // EntityTypeFile Entity represents file in the system. + EntityTypeFile EntityType = "File" + // EntityTypeFileHash Entity represents file hash in the system. + EntityTypeFileHash EntityType = "FileHash" + // EntityTypeHost Entity represents host in the system. + EntityTypeHost EntityType = "Host" + // EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system. + EntityTypeHuntingBookmark EntityType = "HuntingBookmark" + // EntityTypeIP Entity represents ip in the system. + EntityTypeIP EntityType = "IP" + // EntityTypeMalware Entity represents malware in the system. + EntityTypeMalware EntityType = "Malware" + // EntityTypeProcess Entity represents process in the system. + EntityTypeProcess EntityType = "Process" + // EntityTypeRegistryKey Entity represents registry key in the system. + EntityTypeRegistryKey EntityType = "RegistryKey" + // EntityTypeRegistryValue Entity represents registry value in the system. + EntityTypeRegistryValue EntityType = "RegistryValue" + // EntityTypeSecurityAlert Entity represents security alert in the system. + EntityTypeSecurityAlert EntityType = "SecurityAlert" + // EntityTypeSecurityGroup Entity represents security group in the system. + EntityTypeSecurityGroup EntityType = "SecurityGroup" + // EntityTypeURL Entity represents url in the system. + EntityTypeURL EntityType = "URL" +) + +// PossibleEntityTypeValues returns an array of possible values for the EntityType const type. +func PossibleEntityTypeValues() []EntityType { + return []EntityType{EntityTypeAccount, EntityTypeAzureResource, EntityTypeCloudApplication, EntityTypeDNS, EntityTypeFile, EntityTypeFileHash, EntityTypeHost, EntityTypeHuntingBookmark, EntityTypeIP, EntityTypeMalware, EntityTypeProcess, EntityTypeRegistryKey, EntityTypeRegistryValue, EntityTypeSecurityAlert, EntityTypeSecurityGroup, EntityTypeURL} +} + +// FileHashAlgorithm enumerates the values for file hash algorithm. +type FileHashAlgorithm string + +const ( + // MD5 MD5 hash type + MD5 FileHashAlgorithm = "MD5" + // SHA1 SHA1 hash type + SHA1 FileHashAlgorithm = "SHA1" + // SHA256 SHA256 hash type + SHA256 FileHashAlgorithm = "SHA256" + // SHA256AC SHA256 Authenticode hash type + SHA256AC FileHashAlgorithm = "SHA256AC" + // Unknown Unknown hash algorithm + Unknown FileHashAlgorithm = "Unknown" +) + +// PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type. +func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { + return []FileHashAlgorithm{MD5, SHA1, SHA256, SHA256AC, Unknown} +} + +// KillChainIntent enumerates the values for kill chain intent. +type KillChainIntent string + +const ( + // KillChainIntentCollection Collection consists of techniques used to identify and gather information, + // such as sensitive files, from a target network prior to exfiltration. This category also covers + // locations on a system or network where the adversary may look for information to exfiltrate. + KillChainIntentCollection KillChainIntent = "Collection" + // KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate + // with systems under their control within a target network. + KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" + // KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or + // control over system, domain, or service credentials that are used within an enterprise environment. + // Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts + // (local system administrator or domain users with administrator access) to use within the network. With + // sufficient access within a network, an adversary can create accounts for later use within the + // environment. + KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" + // KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade + // detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques + // in other categories that have the added benefit of subverting a particular defense or mitigation. + KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" + // KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge + // about the system and internal network. When adversaries gain access to a new system, they must orient + // themselves to what they now have control of and what benefits operating from that system give to their + // current objective or overall goals during the intrusion. The operating system provides many native tools + // that aid in this post-compromise information-gathering phase. + KillChainIntentDiscovery KillChainIntent = "Discovery" + // KillChainIntentExecution The execution tactic represents techniques that result in execution of + // adversary-controlled code on a local or remote system. This tactic is often used in conjunction with + // lateral movement to expand access to remote systems on a network. + KillChainIntentExecution KillChainIntent = "Execution" + // KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the + // adversary removing files and information from a target network. This category also covers locations on a + // system or network where the adversary may look for information to exfiltrate. + KillChainIntentExfiltration KillChainIntent = "Exfiltration" + // KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the + // attacked resource. This stage is applicable not only for compute hosts, but also for resources such as + // user accounts, certificates etc. Adversaries will often be able to control the resource after this + // stage. + KillChainIntentExploitation KillChainIntent = "Exploitation" + // KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or + // integrity of a system, service, or network; including manipulation of data to impact a business or + // operational process. This would often refer to techniques such as ransom-ware, defacement, data + // manipulation and others. + KillChainIntentImpact KillChainIntent = "Impact" + // KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to + // access and control remote systems on a network and could, but does not necessarily, include execution of + // tools on remote systems. The lateral movement techniques could allow an adversary to gather information + // from a system without needing additional tools, such as a remote access tool. An adversary can use + // lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, + // access to specific information or files, access to additional credentials, or to cause an effect. + KillChainIntentLateralMovement KillChainIntent = "LateralMovement" + // KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that + // gives an adversary a persistent presence on that system. Adversaries will often need to maintain access + // to systems through interruptions such as system restarts, loss of credentials, or other failures that + // would require a remote access tool to restart or alternate backdoor for them to regain access. + KillChainIntentPersistence KillChainIntent = "Persistence" + // KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary + // to obtain a higher level of permissions on a system or network. Certain tools or actions require a + // higher level of privilege to work and are likely necessary at many points throughout an operation. User + // accounts with permissions to access specific systems or perform specific functions necessary for + // adversaries to achieve their objective may also be considered an escalation of privilege. + KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" + // KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a + // malicious intent or a failed attempt to gain access to a target system to gather information prior to + // exploitation. This step is usually detected as an attempt originating from outside the network in + // attempt to scan the target system and find a way in. + KillChainIntentProbing KillChainIntent = "Probing" + // KillChainIntentUnknown The default value. + KillChainIntentUnknown KillChainIntent = "Unknown" +) + +// PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type. +func PossibleKillChainIntentValues() []KillChainIntent { + return []KillChainIntent{KillChainIntentCollection, KillChainIntentCommandAndControl, KillChainIntentCredentialAccess, KillChainIntentDefenseEvasion, KillChainIntentDiscovery, KillChainIntentExecution, KillChainIntentExfiltration, KillChainIntentExploitation, KillChainIntentImpact, KillChainIntentLateralMovement, KillChainIntentPersistence, KillChainIntentPrivilegeEscalation, KillChainIntentProbing, KillChainIntentUnknown} } // Kind enumerates the values for kind. @@ -257,17 +501,43 @@ type KindBasicEntity string const ( // KindAccount ... KindAccount KindBasicEntity = "Account" + // KindAzureResource ... + KindAzureResource KindBasicEntity = "AzureResource" + // KindBookmark ... + KindBookmark KindBasicEntity = "Bookmark" + // KindCloudApplication ... + KindCloudApplication KindBasicEntity = "CloudApplication" + // KindDNSResolution ... + KindDNSResolution KindBasicEntity = "DnsResolution" // KindEntity ... KindEntity KindBasicEntity = "Entity" // KindFile ... KindFile KindBasicEntity = "File" + // KindFileHash ... + KindFileHash KindBasicEntity = "FileHash" // KindHost ... KindHost KindBasicEntity = "Host" + // KindIP ... + KindIP KindBasicEntity = "Ip" + // KindMalware ... + KindMalware KindBasicEntity = "Malware" + // KindProcess ... + KindProcess KindBasicEntity = "Process" + // KindRegistryKey ... + KindRegistryKey KindBasicEntity = "RegistryKey" + // KindRegistryValue ... + KindRegistryValue KindBasicEntity = "RegistryValue" + // KindSecurityAlert ... + KindSecurityAlert KindBasicEntity = "SecurityAlert" + // KindSecurityGroup ... + KindSecurityGroup KindBasicEntity = "SecurityGroup" + // KindURL ... + KindURL KindBasicEntity = "Url" ) // PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type. func PossibleKindBasicEntityValues() []KindBasicEntity { - return []KindBasicEntity{KindAccount, KindEntity, KindFile, KindHost} + return []KindBasicEntity{KindAccount, KindAzureResource, KindBookmark, KindCloudApplication, KindDNSResolution, KindEntity, KindFile, KindFileHash, KindHost, KindIP, KindMalware, KindProcess, KindRegistryKey, KindRegistryValue, KindSecurityAlert, KindSecurityGroup, KindURL} } // KindBasicSettings enumerates the values for kind basic settings. @@ -321,6 +591,64 @@ func PossibleOSFamilyValues() []OSFamily { return []OSFamily{Android, IOS, Linux, Windows} } +// RegistryHive enumerates the values for registry hive. +type RegistryHive string + +const ( + // HKEYA HKEY_A + HKEYA RegistryHive = "HKEY_A" + // HKEYCLASSESROOT HKEY_CLASSES_ROOT + HKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT" + // HKEYCURRENTCONFIG HKEY_CURRENT_CONFIG + HKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG" + // HKEYCURRENTUSER HKEY_CURRENT_USER + HKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER" + // HKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS + HKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS" + // HKEYLOCALMACHINE HKEY_LOCAL_MACHINE + HKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE" + // HKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA + HKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA" + // HKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT + HKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT" + // HKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT + HKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT" + // HKEYUSERS HKEY_USERS + HKEYUSERS RegistryHive = "HKEY_USERS" +) + +// PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type. +func PossibleRegistryHiveValues() []RegistryHive { + return []RegistryHive{HKEYA, HKEYCLASSESROOT, HKEYCURRENTCONFIG, HKEYCURRENTUSER, HKEYCURRENTUSERLOCALSETTINGS, HKEYLOCALMACHINE, HKEYPERFORMANCEDATA, HKEYPERFORMANCENLSTEXT, HKEYPERFORMANCETEXT, HKEYUSERS} +} + +// RegistryValueKind enumerates the values for registry value kind. +type RegistryValueKind string + +const ( + // RegistryValueKindBinary Binary value type + RegistryValueKindBinary RegistryValueKind = "Binary" + // RegistryValueKindDWord DWord value type + RegistryValueKindDWord RegistryValueKind = "DWord" + // RegistryValueKindExpandString ExpandString value type + RegistryValueKindExpandString RegistryValueKind = "ExpandString" + // RegistryValueKindMultiString MultiString value type + RegistryValueKindMultiString RegistryValueKind = "MultiString" + // RegistryValueKindNone None + RegistryValueKindNone RegistryValueKind = "None" + // RegistryValueKindQWord QWord value type + RegistryValueKindQWord RegistryValueKind = "QWord" + // RegistryValueKindString String value type + RegistryValueKindString RegistryValueKind = "String" + // RegistryValueKindUnknown Unknown value type + RegistryValueKindUnknown RegistryValueKind = "Unknown" +) + +// PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type. +func PossibleRegistryValueKindValues() []RegistryValueKind { + return []RegistryValueKind{RegistryValueKindBinary, RegistryValueKindDWord, RegistryValueKindExpandString, RegistryValueKindMultiString, RegistryValueKindNone, RegistryValueKindQWord, RegistryValueKindString, RegistryValueKindUnknown} +} + // SettingKind enumerates the values for setting kind. type SettingKind string @@ -698,7 +1026,7 @@ type AccountEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -730,6 +1058,71 @@ func (ae AccountEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } +// AsSecurityAlert is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsFileHash() (*FileHash, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + // AsEntity is the BasicEntity implementation for AccountEntity. func (ae AccountEntity) AsEntity() (*Entity, bool) { return nil, false @@ -818,8 +1211,22 @@ type AccountEntityProperties struct { Puid *string `json:"puid,omitempty"` // IsDomainJoined - READ-ONLY; Determines whether this is a domain account. IsDomainJoined *bool `json:"isDomainJoined,omitempty"` + // DisplayName - READ-ONLY; The display name of the account. + DisplayName *string `json:"displayName,omitempty"` // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` + // HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined) + HostEntityID *string `json:"hostEntityId,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for AccountEntityProperties. +func (aep AccountEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) } // Action action for alert rule. @@ -1795,6 +2202,199 @@ type AwsCloudTrailDataConnectorProperties struct { DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"` } +// AzureResourceEntity represents an azure resource entity. +type AzureResourceEntity struct { + // AzureResourceEntityProperties - AzureResource entity properties + *AzureResourceEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for AzureResourceEntity. +func (are AzureResourceEntity) MarshalJSON() ([]byte, error) { + are.Kind = KindAzureResource + objectMap := make(map[string]interface{}) + if are.AzureResourceEntityProperties != nil { + objectMap["properties"] = are.AzureResourceEntityProperties + } + if are.Kind != "" { + objectMap["kind"] = are.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsFileHash() (*FileHash, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return &are, true +} + +// AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool) { + return &are, true +} + +// UnmarshalJSON is the custom unmarshaler for AzureResourceEntity struct. +func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var azureResourceEntityProperties AzureResourceEntityProperties + err = json.Unmarshal(*v, &azureResourceEntityProperties) + if err != nil { + return err + } + are.AzureResourceEntityProperties = &azureResourceEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + are.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + are.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + are.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + are.Kind = kind + } + } + } + + return nil +} + +// AzureResourceEntityProperties azureResource entity property bag. +type AzureResourceEntityProperties struct { + // ResourceID - READ-ONLY; The azure resource id of the resource + ResourceID *string `json:"resourceId,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for AzureResourceEntityProperties. +func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + // Bookmark represents a bookmark in Azure Security Insights. type Bookmark struct { autorest.Response `json:"-"` @@ -1882,33 +2482,253 @@ func (b *Bookmark) UnmarshalJSON(body []byte) error { return nil } -// BookmarkList list all the bookmarks. -type BookmarkList struct { - autorest.Response `json:"-"` - // NextLink - READ-ONLY; URL to fetch the next set of cases. - NextLink *string `json:"nextLink,omitempty"` - // Value - Array of bookmarks. - Value *[]Bookmark `json:"value,omitempty"` +// BookmarkEntity represents a bookmark entity. +type BookmarkEntity struct { + // BookmarkEntityProperties - Bookmark entity properties + *BookmarkEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` } -// BookmarkListIterator provides access to a complete listing of Bookmark values. -type BookmarkListIterator struct { - i int - page BookmarkListPage +// MarshalJSON is the custom marshaler for BookmarkEntity. +func (be BookmarkEntity) MarshalJSON() ([]byte, error) { + be.Kind = KindBookmark + objectMap := make(map[string]interface{}) + if be.BookmarkEntityProperties != nil { + objectMap["properties"] = be.BookmarkEntityProperties + } + if be.Kind != "" { + objectMap["kind"] = be.Kind + } + return json.Marshal(objectMap) } -// NextWithContext advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/BookmarkListIterator.NextWithContext") - defer func() { - sc := -1 - if iter.Response().Response.Response != nil { - sc = iter.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() +// AsAccountEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsFileHash() (*FileHash, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return &be, true +} + +// AsEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsBasicEntity() (BasicEntity, bool) { + return &be, true +} + +// UnmarshalJSON is the custom unmarshaler for BookmarkEntity struct. +func (be *BookmarkEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var bookmarkEntityProperties BookmarkEntityProperties + err = json.Unmarshal(*v, &bookmarkEntityProperties) + if err != nil { + return err + } + be.BookmarkEntityProperties = &bookmarkEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + be.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + be.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + be.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + be.Kind = kind + } + } + } + + return nil +} + +// BookmarkEntityProperties bookmark entity property bag. +type BookmarkEntityProperties struct { + // DisplayName - READ-ONLY; the display name + DisplayName *string `json:"displayName,omitempty"` + // Created - READ-ONLY; the created date/time + Created *date.Time `json:"created,omitempty"` + // Updated - READ-ONLY; the last updated date/time + Updated *date.Time `json:"updated,omitempty"` + // CreatedBy - information about the user that created this bookmark + CreatedBy *UserInfo `json:"createdBy,omitempty"` + // UpdatedBy - information about the user that last updated this bookmark + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` + // EventTime - READ-ONLY; the last event date/time + EventTime *date.Time `json:"eventTime,omitempty"` + // Notes - READ-ONLY; the user-defined notes + Notes *string `json:"notes,omitempty"` + // Labels - the user-defined tags + Labels *[]string `json:"labels,omitempty"` + // Query - READ-ONLY; the query that produced the result + Query *string `json:"query,omitempty"` + // QueryResult - READ-ONLY; the result of the query (a single bookmarked result row) + QueryResult *string `json:"queryResult,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for BookmarkEntityProperties. +func (bep BookmarkEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if bep.CreatedBy != nil { + objectMap["createdBy"] = bep.CreatedBy + } + if bep.UpdatedBy != nil { + objectMap["updatedBy"] = bep.UpdatedBy + } + if bep.Labels != nil { + objectMap["labels"] = bep.Labels + } + return json.Marshal(objectMap) +} + +// BookmarkList list all the bookmarks. +type BookmarkList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of cases. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of bookmarks. + Value *[]Bookmark `json:"value,omitempty"` +} + +// BookmarkListIterator provides access to a complete listing of Bookmark values. +type BookmarkListIterator struct { + i int + page BookmarkListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarkListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() } iter.i++ if iter.i < len(iter.page.Values()) { @@ -2305,6 +3125,14 @@ type CaseProperties struct { Status CaseStatus `json:"status,omitempty"` // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'Other' CloseReason CloseReason `json:"closeReason,omitempty"` + // ClosedReasonText - the case close reason details + ClosedReasonText *string `json:"closedReasonText,omitempty"` + // RelatedAlertIds - List of related alert identifiers + RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"` + // CaseNumber - a sequential number + CaseNumber *int32 `json:"caseNumber,omitempty"` + // LastComment - the last comment in the case + LastComment *string `json:"lastComment,omitempty"` } // CasesAggregation represents aggregations results for cases. @@ -2443,23 +3271,125 @@ type CasesAggregationProperties struct { AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"` } -// CloudError error response structure. -type CloudError struct { - // CloudErrorBody - Error data - *CloudErrorBody `json:"error,omitempty"` +// CloudApplicationEntity represents a cloud application entity. +type CloudApplicationEntity struct { + // CloudApplicationEntityProperties - CloudApplication entity properties + *CloudApplicationEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for CloudError. -func (ce CloudError) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for CloudApplicationEntity. +func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error) { + cae.Kind = KindCloudApplication objectMap := make(map[string]interface{}) - if ce.CloudErrorBody != nil { - objectMap["error"] = ce.CloudErrorBody + if cae.CloudApplicationEntityProperties != nil { + objectMap["properties"] = cae.CloudApplicationEntityProperties + } + if cae.Kind != "" { + objectMap["kind"] = cae.Kind } return json.Marshal(objectMap) } -// UnmarshalJSON is the custom unmarshaler for CloudError struct. -func (ce *CloudError) UnmarshalJSON(body []byte) error { +// AsAccountEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsFileHash() (*FileHash, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return &cae, true +} + +// AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool) { + return &cae, true +} + +// UnmarshalJSON is the custom unmarshaler for CloudApplicationEntity struct. +func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -2467,14 +3397,50 @@ func (ce *CloudError) UnmarshalJSON(body []byte) error { } for k, v := range m { switch k { - case "error": + case "properties": if v != nil { - var cloudErrorBody CloudErrorBody - err = json.Unmarshal(*v, &cloudErrorBody) + var cloudApplicationEntityProperties CloudApplicationEntityProperties + err = json.Unmarshal(*v, &cloudApplicationEntityProperties) if err != nil { return err } - ce.CloudErrorBody = &cloudErrorBody + cae.CloudApplicationEntityProperties = &cloudApplicationEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + cae.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + cae.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + cae.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + cae.Kind = kind } } } @@ -2482,10 +3448,69 @@ func (ce *CloudError) UnmarshalJSON(body []byte) error { return nil } -// CloudErrorBody error details. -type CloudErrorBody struct { - // Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically. - Code *string `json:"code,omitempty"` +// CloudApplicationEntityProperties cloudApplication entity property bag. +type CloudApplicationEntityProperties struct { + // AppID - READ-ONLY; The technical identifier of the application. + AppID *int32 `json:"appId,omitempty"` + // AppName - READ-ONLY; The name of the related cloud application. + AppName *string `json:"appName,omitempty"` + // InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. + InstanceName *string `json:"instanceName,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for CloudApplicationEntityProperties. +func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// CloudError error response structure. +type CloudError struct { + // CloudErrorBody - Error data + *CloudErrorBody `json:"error,omitempty"` +} + +// MarshalJSON is the custom marshaler for CloudError. +func (ce CloudError) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ce.CloudErrorBody != nil { + objectMap["error"] = ce.CloudErrorBody + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for CloudError struct. +func (ce *CloudError) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "error": + if v != nil { + var cloudErrorBody CloudErrorBody + err = json.Unmarshal(*v, &cloudErrorBody) + if err != nil { + return err + } + ce.CloudErrorBody = &cloudErrorBody + } + } + } + + return nil +} + +// CloudErrorBody error details. +type CloudErrorBody struct { + // Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically. + Code *string `json:"code,omitempty"` // Message - READ-ONLY; A message describing the error, intended to be suitable for display in a user interface. Message *string `json:"message,omitempty"` } @@ -2654,7 +3679,7 @@ type DataConnectorDataTypeCommon struct { // DataConnectorKind1 describes an Azure resource with kind. type DataConnectorKind1 struct { - // Kind - The kind of the data connector. Possible values include: 'AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSecurity', 'ThreatIntelligence', 'Office365', 'AmazonWebServicesCloudTrail', 'AzureAdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection' + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` } @@ -2865,11 +3890,223 @@ type DataConnectorWithAlertsProperties struct { DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } +// DNSEntity represents a dns entity. +type DNSEntity struct { + // DNSEntityProperties - Dns entity properties + *DNSEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for DNSEntity. +func (de DNSEntity) MarshalJSON() ([]byte, error) { + de.Kind = KindDNSResolution + objectMap := make(map[string]interface{}) + if de.DNSEntityProperties != nil { + objectMap["properties"] = de.DNSEntityProperties + } + if de.Kind != "" { + objectMap["kind"] = de.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsFileHash() (*FileHash, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool) { + return &de, true +} + +// AsIPEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsBasicEntity() (BasicEntity, bool) { + return &de, true +} + +// UnmarshalJSON is the custom unmarshaler for DNSEntity struct. +func (de *DNSEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var DNSEntityProperties DNSEntityProperties + err = json.Unmarshal(*v, &DNSEntityProperties) + if err != nil { + return err + } + de.DNSEntityProperties = &DNSEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + de.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + de.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + de.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + de.Kind = kind + } + } + } + + return nil +} + +// DNSEntityProperties dns entity property bag. +type DNSEntityProperties struct { + // DomainName - READ-ONLY; The name of the dns record associated with the alert + DomainName *string `json:"domainName,omitempty"` + // IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address. + IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"` + // DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request + DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"` + // HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client + HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for DNSEntityProperties. +func (dep DNSEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + // BasicEntity specific entity. type BasicEntity interface { AsAccountEntity() (*AccountEntity, bool) AsHostEntity() (*HostEntity, bool) AsFileEntity() (*FileEntity, bool) + AsSecurityAlert() (*SecurityAlert, bool) + AsFileHash() (*FileHash, bool) + AsMalwareEntity() (*MalwareEntity, bool) + AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + AsAzureResourceEntity() (*AzureResourceEntity, bool) + AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + AsProcessEntity() (*ProcessEntity, bool) + AsDNSEntity() (*DNSEntity, bool) + AsIPEntity() (*IPEntity, bool) + AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + AsRegistryValueEntity() (*RegistryValueEntity, bool) + AsURLEntity() (*URLEntity, bool) + AsBookmarkEntity() (*BookmarkEntity, bool) AsEntity() (*Entity, bool) } @@ -2882,7 +4119,7 @@ type Entity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -2906,6 +4143,58 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var fe FileEntity err := json.Unmarshal(body, &fe) return fe, err + case string(KindSecurityAlert): + var sa SecurityAlert + err := json.Unmarshal(body, &sa) + return sa, err + case string(KindFileHash): + var fh FileHash + err := json.Unmarshal(body, &fh) + return fh, err + case string(KindMalware): + var me MalwareEntity + err := json.Unmarshal(body, &me) + return me, err + case string(KindSecurityGroup): + var sge SecurityGroupEntity + err := json.Unmarshal(body, &sge) + return sge, err + case string(KindAzureResource): + var are AzureResourceEntity + err := json.Unmarshal(body, &are) + return are, err + case string(KindCloudApplication): + var cae CloudApplicationEntity + err := json.Unmarshal(body, &cae) + return cae, err + case string(KindProcess): + var peVar ProcessEntity + err := json.Unmarshal(body, &peVar) + return peVar, err + case string(KindDNSResolution): + var de DNSEntity + err := json.Unmarshal(body, &de) + return de, err + case string(KindIP): + var ie IPEntity + err := json.Unmarshal(body, &ie) + return ie, err + case string(KindRegistryKey): + var rke RegistryKeyEntity + err := json.Unmarshal(body, &rke) + return rke, err + case string(KindRegistryValue): + var rve RegistryValueEntity + err := json.Unmarshal(body, &rve) + return rve, err + case string(KindURL): + var ue URLEntity + err := json.Unmarshal(body, &ue) + return ue, err + case string(KindBookmark): + var be BookmarkEntity + err := json.Unmarshal(body, &be) + return be, err default: var e Entity err := json.Unmarshal(body, &e) @@ -2956,6 +4245,71 @@ func (e Entity) AsFileEntity() (*FileEntity, bool) { return nil, false } +// AsSecurityAlert is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for Entity. +func (e Entity) AsFileHash() (*FileHash, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for Entity. +func (e Entity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for Entity. +func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for Entity. +func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for Entity. +func (e Entity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for Entity. +func (e Entity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for Entity. +func (e Entity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for Entity. +func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for Entity. +func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for Entity. +func (e Entity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for Entity. +func (e Entity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + // AsEntity is the BasicEntity implementation for Entity. func (e Entity) AsEntity() (*Entity, bool) { return &e, true @@ -2966,9 +4320,71 @@ func (e Entity) AsBasicEntity() (BasicEntity, bool) { return &e, true } -// EntityKind1 describes an Azure resource with kind. +// EntityCommonProperties entity common property bag. +type EntityCommonProperties struct { + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for EntityCommonProperties. +func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// EntityExpandParameters the parameters required to execute an expand operation on the given entity. +type EntityExpandParameters struct { + // ExpansionID - The Id of the expansion to perform. + ExpansionID *uuid.UUID `json:"expansionId,omitempty"` + // StartTime - The start date filter, so the only expansion results returned are after this date. + StartTime *date.Time `json:"startTime,omitempty"` + // EndTime - The end date filter, so the only expansion results returned are before this date. + EndTime *date.Time `json:"endTime,omitempty"` +} + +// EntityExpandResponse the entity expansion result operation response. +type EntityExpandResponse struct { + autorest.Response `json:"-"` + // Value - The expansion result values. + Value *EntityExpandResponseValue `json:"value,omitempty"` + // MetaData - The metadata from the expansion operation results. + MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` +} + +// EntityExpandResponseValue the expansion result values. +type EntityExpandResponseValue struct { + // Entities - Array of the expansion result entities. + Entities *[]BasicEntity `json:"entities,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct. +func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "entities": + if v != nil { + entities, err := unmarshalBasicEntityArray(*v) + if err != nil { + return err + } + eer.Entities = &entities + } + } + } + + return nil +} + +// EntityKind1 describes an entity with kind. type EntityKind1 struct { - // Kind - The kind of the entity. Possible values include: 'Account', 'Host', 'File' + // Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' Kind EntityKind `json:"kind,omitempty"` } @@ -3390,18 +4806,36 @@ func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) ( type EntityQueryProperties struct { // QueryTemplate - The template query string to be parsed and formatted QueryTemplate *string `json:"queryTemplate,omitempty"` - // InputEntityType - The type of the query's source entity - InputEntityType *string `json:"inputEntityType,omitempty"` + // InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark' + InputEntityType EntityType `json:"inputEntityType,omitempty"` // InputFields - List of the fields of the source entity that are required to run the query InputFields *[]string `json:"inputFields,omitempty"` // OutputEntityTypes - List of the desired output types to be constructed from the result - OutputEntityTypes *[]string `json:"outputEntityTypes,omitempty"` + OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"` // DataSources - List of the data sources that are required to run the query DataSources *[]string `json:"dataSources,omitempty"` // DisplayName - The query display name DisplayName *string `json:"displayName,omitempty"` } +// ExpansionResultAggregation information of a specific aggregation in the expansion result. +type ExpansionResultAggregation struct { + // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' + EntityKind EntityKind `json:"entityKind,omitempty"` + // Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. + Count *int32 `json:"count,omitempty"` + // AggregationType - The common type of the aggregation. (for e.g. entity field name) + AggregationType *string `json:"aggregationType,omitempty"` + // DisplayName - The display name of the aggregation by type. + DisplayName *string `json:"displayName,omitempty"` +} + +// ExpansionResultsMetadata expansion result metadata. +type ExpansionResultsMetadata struct { + // Aggregations - Information of the aggregated nodes in the expansion result. + Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"` +} + // FileEntity represents a file entity. type FileEntity struct { // FileEntityProperties - File entity properties @@ -3412,7 +4846,7 @@ type FileEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -3444,20 +4878,85 @@ func (fe FileEntity) AsFileEntity() (*FileEntity, bool) { return &fe, true } -// AsEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsEntity() (*Entity, bool) { +// AsSecurityAlert is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsBasicEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsBasicEntity() (BasicEntity, bool) { - return &fe, true +// AsFileHash is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsFileHash() (*FileHash, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for FileEntity struct. -func (fe *FileEntity) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) +// AsMalwareEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsBasicEntity() (BasicEntity, bool) { + return &fe, true +} + +// UnmarshalJSON is the custom unmarshaler for FileEntity struct. +func (fe *FileEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) if err != nil { return err } @@ -3520,6 +5019,233 @@ type FileEntityProperties struct { Directory *string `json:"directory,omitempty"` // FileName - READ-ONLY; The file name without path (some alerts might not include path). FileName *string `json:"fileName,omitempty"` + // HostEntityID - READ-ONLY; The Host entity id which the file belongs to + HostEntityID *string `json:"hostEntityId,omitempty"` + // FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file + FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for FileEntityProperties. +func (fep FileEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// FileHash represents a file hash entity. +type FileHash struct { + // FileHashEntityProperties - FileHash entity properties + *FileHashEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for FileHash. +func (fh FileHash) MarshalJSON() ([]byte, error) { + fh.Kind = KindFileHash + objectMap := make(map[string]interface{}) + if fh.FileHashEntityProperties != nil { + objectMap["properties"] = fh.FileHashEntityProperties + } + if fh.Kind != "" { + objectMap["kind"] = fh.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for FileHash. +func (fh FileHash) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for FileHash. +func (fh FileHash) AsFileHash() (*FileHash, bool) { + return &fh, true +} + +// AsMalwareEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for FileHash. +func (fh FileHash) AsBasicEntity() (BasicEntity, bool) { + return &fh, true +} + +// UnmarshalJSON is the custom unmarshaler for FileHash struct. +func (fh *FileHash) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var fileHashEntityProperties FileHashEntityProperties + err = json.Unmarshal(*v, &fileHashEntityProperties) + if err != nil { + return err + } + fh.FileHashEntityProperties = &fileHashEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + fh.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + fh.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + fh.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + fh.Kind = kind + } + } + } + + return nil +} + +// FileHashEntityProperties fileHash entity property bag. +type FileHashEntityProperties struct { + // HashValue - READ-ONLY; The file hash value. + HashValue *string `json:"hashValue,omitempty"` + // Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC' + Algorithm FileHashAlgorithm `json:"algorithm,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for FileHashEntityProperties. +func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// GeoLocation the geo-location context attached to the ip entity +type GeoLocation struct { + // CountryCode - READ-ONLY; The country code according to ISO 3166 format + CountryCode *string `json:"countryCode,omitempty"` + // CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name + CountryName *string `json:"countryName,omitempty"` + // State - READ-ONLY; State name + State *string `json:"state,omitempty"` + // City - READ-ONLY; City name + City *string `json:"city,omitempty"` + // Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. + Longitude *float64 `json:"longitude,omitempty"` + // Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. + Latitude *float64 `json:"latitude,omitempty"` + // Asn - READ-ONLY; Autonomous System Number + Asn *int32 `json:"asn,omitempty"` } // HostEntity represents a host entity. @@ -3532,7 +5258,7 @@ type HostEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -3564,6 +5290,71 @@ func (he HostEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } +// AsSecurityAlert is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsFileHash() (*FileHash, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + // AsEntity is the BasicEntity implementation for HostEntity. func (he HostEntity) AsEntity() (*Entity, bool) { return nil, false @@ -3654,92 +5445,140 @@ type HostEntityProperties struct { OsVersion *string `json:"osVersion,omitempty"` // IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain. IsDomainJoined *bool `json:"isDomainJoined,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` } -// MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector. -type MCASDataConnector struct { - // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. - *MCASDataConnectorProperties `json:"properties,omitempty"` +// MarshalJSON is the custom marshaler for HostEntityProperties. +func (hep HostEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if hep.OsFamily != "" { + objectMap["osFamily"] = hep.OsFamily + } + return json.Marshal(objectMap) +} + +// IPEntity represents an ip entity. +type IPEntity struct { + // IPEntityProperties - Ip entity properties + *IPEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for MCASDataConnector. -func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { - mdc.Kind = KindMicrosoftCloudAppSecurity +// MarshalJSON is the custom marshaler for IPEntity. +func (ie IPEntity) MarshalJSON() ([]byte, error) { + ie.Kind = KindIP objectMap := make(map[string]interface{}) - if mdc.MCASDataConnectorProperties != nil { - objectMap["properties"] = mdc.MCASDataConnectorProperties - } - if mdc.Etag != nil { - objectMap["etag"] = mdc.Etag + if ie.IPEntityProperties != nil { + objectMap["properties"] = ie.IPEntityProperties } - if mdc.Kind != "" { - objectMap["kind"] = mdc.Kind + if ie.Kind != "" { + objectMap["kind"] = ie.Kind } return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAccountEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsHostEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsFileEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsSecurityAlert is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsFileHash is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsFileHash() (*FileHash, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return &mdc, true +// AsMalwareEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &mdc, true +// AsProcessEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. -func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { +// AsDNSEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsIPEntity() (*IPEntity, bool) { + return &ie, true +} + +// AsRegistryKeyEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsBasicEntity() (BasicEntity, bool) { + return &ie, true +} + +// UnmarshalJSON is the custom unmarshaler for IPEntity struct. +func (ie *IPEntity) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -3749,12 +5588,12 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var mCASDataConnectorProperties MCASDataConnectorProperties - err = json.Unmarshal(*v, &mCASDataConnectorProperties) + var IPEntityProperties IPEntityProperties + err = json.Unmarshal(*v, &IPEntityProperties) if err != nil { return err } - mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties + ie.IPEntityProperties = &IPEntityProperties } case "id": if v != nil { @@ -3763,7 +5602,7 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.ID = &ID + ie.ID = &ID } case "type": if v != nil { @@ -3772,7 +5611,7 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Type = &typeVar + ie.Type = &typeVar } case "name": if v != nil { @@ -3781,25 +5620,16 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Name = &name - } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - mdc.Etag = &etag + ie.Name = &name } case "kind": if v != nil { - var kind KindBasicDataConnector + var kind KindBasicEntity err = json.Unmarshal(*v, &kind) if err != nil { return err } - mdc.Kind = kind + ie.Kind = kind } } } @@ -3807,113 +5637,148 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { return nil } -// MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data -// connector. -type MCASDataConnectorDataTypes struct { - // DiscoveryLogs - Discovery log data type connection. - DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"` - // Alerts - Alerts data type connection. - Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` -} - -// MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection. -type MCASDataConnectorDataTypesDiscoveryLogs struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` +// IPEntityProperties ip entity property bag. +type IPEntityProperties struct { + // Address - READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) + Address *string `json:"address,omitempty"` + // Location - The geo-location context attached to the ip entity + Location *GeoLocation `json:"location,omitempty"` + // ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity. + ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` } -// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. -type MCASDataConnectorProperties struct { - // DataTypes - The available data types for the connector. - DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` +// MarshalJSON is the custom marshaler for IPEntityProperties. +func (iep IPEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if iep.Location != nil { + objectMap["location"] = iep.Location + } + return json.Marshal(objectMap) } -// MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. -type MDATPDataConnector struct { - // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. - *MDATPDataConnectorProperties `json:"properties,omitempty"` +// MalwareEntity represents a malware entity. +type MalwareEntity struct { + // MalwareEntityProperties - File entity properties + *MalwareEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for MDATPDataConnector. -func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error) { - mdc.Kind = KindMicrosoftDefenderAdvancedThreatProtection +// MarshalJSON is the custom marshaler for MalwareEntity. +func (me MalwareEntity) MarshalJSON() ([]byte, error) { + me.Kind = KindMalware objectMap := make(map[string]interface{}) - if mdc.MDATPDataConnectorProperties != nil { - objectMap["properties"] = mdc.MDATPDataConnectorProperties + if me.MalwareEntityProperties != nil { + objectMap["properties"] = me.MalwareEntityProperties } - if mdc.Etag != nil { - objectMap["etag"] = mdc.Etag - } - if mdc.Kind != "" { - objectMap["kind"] = mdc.Kind + if me.Kind != "" { + objectMap["kind"] = me.Kind } return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAccountEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsHostEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsFileEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsFileHash is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsFileHash() (*FileHash, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsMalwareEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return &me, true +} + +// AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return &mdc, true +// AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false } -// AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsProcessEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &mdc, true +// AsDNSEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct. -func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { +// AsIPEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool) { + return &me, true +} + +// UnmarshalJSON is the custom unmarshaler for MalwareEntity struct. +func (me *MalwareEntity) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -3923,12 +5788,12 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var mDATPDataConnectorProperties MDATPDataConnectorProperties - err = json.Unmarshal(*v, &mDATPDataConnectorProperties) + var malwareEntityProperties MalwareEntityProperties + err = json.Unmarshal(*v, &malwareEntityProperties) if err != nil { return err } - mdc.MDATPDataConnectorProperties = &mDATPDataConnectorProperties + me.MalwareEntityProperties = &malwareEntityProperties } case "id": if v != nil { @@ -3937,7 +5802,7 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.ID = &ID + me.ID = &ID } case "type": if v != nil { @@ -3946,7 +5811,7 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Type = &typeVar + me.Type = &typeVar } case "name": if v != nil { @@ -3955,25 +5820,16 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Name = &name - } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - mdc.Etag = &etag + me.Name = &name } case "kind": if v != nil { - var kind KindBasicDataConnector + var kind KindBasicEntity err = json.Unmarshal(*v, &kind) if err != nil { return err } - mdc.Kind = kind + me.Kind = kind } } } @@ -3981,39 +5837,112 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { return nil } -// MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector -// properties. -type MDATPDataConnectorProperties struct { - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` - // DataTypes - The available data types for the connector. - DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +// MalwareEntityProperties malware entity property bag. +type MalwareEntityProperties struct { + // MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn + MalwareName *string `json:"malwareName,omitempty"` + // Category - READ-ONLY; The malware category by the vendor, e.g. Trojan + Category *string `json:"category,omitempty"` + // FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found + FileEntityIds *[]string `json:"fileEntityIds,omitempty"` + // ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found. + ProcessEntityIds *[]string `json:"processEntityIds,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for MalwareEntityProperties. +func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) } -// OfficeConsent consent for Office365 tenant that already made. -type OfficeConsent struct { - autorest.Response `json:"-"` - // OfficeConsentProperties - Office consent properties - *OfficeConsentProperties `json:"properties,omitempty"` +// MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector. +type MCASDataConnector struct { + // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. + *MCASDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + Kind KindBasicDataConnector `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for OfficeConsent. -func (oc OfficeConsent) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for MCASDataConnector. +func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftCloudAppSecurity objectMap := make(map[string]interface{}) - if oc.OfficeConsentProperties != nil { - objectMap["properties"] = oc.OfficeConsentProperties + if mdc.MCASDataConnectorProperties != nil { + objectMap["properties"] = mdc.MCASDataConnectorProperties + } + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag + } + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind } return json.Marshal(objectMap) } -// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. -func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { +// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return &mdc, true +} + +// AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true +} + +// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. +func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -4023,12 +5952,12 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var officeConsentProperties OfficeConsentProperties - err = json.Unmarshal(*v, &officeConsentProperties) + var mCASDataConnectorProperties MCASDataConnectorProperties + err = json.Unmarshal(*v, &mCASDataConnectorProperties) if err != nil { return err } - oc.OfficeConsentProperties = &officeConsentProperties + mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties } case "id": if v != nil { @@ -4037,7 +5966,7 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { if err != nil { return err } - oc.ID = &ID + mdc.ID = &ID } case "type": if v != nil { @@ -4046,7 +5975,7 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { if err != nil { return err } - oc.Type = &typeVar + mdc.Type = &typeVar } case "name": if v != nil { @@ -4055,7 +5984,25 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { if err != nil { return err } - oc.Name = &name + mdc.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + mdc.Kind = kind } } } @@ -4063,244 +6010,1640 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { return nil } -// OfficeConsentList list of all the office365 consents. -type OfficeConsentList struct { - autorest.Response `json:"-"` - // NextLink - READ-ONLY; URL to fetch the next set of office consents. - NextLink *string `json:"nextLink,omitempty"` - // Value - Array of the consents. - Value *[]OfficeConsent `json:"value,omitempty"` -} - -// OfficeConsentListIterator provides access to a complete listing of OfficeConsent values. -type OfficeConsentListIterator struct { - i int - page OfficeConsentListPage -} - -// NextWithContext advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListIterator.NextWithContext") - defer func() { - sc := -1 - if iter.Response().Response.Response != nil { - sc = iter.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - iter.i++ - if iter.i < len(iter.page.Values()) { - return nil - } - err = iter.page.NextWithContext(ctx) - if err != nil { - iter.i-- - return err - } - iter.i = 0 - return nil +// MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data +// connector. +type MCASDataConnectorDataTypes struct { + // DiscoveryLogs - Discovery log data type connection. + DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"` + // Alerts - Alerts data type connection. + Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` } -// Next advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (iter *OfficeConsentListIterator) Next() error { - return iter.NextWithContext(context.Background()) +// MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection. +type MCASDataConnectorDataTypesDiscoveryLogs struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` } -// NotDone returns true if the enumeration should be started or is not yet complete. -func (iter OfficeConsentListIterator) NotDone() bool { - return iter.page.NotDone() && iter.i < len(iter.page.Values()) +// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. +type MCASDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` } -// Response returns the raw server response from the last page request. -func (iter OfficeConsentListIterator) Response() OfficeConsentList { - return iter.page.Response() +// MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. +type MDATPDataConnector struct { + // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. + *MDATPDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + Kind KindBasicDataConnector `json:"kind,omitempty"` } -// Value returns the current value or a zero-initialized value if the -// iterator has advanced beyond the end of the collection. -func (iter OfficeConsentListIterator) Value() OfficeConsent { - if !iter.page.NotDone() { - return OfficeConsent{} +// MarshalJSON is the custom marshaler for MDATPDataConnector. +func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftDefenderAdvancedThreatProtection + objectMap := make(map[string]interface{}) + if mdc.MDATPDataConnectorProperties != nil { + objectMap["properties"] = mdc.MDATPDataConnectorProperties } - return iter.page.Values()[iter.i] + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag + } + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind + } + return json.Marshal(objectMap) } -// Creates a new instance of the OfficeConsentListIterator type. -func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator { - return OfficeConsentListIterator{page: page} +// AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false } -// IsEmpty returns true if the ListResult contains no values. -func (ocl OfficeConsentList) IsEmpty() bool { - return ocl.Value == nil || len(*ocl.Value) == 0 +// AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false } -// officeConsentListPreparer prepares a request to retrieve the next set of results. -// It returns nil if no more results exist. -func (ocl OfficeConsentList) officeConsentListPreparer(ctx context.Context) (*http.Request, error) { - if ocl.NextLink == nil || len(to.String(ocl.NextLink)) < 1 { - return nil, nil - } - return autorest.Prepare((&http.Request{}).WithContext(ctx), - autorest.AsJSON(), - autorest.AsGet(), - autorest.WithBaseURL(to.String(ocl.NextLink))) +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false } -// OfficeConsentListPage contains a page of OfficeConsent values. -type OfficeConsentListPage struct { - fn func(context.Context, OfficeConsentList) (OfficeConsentList, error) - ocl OfficeConsentList +// AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false } -// NextWithContext advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListPage.NextWithContext") - defer func() { - sc := -1 - if page.Response().Response.Response != nil { - sc = page.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - next, err := page.fn(ctx, page.ocl) - if err != nil { - return err - } - page.ocl = next - return nil +// AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false } -// Next advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (page *OfficeConsentListPage) Next() error { - return page.NextWithContext(context.Background()) +// AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false } -// NotDone returns true if the page enumeration should be started or is not yet complete. -func (page OfficeConsentListPage) NotDone() bool { - return !page.ocl.IsEmpty() +// AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false } -// Response returns the raw server response from the last page request. -func (page OfficeConsentListPage) Response() OfficeConsentList { - return page.ocl +// AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return &mdc, true } -// Values returns the slice of values for the current page or nil if there are no values. -func (page OfficeConsentListPage) Values() []OfficeConsent { - if page.ocl.IsEmpty() { - return nil - } - return *page.ocl.Value +// AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false } -// Creates a new instance of the OfficeConsentListPage type. -func NewOfficeConsentListPage(getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage { - return OfficeConsentListPage{fn: getNextPage} +// AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true } -// OfficeConsentProperties consent property bag. -type OfficeConsentProperties struct { - // TenantID - The tenantId of the Office365 with the consent. - TenantID *string `json:"tenantId,omitempty"` - // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. - TenantName *string `json:"tenantName,omitempty"` +// UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct. +func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var mDATPDataConnectorProperties MDATPDataConnectorProperties + err = json.Unmarshal(*v, &mDATPDataConnectorProperties) + if err != nil { + return err + } + mdc.MDATPDataConnectorProperties = &mDATPDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + mdc.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + mdc.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + mdc.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + mdc.Kind = kind + } + } + } + + return nil +} + +// MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector +// properties. +type MDATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// OfficeConsent consent for Office365 tenant that already made. +type OfficeConsent struct { + autorest.Response `json:"-"` + // OfficeConsentProperties - Office consent properties + *OfficeConsentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeConsent. +func (oc OfficeConsent) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if oc.OfficeConsentProperties != nil { + objectMap["properties"] = oc.OfficeConsentProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. +func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeConsentProperties OfficeConsentProperties + err = json.Unmarshal(*v, &officeConsentProperties) + if err != nil { + return err + } + oc.OfficeConsentProperties = &officeConsentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + oc.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + oc.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + oc.Name = &name + } + } + } + + return nil +} + +// OfficeConsentList list of all the office365 consents. +type OfficeConsentList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of office consents. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of the consents. + Value *[]OfficeConsent `json:"value,omitempty"` +} + +// OfficeConsentListIterator provides access to a complete listing of OfficeConsent values. +type OfficeConsentListIterator struct { + i int + page OfficeConsentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *OfficeConsentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter OfficeConsentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter OfficeConsentListIterator) Response() OfficeConsentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter OfficeConsentListIterator) Value() OfficeConsent { + if !iter.page.NotDone() { + return OfficeConsent{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the OfficeConsentListIterator type. +func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator { + return OfficeConsentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (ocl OfficeConsentList) IsEmpty() bool { + return ocl.Value == nil || len(*ocl.Value) == 0 +} + +// officeConsentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (ocl OfficeConsentList) officeConsentListPreparer(ctx context.Context) (*http.Request, error) { + if ocl.NextLink == nil || len(to.String(ocl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(ocl.NextLink))) +} + +// OfficeConsentListPage contains a page of OfficeConsent values. +type OfficeConsentListPage struct { + fn func(context.Context, OfficeConsentList) (OfficeConsentList, error) + ocl OfficeConsentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.ocl) + if err != nil { + return err + } + page.ocl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *OfficeConsentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page OfficeConsentListPage) NotDone() bool { + return !page.ocl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page OfficeConsentListPage) Response() OfficeConsentList { + return page.ocl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page OfficeConsentListPage) Values() []OfficeConsent { + if page.ocl.IsEmpty() { + return nil + } + return *page.ocl.Value +} + +// Creates a new instance of the OfficeConsentListPage type. +func NewOfficeConsentListPage(getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage { + return OfficeConsentListPage{fn: getNextPage} +} + +// OfficeConsentProperties consent property bag. +type OfficeConsentProperties struct { + // TenantID - The tenantId of the Office365 with the consent. + TenantID *string `json:"tenantId,omitempty"` + // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. + TenantName *string `json:"tenantName,omitempty"` +} + +// OfficeDataConnector represents office data connector. +type OfficeDataConnector struct { + // OfficeDataConnectorProperties - Office data connector properties. + *OfficeDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeDataConnector. +func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { + odc.Kind = KindOffice365 + objectMap := make(map[string]interface{}) + if odc.OfficeDataConnectorProperties != nil { + objectMap["properties"] = odc.OfficeDataConnectorProperties + } + if odc.Etag != nil { + objectMap["etag"] = odc.Etag + } + if odc.Kind != "" { + objectMap["kind"] = odc.Kind + } + return json.Marshal(objectMap) +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return &odc, true +} + +// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &odc, true +} + +// UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct. +func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeDataConnectorProperties OfficeDataConnectorProperties + err = json.Unmarshal(*v, &officeDataConnectorProperties) + if err != nil { + return err + } + odc.OfficeDataConnectorProperties = &officeDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + odc.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + odc.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + odc.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + odc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + odc.Kind = kind + } + } + } + + return nil +} + +// OfficeDataConnectorDataTypes the available data types for office data connector. +type OfficeDataConnectorDataTypes struct { + // SharePoint - SharePoint data type connection. + SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` + // Exchange - Exchange data type connection. + Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` +} + +// OfficeDataConnectorDataTypesExchange exchange data type connection. +type OfficeDataConnectorDataTypesExchange struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// OfficeDataConnectorDataTypesSharePoint sharePoint data type connection. +type OfficeDataConnectorDataTypesSharePoint struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// OfficeDataConnectorProperties office data connector properties. +type OfficeDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// Operation operation provided by provider +type Operation struct { + // Name - Name of the operation + Name *string `json:"name,omitempty"` + // Display - Properties of the operation + Display *OperationDisplay `json:"display,omitempty"` +} + +// OperationDisplay properties of the operation +type OperationDisplay struct { + // Provider - Provider name + Provider *string `json:"provider,omitempty"` + // Resource - Resource name + Resource *string `json:"resource,omitempty"` + // Operation - Operation name + Operation *string `json:"operation,omitempty"` + // Description - Description of the operation + Description *string `json:"description,omitempty"` +} + +// OperationsList lists the operations available in the SecurityInsights RP. +type OperationsList struct { + autorest.Response `json:"-"` + // NextLink - URL to fetch the next set of operations. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of operations + Value *[]Operation `json:"value,omitempty"` +} + +// OperationsListIterator provides access to a complete listing of Operation values. +type OperationsListIterator struct { + i int + page OperationsListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *OperationsListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter OperationsListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter OperationsListIterator) Response() OperationsList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter OperationsListIterator) Value() Operation { + if !iter.page.NotDone() { + return Operation{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the OperationsListIterator type. +func NewOperationsListIterator(page OperationsListPage) OperationsListIterator { + return OperationsListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (ol OperationsList) IsEmpty() bool { + return ol.Value == nil || len(*ol.Value) == 0 +} + +// operationsListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (ol OperationsList) operationsListPreparer(ctx context.Context) (*http.Request, error) { + if ol.NextLink == nil || len(to.String(ol.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(ol.NextLink))) +} + +// OperationsListPage contains a page of Operation values. +type OperationsListPage struct { + fn func(context.Context, OperationsList) (OperationsList, error) + ol OperationsList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.ol) + if err != nil { + return err + } + page.ol = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *OperationsListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page OperationsListPage) NotDone() bool { + return !page.ol.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page OperationsListPage) Response() OperationsList { + return page.ol +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page OperationsListPage) Values() []Operation { + if page.ol.IsEmpty() { + return nil + } + return *page.ol.Value +} + +// Creates a new instance of the OperationsListPage type. +func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { + return OperationsListPage{fn: getNextPage} +} + +// ProcessEntity represents a process entity. +type ProcessEntity struct { + // ProcessEntityProperties - Process entity properties + *ProcessEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ProcessEntity. +func (peVar ProcessEntity) MarshalJSON() ([]byte, error) { + peVar.Kind = KindProcess + objectMap := make(map[string]interface{}) + if peVar.ProcessEntityProperties != nil { + objectMap["properties"] = peVar.ProcessEntityProperties + } + if peVar.Kind != "" { + objectMap["kind"] = peVar.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsFileHash() (*FileHash, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool) { + return &peVar, true +} + +// AsDNSEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool) { + return &peVar, true +} + +// UnmarshalJSON is the custom unmarshaler for ProcessEntity struct. +func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var processEntityProperties ProcessEntityProperties + err = json.Unmarshal(*v, &processEntityProperties) + if err != nil { + return err + } + peVar.ProcessEntityProperties = &processEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + peVar.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + peVar.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + peVar.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + peVar.Kind = kind + } + } + } + + return nil +} + +// ProcessEntityProperties process entity property bag. +type ProcessEntityProperties struct { + // ProcessID - READ-ONLY; The process ID + ProcessID *string `json:"processId,omitempty"` + // CommandLine - READ-ONLY; The command line used to create the process + CommandLine *string `json:"commandLine,omitempty"` + // ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited' + ElevationToken ElevationToken `json:"elevationToken,omitempty"` + // CreationTimeUtc - READ-ONLY; The time when the process started to run + CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"` + // ImageFileEntityID - READ-ONLY; Image file entity id + ImageFileEntityID *string `json:"imageFileEntityId,omitempty"` + // AccountEntityID - READ-ONLY; The account entity id running the processes. + AccountEntityID *string `json:"accountEntityId,omitempty"` + // ParentProcessEntityID - READ-ONLY; The parent process entity id. + ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"` + // HostEntityID - READ-ONLY; The host entity id on which the process was running + HostEntityID *string `json:"hostEntityId,omitempty"` + // HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running + HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for ProcessEntityProperties. +func (pep ProcessEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if pep.ElevationToken != "" { + objectMap["elevationToken"] = pep.ElevationToken + } + return json.Marshal(objectMap) +} + +// RegistryKeyEntity represents a registry key entity. +type RegistryKeyEntity struct { + // RegistryKeyEntityProperties - RegistryKey entity properties + *RegistryKeyEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for RegistryKeyEntity. +func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error) { + rke.Kind = KindRegistryKey + objectMap := make(map[string]interface{}) + if rke.RegistryKeyEntityProperties != nil { + objectMap["properties"] = rke.RegistryKeyEntityProperties + } + if rke.Kind != "" { + objectMap["kind"] = rke.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsFileHash() (*FileHash, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return &rke, true +} + +// AsRegistryValueEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool) { + return &rke, true +} + +// UnmarshalJSON is the custom unmarshaler for RegistryKeyEntity struct. +func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var registryKeyEntityProperties RegistryKeyEntityProperties + err = json.Unmarshal(*v, ®istryKeyEntityProperties) + if err != nil { + return err + } + rke.RegistryKeyEntityProperties = ®istryKeyEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + rke.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + rke.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + rke.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + rke.Kind = kind + } + } + } + + return nil +} + +// RegistryKeyEntityProperties registryKey entity property bag. +type RegistryKeyEntityProperties struct { + // Hive - READ-ONLY; the hive that holds the registry key. Possible values include: 'HKEYLOCALMACHINE', 'HKEYCLASSESROOT', 'HKEYCURRENTCONFIG', 'HKEYUSERS', 'HKEYCURRENTUSERLOCALSETTINGS', 'HKEYPERFORMANCEDATA', 'HKEYPERFORMANCENLSTEXT', 'HKEYPERFORMANCETEXT', 'HKEYA', 'HKEYCURRENTUSER' + Hive RegistryHive `json:"hive,omitempty"` + // Key - READ-ONLY; The registry key path. + Key *string `json:"key,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for RegistryKeyEntityProperties. +func (rkep RegistryKeyEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// RegistryValueEntity represents a registry value entity. +type RegistryValueEntity struct { + // RegistryValueEntityProperties - RegistryKey entity properties + *RegistryValueEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for RegistryValueEntity. +func (rve RegistryValueEntity) MarshalJSON() ([]byte, error) { + rve.Kind = KindRegistryValue + objectMap := make(map[string]interface{}) + if rve.RegistryValueEntityProperties != nil { + objectMap["properties"] = rve.RegistryValueEntityProperties + } + if rve.Kind != "" { + objectMap["kind"] = rve.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsFileHash() (*FileHash, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return &rve, true +} + +// AsURLEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool) { + return &rve, true +} + +// UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct. +func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var registryValueEntityProperties RegistryValueEntityProperties + err = json.Unmarshal(*v, ®istryValueEntityProperties) + if err != nil { + return err + } + rve.RegistryValueEntityProperties = ®istryValueEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + rve.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + rve.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + rve.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + rve.Kind = kind + } + } + } + + return nil +} + +// RegistryValueEntityProperties registryValue entity property bag. +type RegistryValueEntityProperties struct { + // ValueName - READ-ONLY; The registry value name. + ValueName *string `json:"valueName,omitempty"` + // ValueData - READ-ONLY; String formatted representation of the value data. + ValueData *string `json:"valueData,omitempty"` + // ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord' + ValueType RegistryValueKind `json:"valueType,omitempty"` + // KeyEntityID - READ-ONLY; The registry key entity id. + KeyEntityID *string `json:"keyEntityId,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for RegistryValueEntityProperties. +func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// Resource an azure resource object +type Resource struct { + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` +} + +// ScheduledAlertRule represents scheduled alert rule. +type ScheduledAlertRule struct { + // ScheduledAlertRuleProperties - Scheduled alert rule properties + *ScheduledAlertRuleProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' + Kind Kind `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ScheduledAlertRule. +func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) { + sar.Kind = KindScheduled + objectMap := make(map[string]interface{}) + if sar.ScheduledAlertRuleProperties != nil { + objectMap["properties"] = sar.ScheduledAlertRuleProperties + } + if sar.Etag != nil { + objectMap["etag"] = sar.Etag + } + if sar.Kind != "" { + objectMap["kind"] = sar.Kind + } + return json.Marshal(objectMap) +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return &sar, true +} + +// AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool) { + return nil, false +} + +// AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &sar, true +} + +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct. +func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var scheduledAlertRuleProperties ScheduledAlertRuleProperties + err = json.Unmarshal(*v, &scheduledAlertRuleProperties) + if err != nil { + return err + } + sar.ScheduledAlertRuleProperties = &scheduledAlertRuleProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sar.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sar.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sar.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + sar.Etag = &etag + } + case "kind": + if v != nil { + var kind Kind + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + sar.Kind = kind + } + } + } + + return nil +} + +// ScheduledAlertRuleProperties alert rule property bag. +type ScheduledAlertRuleProperties struct { + // DisplayName - The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule. + Description *string `json:"description,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. + SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` + // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. + SuppressionDuration *string `json:"suppressionDuration,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. + LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` } -// OfficeDataConnector represents office data connector. -type OfficeDataConnector struct { - // OfficeDataConnectorProperties - Office data connector properties. - *OfficeDataConnectorProperties `json:"properties,omitempty"` +// SecurityAlert represents a security alert entity. +type SecurityAlert struct { + // SecurityAlertProperties - SecurityAlert entity properties + *SecurityAlertProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for OfficeDataConnector. -func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { - odc.Kind = KindOffice365 +// MarshalJSON is the custom marshaler for SecurityAlert. +func (sa SecurityAlert) MarshalJSON() ([]byte, error) { + sa.Kind = KindSecurityAlert objectMap := make(map[string]interface{}) - if odc.OfficeDataConnectorProperties != nil { - objectMap["properties"] = odc.OfficeDataConnectorProperties - } - if odc.Etag != nil { - objectMap["etag"] = odc.Etag + if sa.SecurityAlertProperties != nil { + objectMap["properties"] = sa.SecurityAlertProperties } - if odc.Kind != "" { - objectMap["kind"] = odc.Kind + if sa.Kind != "" { + objectMap["kind"] = sa.Kind } return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return &odc, true +// AsAccountEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool) { + return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsHostEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsFileEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { + return &sa, true +} + +// AsFileHash is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsFileHash() (*FileHash, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMalwareEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsProcessEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &odc, true +// AsDNSEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct. -func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { +// AsIPEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsBookmarkEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool) { + return &sa, true +} + +// UnmarshalJSON is the custom unmarshaler for SecurityAlert struct. +func (sa *SecurityAlert) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -4310,12 +7653,12 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var officeDataConnectorProperties OfficeDataConnectorProperties - err = json.Unmarshal(*v, &officeDataConnectorProperties) + var securityAlertProperties SecurityAlertProperties + err = json.Unmarshal(*v, &securityAlertProperties) if err != nil { return err } - odc.OfficeDataConnectorProperties = &officeDataConnectorProperties + sa.SecurityAlertProperties = &securityAlertProperties } case "id": if v != nil { @@ -4324,7 +7667,7 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - odc.ID = &ID + sa.ID = &ID } case "type": if v != nil { @@ -4333,7 +7676,7 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - odc.Type = &typeVar + sa.Type = &typeVar } case "name": if v != nil { @@ -4342,25 +7685,16 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - odc.Name = &name - } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - odc.Etag = &etag + sa.Name = &name } case "kind": if v != nil { - var kind KindBasicDataConnector + var kind KindBasicEntity err = json.Unmarshal(*v, &kind) if err != nil { return err } - odc.Kind = kind + sa.Kind = kind } } } @@ -4368,259 +7702,192 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { return nil } -// OfficeDataConnectorDataTypes the available data types for office data connector. -type OfficeDataConnectorDataTypes struct { - // SharePoint - SharePoint data type connection. - SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` - // Exchange - Exchange data type connection. - Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` -} - -// OfficeDataConnectorDataTypesExchange exchange data type connection. -type OfficeDataConnectorDataTypesExchange struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` -} - -// OfficeDataConnectorDataTypesSharePoint sharePoint data type connection. -type OfficeDataConnectorDataTypesSharePoint struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` -} - -// OfficeDataConnectorProperties office data connector properties. -type OfficeDataConnectorProperties struct { - // DataTypes - The available data types for the connector. - DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` -} - -// Operation operation provided by provider -type Operation struct { - // Name - Name of the operation - Name *string `json:"name,omitempty"` - // Display - Properties of the operation - Display *OperationDisplay `json:"display,omitempty"` -} - -// OperationDisplay properties of the operation -type OperationDisplay struct { - // Provider - Provider name - Provider *string `json:"provider,omitempty"` - // Resource - Resource name - Resource *string `json:"resource,omitempty"` - // Operation - Operation name - Operation *string `json:"operation,omitempty"` - // Description - Description of the operation +// SecurityAlertProperties securityAlert entity property bag. +type SecurityAlertProperties struct { + // SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product. + SystemAlertID *string `json:"systemAlertId,omitempty"` + // ConfidenceReasons - READ-ONLY; The confidence reasons + ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"` + // ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final' + ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` + // Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact' + Intent KillChainIntent `json:"intent,omitempty"` + // ConfidenceScore - READ-ONLY; The confidence score of the alert. + ConfidenceScore *float64 `json:"confidenceScore,omitempty"` + // AlertDisplayName - READ-ONLY; The display name of the alert. + AlertDisplayName *string `json:"alertDisplayName,omitempty"` + // Description - READ-ONLY; Alert description. Description *string `json:"description,omitempty"` -} - -// OperationsList lists the operations available in the SecurityInsights RP. -type OperationsList struct { - autorest.Response `json:"-"` - // NextLink - URL to fetch the next set of operations. - NextLink *string `json:"nextLink,omitempty"` - // Value - Array of operations - Value *[]Operation `json:"value,omitempty"` -} - -// OperationsListIterator provides access to a complete listing of Operation values. -type OperationsListIterator struct { - i int - page OperationsListPage -} - -// NextWithContext advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListIterator.NextWithContext") - defer func() { - sc := -1 - if iter.Response().Response.Response != nil { - sc = iter.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - iter.i++ - if iter.i < len(iter.page.Values()) { - return nil - } - err = iter.page.NextWithContext(ctx) - if err != nil { - iter.i-- - return err + // RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert. + RemediationSteps *[]string `json:"remediationSteps,omitempty"` + // ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh' + ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"` + // Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // VendorName - READ-ONLY; The name of the vendor that raise the alert. + VendorName *string `json:"vendorName,omitempty"` + // ProductName - READ-ONLY; The name of the product which published this alert. + ProductName *string `json:"productName,omitempty"` + // ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert. + ProductComponentName *string `json:"productComponentName,omitempty"` + // AlertType - READ-ONLY; The type name of the alert. + AlertType *string `json:"alertType,omitempty"` + // ProductVersion - READ-ONLY; The version of the product generating the alert. + ProductVersion *string `json:"productVersion,omitempty"` + // ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption. + ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"` + // Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress' + Status AlertStatus `json:"status,omitempty"` + // EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert). + EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` + // StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert). + StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` + // TimeGenerated - READ-ONLY; The time the alert was generated. + TimeGenerated *date.Time `json:"timeGenerated,omitempty"` + // CompromisedEntity - READ-ONLY; Display name of the main entity being reported on. + CompromisedEntity *string `json:"compromisedEntity,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for SecurityAlertProperties. +func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if sap.Severity != "" { + objectMap["severity"] = sap.Severity } - iter.i = 0 - return nil -} - -// Next advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (iter *OperationsListIterator) Next() error { - return iter.NextWithContext(context.Background()) + return json.Marshal(objectMap) } -// NotDone returns true if the enumeration should be started or is not yet complete. -func (iter OperationsListIterator) NotDone() bool { - return iter.page.NotDone() && iter.i < len(iter.page.Values()) +// SecurityAlertPropertiesConfidenceReasonsItem confidence reason item +type SecurityAlertPropertiesConfidenceReasonsItem struct { + // ReasonType - READ-ONLY; The type (category) of the reason + ReasonType *string `json:"reasonType,omitempty"` + // Reason - READ-ONLY; The reason's description + Reason *string `json:"reason,omitempty"` } -// Response returns the raw server response from the last page request. -func (iter OperationsListIterator) Response() OperationsList { - return iter.page.Response() +// SecurityGroupEntity represents a security group entity. +type SecurityGroupEntity struct { + // SecurityGroupEntityProperties - SecurityGroup entity properties + *SecurityGroupEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` } -// Value returns the current value or a zero-initialized value if the -// iterator has advanced beyond the end of the collection. -func (iter OperationsListIterator) Value() Operation { - if !iter.page.NotDone() { - return Operation{} +// MarshalJSON is the custom marshaler for SecurityGroupEntity. +func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error) { + sge.Kind = KindSecurityGroup + objectMap := make(map[string]interface{}) + if sge.SecurityGroupEntityProperties != nil { + objectMap["properties"] = sge.SecurityGroupEntityProperties } - return iter.page.Values()[iter.i] + if sge.Kind != "" { + objectMap["kind"] = sge.Kind + } + return json.Marshal(objectMap) } -// Creates a new instance of the OperationsListIterator type. -func NewOperationsListIterator(page OperationsListPage) OperationsListIterator { - return OperationsListIterator{page: page} +// AsAccountEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false } -// IsEmpty returns true if the ListResult contains no values. -func (ol OperationsList) IsEmpty() bool { - return ol.Value == nil || len(*ol.Value) == 0 +// AsHostEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false } -// operationsListPreparer prepares a request to retrieve the next set of results. -// It returns nil if no more results exist. -func (ol OperationsList) operationsListPreparer(ctx context.Context) (*http.Request, error) { - if ol.NextLink == nil || len(to.String(ol.NextLink)) < 1 { - return nil, nil - } - return autorest.Prepare((&http.Request{}).WithContext(ctx), - autorest.AsJSON(), - autorest.AsGet(), - autorest.WithBaseURL(to.String(ol.NextLink))) +// AsFileEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false } -// OperationsListPage contains a page of Operation values. -type OperationsListPage struct { - fn func(context.Context, OperationsList) (OperationsList, error) - ol OperationsList +// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false } -// NextWithContext advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListPage.NextWithContext") - defer func() { - sc := -1 - if page.Response().Response.Response != nil { - sc = page.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - next, err := page.fn(ctx, page.ol) - if err != nil { - return err - } - page.ol = next - return nil +// AsFileHash is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsFileHash() (*FileHash, bool) { + return nil, false } -// Next advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (page *OperationsListPage) Next() error { - return page.NextWithContext(context.Background()) +// AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false } -// NotDone returns true if the page enumeration should be started or is not yet complete. -func (page OperationsListPage) NotDone() bool { - return !page.ol.IsEmpty() +// AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return &sge, true } -// Response returns the raw server response from the last page request. -func (page OperationsListPage) Response() OperationsList { - return page.ol +// AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false } -// Values returns the slice of values for the current page or nil if there are no values. -func (page OperationsListPage) Values() []Operation { - if page.ol.IsEmpty() { - return nil - } - return *page.ol.Value +// AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false } -// Creates a new instance of the OperationsListPage type. -func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { - return OperationsListPage{fn: getNextPage} +// AsProcessEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false } -// Resource an azure resource object -type Resource struct { - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` +// AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false } -// ScheduledAlertRule represents scheduled alert rule. -type ScheduledAlertRule struct { - // ScheduledAlertRuleProperties - Scheduled alert rule properties - *ScheduledAlertRuleProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' - Kind Kind `json:"kind,omitempty"` +// AsIPEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false } -// MarshalJSON is the custom marshaler for ScheduledAlertRule. -func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) { - sar.Kind = KindScheduled - objectMap := make(map[string]interface{}) - if sar.ScheduledAlertRuleProperties != nil { - objectMap["properties"] = sar.ScheduledAlertRuleProperties - } - if sar.Etag != nil { - objectMap["etag"] = sar.Etag - } - if sar.Kind != "" { - objectMap["kind"] = sar.Kind - } - return json.Marshal(objectMap) +// AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false } -// AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { - return &sar, true +// AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false } -// AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool) { +// AsURLEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { - return &sar, true +// AsBookmarkEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct. -func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { +// AsEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool) { + return &sge, true +} + +// UnmarshalJSON is the custom unmarshaler for SecurityGroupEntity struct. +func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -4630,12 +7897,12 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var scheduledAlertRuleProperties ScheduledAlertRuleProperties - err = json.Unmarshal(*v, &scheduledAlertRuleProperties) + var securityGroupEntityProperties SecurityGroupEntityProperties + err = json.Unmarshal(*v, &securityGroupEntityProperties) if err != nil { return err } - sar.ScheduledAlertRuleProperties = &scheduledAlertRuleProperties + sge.SecurityGroupEntityProperties = &securityGroupEntityProperties } case "id": if v != nil { @@ -4644,7 +7911,7 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { if err != nil { return err } - sar.ID = &ID + sge.ID = &ID } case "type": if v != nil { @@ -4653,7 +7920,7 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { if err != nil { return err } - sar.Type = &typeVar + sge.Type = &typeVar } case "name": if v != nil { @@ -4662,25 +7929,16 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { if err != nil { return err } - sar.Name = &name - } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - sar.Etag = &etag + sge.Name = &name } case "kind": if v != nil { - var kind Kind + var kind KindBasicEntity err = json.Unmarshal(*v, &kind) if err != nil { return err } - sar.Kind = kind + sge.Kind = kind } } } @@ -4688,32 +7946,24 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { return nil } -// ScheduledAlertRuleProperties alert rule property bag. -type ScheduledAlertRuleProperties struct { - // DisplayName - The display name for alerts created by this alert rule. - DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule. - Description *string `json:"description,omitempty"` - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` - // Enabled - Determines whether this alert rule is enabled or disabled. - Enabled *bool `json:"enabled,omitempty"` - // Query - The query that creates alerts for this rule. - Query *string `json:"query,omitempty"` - // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. - QueryFrequency *string `json:"queryFrequency,omitempty"` - // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. - QueryPeriod *string `json:"queryPeriod,omitempty"` - // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' - TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` - // TriggerThreshold - The threshold triggers this alert rule. - TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` - // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. - SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` - // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. - SuppressionDuration *string `json:"suppressionDuration,omitempty"` - // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` +// SecurityGroupEntityProperties securityGroup entity property bag. +type SecurityGroupEntityProperties struct { + // DistinguishedName - READ-ONLY; The group distinguished name + DistinguishedName *string `json:"distinguishedName,omitempty"` + // Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group + Sid *string `json:"sid,omitempty"` + // ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory. + ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for SecurityGroupEntityProperties. +func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) } // BasicSettings the Setting. @@ -4835,6 +8085,22 @@ func (sm *SettingsModel) UnmarshalJSON(body []byte) error { return nil } +// ThreatIntelligence threatIntelligence property bag. +type ThreatIntelligence struct { + // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received + ProviderName *string `json:"providerName,omitempty"` + // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") + ThreatType *string `json:"threatType,omitempty"` + // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") + ThreatName *string `json:"threatName,omitempty"` + // Confidence - READ-ONLY; Confidence (must be between 0 and 1) + Confidence *float64 `json:"confidence,omitempty"` + // ReportLink - READ-ONLY; Report link + ReportLink *string `json:"reportLink,omitempty"` + // ThreatDescription - READ-ONLY; Threat description (free text) + ThreatDescription *string `json:"threatDescription,omitempty"` +} + // TIDataConnector represents threat intelligence data connector. type TIDataConnector struct { // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. @@ -5264,6 +8530,199 @@ type UebaSettingsProperties struct { AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` } +// URLEntity represents a url entity. +type URLEntity struct { + // URLEntityProperties - Url entity properties + *URLEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for URLEntity. +func (ue URLEntity) MarshalJSON() ([]byte, error) { + ue.Kind = KindURL + objectMap := make(map[string]interface{}) + if ue.URLEntityProperties != nil { + objectMap["properties"] = ue.URLEntityProperties + } + if ue.Kind != "" { + objectMap["kind"] = ue.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHash is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileHash() (*FileHash, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsURLEntity() (*URLEntity, bool) { + return &ue, true +} + +// AsBookmarkEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsBasicEntity() (BasicEntity, bool) { + return &ue, true +} + +// UnmarshalJSON is the custom unmarshaler for URLEntity struct. +func (ue *URLEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var URLEntityProperties URLEntityProperties + err = json.Unmarshal(*v, &URLEntityProperties) + if err != nil { + return err + } + ue.URLEntityProperties = &URLEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ue.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ue.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ue.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ue.Kind = kind + } + } + } + + return nil +} + +// URLEntityProperties url entity property bag. +type URLEntityProperties struct { + // URL - READ-ONLY; A full URL the entity points to + URL *string `json:"url,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for URLEntityProperties. +func (uep URLEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + // UserInfo user information that made some action type UserInfo struct { // ObjectID - The object id of the user. diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go index 80cadcd82ce4..df4305769a17 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go @@ -82,6 +82,7 @@ var _ DataConnectorsClientAPI = (*securityinsight.DataConnectorsClient)(nil) // EntitiesClientAPI contains the set of methods on the EntitiesClient type. type EntitiesClientAPI interface { + Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters securityinsight.EntityExpandParameters) (result securityinsight.EntityExpandResponse, err error) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (result securityinsight.EntityModel, err error) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.EntityListPage, err error) } From 634443a435dc464f9fab0b595341970b581cfaa5 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Mon, 22 Jul 2019 12:23:09 +0000 Subject: [PATCH 2/3] Generated from ebb1f1f5bdab7f12639fbee775adf16611d092ad removed cases changes (will be in another PR) --- .../mgmt/securityinsight/models.go | 2 +- .../securityinsight/cases.go | 4 +- .../securityinsight/entities.go | 5 +- .../securityinsight/models.go | 188 +++++++++--------- 4 files changed, 93 insertions(+), 106 deletions(-) diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go index 9701778bed57..497e76a3ec7a 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go @@ -422,7 +422,7 @@ type ExpansionResultAggregation = original.ExpansionResultAggregation type ExpansionResultsMetadata = original.ExpansionResultsMetadata type FileEntity = original.FileEntity type FileEntityProperties = original.FileEntityProperties -type FileHash = original.FileHash +type FileHashEntity = original.FileHashEntity type FileHashEntityProperties = original.FileHashEntityProperties type GeoLocation = original.GeoLocation type HostEntity = original.HostEntity diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go index 10f08f47c7d0..9a4eb0d79790 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go @@ -73,9 +73,7 @@ func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, {TargetValue: caseParameter, Constraints: []validation.Constraint{{Target: "caseParameter.CaseProperties", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.StartTimeUtc", Name: validation.Null, Rule: true, Chain: nil}, - {Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}, - }}}}}); err != nil { + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { return result, validation.NewError("securityinsight.CasesClient", "CreateOrUpdate", err.Error()) } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go index d8d24ad40d01..f0e21ffe611a 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go @@ -70,10 +70,7 @@ func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName strin {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, {TargetValue: workspaceName, Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, - {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, - {TargetValue: parameters, - Constraints: []validation.Constraint{{Target: "parameters.ExpansionID", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "parameters.ExpansionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}}}}); err != nil { + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { return result, validation.NewError("securityinsight.EntitiesClient", "Expand", err.Error()) } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index e85a9c64fa3a..c7b8caa7bce2 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -1063,8 +1063,8 @@ func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -2249,8 +2249,8 @@ func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -2529,8 +2529,8 @@ func (be BookmarkEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for BookmarkEntity. +func (be BookmarkEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -3125,14 +3125,6 @@ type CaseProperties struct { Status CaseStatus `json:"status,omitempty"` // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'Other' CloseReason CloseReason `json:"closeReason,omitempty"` - // ClosedReasonText - the case close reason details - ClosedReasonText *string `json:"closedReasonText,omitempty"` - // RelatedAlertIds - List of related alert identifiers - RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"` - // CaseNumber - a sequential number - CaseNumber *int32 `json:"caseNumber,omitempty"` - // LastComment - the last comment in the case - LastComment *string `json:"lastComment,omitempty"` } // CasesAggregation represents aggregations results for cases. @@ -3318,8 +3310,8 @@ func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -3937,8 +3929,8 @@ func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -4095,7 +4087,7 @@ type BasicEntity interface { AsHostEntity() (*HostEntity, bool) AsFileEntity() (*FileEntity, bool) AsSecurityAlert() (*SecurityAlert, bool) - AsFileHash() (*FileHash, bool) + AsFileHashEntity() (*FileHashEntity, bool) AsMalwareEntity() (*MalwareEntity, bool) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) AsAzureResourceEntity() (*AzureResourceEntity, bool) @@ -4148,9 +4140,9 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { err := json.Unmarshal(body, &sa) return sa, err case string(KindFileHash): - var fh FileHash - err := json.Unmarshal(body, &fh) - return fh, err + var fhe FileHashEntity + err := json.Unmarshal(body, &fhe) + return fhe, err case string(KindMalware): var me MalwareEntity err := json.Unmarshal(body, &me) @@ -4250,8 +4242,8 @@ func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for Entity. -func (e Entity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for Entity. +func (e Entity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -4883,8 +4875,8 @@ func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -5035,8 +5027,8 @@ func (fep FileEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// FileHash represents a file hash entity. -type FileHash struct { +// FileHashEntity represents a file hash entity. +type FileHashEntity struct { // FileHashEntityProperties - FileHash entity properties *FileHashEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id @@ -5049,111 +5041,111 @@ type FileHash struct { Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for FileHash. -func (fh FileHash) MarshalJSON() ([]byte, error) { - fh.Kind = KindFileHash +// MarshalJSON is the custom marshaler for FileHashEntity. +func (fhe FileHashEntity) MarshalJSON() ([]byte, error) { + fhe.Kind = KindFileHash objectMap := make(map[string]interface{}) - if fh.FileHashEntityProperties != nil { - objectMap["properties"] = fh.FileHashEntityProperties + if fhe.FileHashEntityProperties != nil { + objectMap["properties"] = fhe.FileHashEntityProperties } - if fh.Kind != "" { - objectMap["kind"] = fh.Kind + if fhe.Kind != "" { + objectMap["kind"] = fhe.Kind } return json.Marshal(objectMap) } -// AsAccountEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsAccountEntity() (*AccountEntity, bool) { +// AsAccountEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsHostEntity() (*HostEntity, bool) { +// AsHostEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsFileEntity() (*FileEntity, bool) { +// AsFileEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for FileHash. -func (fh FileHash) AsSecurityAlert() (*SecurityAlert, bool) { +// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for FileHash. -func (fh FileHash) AsFileHash() (*FileHash, bool) { - return &fh, true +// AsFileHashEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return &fhe, true } -// AsMalwareEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsMalwareEntity() (*MalwareEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsProcessEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsProcessEntity() (*ProcessEntity, bool) { +// AsProcessEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsDNSEntity() (*DNSEntity, bool) { +// AsDNSEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsIPEntity() (*IPEntity, bool) { +// AsIPEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsURLEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsURLEntity() (*URLEntity, bool) { +// AsURLEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsBookmarkEntity() (*BookmarkEntity, bool) { +// AsBookmarkEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { return nil, false } -// AsEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsEntity() (*Entity, bool) { +// AsEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsEntity() (*Entity, bool) { return nil, false } -// AsBasicEntity is the BasicEntity implementation for FileHash. -func (fh FileHash) AsBasicEntity() (BasicEntity, bool) { - return &fh, true +// AsBasicEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool) { + return &fhe, true } -// UnmarshalJSON is the custom unmarshaler for FileHash struct. -func (fh *FileHash) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for FileHashEntity struct. +func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -5168,7 +5160,7 @@ func (fh *FileHash) UnmarshalJSON(body []byte) error { if err != nil { return err } - fh.FileHashEntityProperties = &fileHashEntityProperties + fhe.FileHashEntityProperties = &fileHashEntityProperties } case "id": if v != nil { @@ -5177,7 +5169,7 @@ func (fh *FileHash) UnmarshalJSON(body []byte) error { if err != nil { return err } - fh.ID = &ID + fhe.ID = &ID } case "type": if v != nil { @@ -5186,7 +5178,7 @@ func (fh *FileHash) UnmarshalJSON(body []byte) error { if err != nil { return err } - fh.Type = &typeVar + fhe.Type = &typeVar } case "name": if v != nil { @@ -5195,7 +5187,7 @@ func (fh *FileHash) UnmarshalJSON(body []byte) error { if err != nil { return err } - fh.Name = &name + fhe.Name = &name } case "kind": if v != nil { @@ -5204,7 +5196,7 @@ func (fh *FileHash) UnmarshalJSON(body []byte) error { if err != nil { return err } - fh.Kind = kind + fhe.Kind = kind } } } @@ -5295,8 +5287,8 @@ func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -5507,8 +5499,8 @@ func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -5707,8 +5699,8 @@ func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -6812,8 +6804,8 @@ func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -7024,8 +7016,8 @@ func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -7219,8 +7211,8 @@ func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -7572,8 +7564,8 @@ func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { return &sa, true } -// AsFileHash is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -7816,8 +7808,8 @@ func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } @@ -8577,8 +8569,8 @@ func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsFileHash is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsFileHash() (*FileHash, bool) { +// AsFileHashEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } From f4581a166087f54ec503f6dd80f8602b48195587 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Wed, 24 Jul 2019 12:00:06 +0000 Subject: [PATCH 3/3] Generated from ab899e75a364a5b6dbf21370c1db65b769094ec8 removed bookmarkEntity from entities api (currently not supported) --- .../mgmt/securityinsight/models.go | 3 - .../securityinsight/models.go | 341 +----------------- 2 files changed, 17 insertions(+), 327 deletions(-) diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go index 497e76a3ec7a..aaacda66d67a 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go @@ -236,7 +236,6 @@ type KindBasicEntity = original.KindBasicEntity const ( KindAccount KindBasicEntity = original.KindAccount KindAzureResource KindBasicEntity = original.KindAzureResource - KindBookmark KindBasicEntity = original.KindBookmark KindCloudApplication KindBasicEntity = original.KindCloudApplication KindDNSResolution KindBasicEntity = original.KindDNSResolution KindEntity KindBasicEntity = original.KindEntity @@ -367,8 +366,6 @@ type BasicDataConnector = original.BasicDataConnector type BasicEntity = original.BasicEntity type BasicSettings = original.BasicSettings type Bookmark = original.Bookmark -type BookmarkEntity = original.BookmarkEntity -type BookmarkEntityProperties = original.BookmarkEntityProperties type BookmarkList = original.BookmarkList type BookmarkListIterator = original.BookmarkListIterator type BookmarkListPage = original.BookmarkListPage diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index c7b8caa7bce2..7f24440b5600 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -503,8 +503,6 @@ const ( KindAccount KindBasicEntity = "Account" // KindAzureResource ... KindAzureResource KindBasicEntity = "AzureResource" - // KindBookmark ... - KindBookmark KindBasicEntity = "Bookmark" // KindCloudApplication ... KindCloudApplication KindBasicEntity = "CloudApplication" // KindDNSResolution ... @@ -537,7 +535,7 @@ const ( // PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type. func PossibleKindBasicEntityValues() []KindBasicEntity { - return []KindBasicEntity{KindAccount, KindAzureResource, KindBookmark, KindCloudApplication, KindDNSResolution, KindEntity, KindFile, KindFileHash, KindHost, KindIP, KindMalware, KindProcess, KindRegistryKey, KindRegistryValue, KindSecurityAlert, KindSecurityGroup, KindURL} + return []KindBasicEntity{KindAccount, KindAzureResource, KindCloudApplication, KindDNSResolution, KindEntity, KindFile, KindFileHash, KindHost, KindIP, KindMalware, KindProcess, KindRegistryKey, KindRegistryValue, KindSecurityAlert, KindSecurityGroup, KindURL} } // KindBasicSettings enumerates the values for kind basic settings. @@ -1026,7 +1024,7 @@ type AccountEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -1118,11 +1116,6 @@ func (ae AccountEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for AccountEntity. func (ae AccountEntity) AsEntity() (*Entity, bool) { return nil, false @@ -2212,7 +2205,7 @@ type AzureResourceEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -2304,11 +2297,6 @@ func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for AzureResourceEntity. func (are AzureResourceEntity) AsEntity() (*Entity, bool) { return nil, false @@ -2482,226 +2470,6 @@ func (b *Bookmark) UnmarshalJSON(body []byte) error { return nil } -// BookmarkEntity represents a bookmark entity. -type BookmarkEntity struct { - // BookmarkEntityProperties - Bookmark entity properties - *BookmarkEntityProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' - Kind KindBasicEntity `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for BookmarkEntity. -func (be BookmarkEntity) MarshalJSON() ([]byte, error) { - be.Kind = KindBookmark - objectMap := make(map[string]interface{}) - if be.BookmarkEntityProperties != nil { - objectMap["properties"] = be.BookmarkEntityProperties - } - if be.Kind != "" { - objectMap["kind"] = be.Kind - } - return json.Marshal(objectMap) -} - -// AsAccountEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - -// AsBookmarkEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return &be, true -} - -// AsEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsEntity() (*Entity, bool) { - return nil, false -} - -// AsBasicEntity is the BasicEntity implementation for BookmarkEntity. -func (be BookmarkEntity) AsBasicEntity() (BasicEntity, bool) { - return &be, true -} - -// UnmarshalJSON is the custom unmarshaler for BookmarkEntity struct. -func (be *BookmarkEntity) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var bookmarkEntityProperties BookmarkEntityProperties - err = json.Unmarshal(*v, &bookmarkEntityProperties) - if err != nil { - return err - } - be.BookmarkEntityProperties = &bookmarkEntityProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - be.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - be.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - be.Name = &name - } - case "kind": - if v != nil { - var kind KindBasicEntity - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - be.Kind = kind - } - } - } - - return nil -} - -// BookmarkEntityProperties bookmark entity property bag. -type BookmarkEntityProperties struct { - // DisplayName - READ-ONLY; the display name - DisplayName *string `json:"displayName,omitempty"` - // Created - READ-ONLY; the created date/time - Created *date.Time `json:"created,omitempty"` - // Updated - READ-ONLY; the last updated date/time - Updated *date.Time `json:"updated,omitempty"` - // CreatedBy - information about the user that created this bookmark - CreatedBy *UserInfo `json:"createdBy,omitempty"` - // UpdatedBy - information about the user that last updated this bookmark - UpdatedBy *UserInfo `json:"updatedBy,omitempty"` - // EventTime - READ-ONLY; the last event date/time - EventTime *date.Time `json:"eventTime,omitempty"` - // Notes - READ-ONLY; the user-defined notes - Notes *string `json:"notes,omitempty"` - // Labels - the user-defined tags - Labels *[]string `json:"labels,omitempty"` - // Query - READ-ONLY; the query that produced the result - Query *string `json:"query,omitempty"` - // QueryResult - READ-ONLY; the result of the query (a single bookmarked result row) - QueryResult *string `json:"queryResult,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for BookmarkEntityProperties. -func (bep BookmarkEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - if bep.CreatedBy != nil { - objectMap["createdBy"] = bep.CreatedBy - } - if bep.UpdatedBy != nil { - objectMap["updatedBy"] = bep.UpdatedBy - } - if bep.Labels != nil { - objectMap["labels"] = bep.Labels - } - return json.Marshal(objectMap) -} - // BookmarkList list all the bookmarks. type BookmarkList struct { autorest.Response `json:"-"` @@ -3273,7 +3041,7 @@ type CloudApplicationEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -3365,11 +3133,6 @@ func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for CloudApplicationEntity. func (cae CloudApplicationEntity) AsEntity() (*Entity, bool) { return nil, false @@ -3892,7 +3655,7 @@ type DNSEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -3984,11 +3747,6 @@ func (de DNSEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for DNSEntity. func (de DNSEntity) AsEntity() (*Entity, bool) { return nil, false @@ -4098,7 +3856,6 @@ type BasicEntity interface { AsRegistryKeyEntity() (*RegistryKeyEntity, bool) AsRegistryValueEntity() (*RegistryValueEntity, bool) AsURLEntity() (*URLEntity, bool) - AsBookmarkEntity() (*BookmarkEntity, bool) AsEntity() (*Entity, bool) } @@ -4111,7 +3868,7 @@ type Entity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -4183,10 +3940,6 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var ue URLEntity err := json.Unmarshal(body, &ue) return ue, err - case string(KindBookmark): - var be BookmarkEntity - err := json.Unmarshal(body, &be) - return be, err default: var e Entity err := json.Unmarshal(body, &e) @@ -4297,11 +4050,6 @@ func (e Entity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for Entity. -func (e Entity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for Entity. func (e Entity) AsEntity() (*Entity, bool) { return &e, true @@ -4838,7 +4586,7 @@ type FileEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -4930,11 +4678,6 @@ func (fe FileEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for FileEntity. func (fe FileEntity) AsEntity() (*Entity, bool) { return nil, false @@ -5037,7 +4780,7 @@ type FileHashEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5129,11 +4872,6 @@ func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for FileHashEntity. func (fhe FileHashEntity) AsEntity() (*Entity, bool) { return nil, false @@ -5250,7 +4988,7 @@ type HostEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5342,11 +5080,6 @@ func (he HostEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for HostEntity. func (he HostEntity) AsEntity() (*Entity, bool) { return nil, false @@ -5462,7 +5195,7 @@ type IPEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5554,11 +5287,6 @@ func (ie IPEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for IPEntity. func (ie IPEntity) AsEntity() (*Entity, bool) { return nil, false @@ -5662,7 +5390,7 @@ type MalwareEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5754,11 +5482,6 @@ func (me MalwareEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for MalwareEntity. func (me MalwareEntity) AsEntity() (*Entity, bool) { return nil, false @@ -6767,7 +6490,7 @@ type ProcessEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -6859,11 +6582,6 @@ func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for ProcessEntity. func (peVar ProcessEntity) AsEntity() (*Entity, bool) { return nil, false @@ -6979,7 +6697,7 @@ type RegistryKeyEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7071,11 +6789,6 @@ func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for RegistryKeyEntity. func (rke RegistryKeyEntity) AsEntity() (*Entity, bool) { return nil, false @@ -7174,7 +6887,7 @@ type RegistryValueEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7266,11 +6979,6 @@ func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for RegistryValueEntity. func (rve RegistryValueEntity) AsEntity() (*Entity, bool) { return nil, false @@ -7527,7 +7235,7 @@ type SecurityAlert struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7619,11 +7327,6 @@ func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for SecurityAlert. func (sa SecurityAlert) AsEntity() (*Entity, bool) { return nil, false @@ -7771,7 +7474,7 @@ type SecurityGroupEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7863,11 +7566,6 @@ func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBookmarkEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for SecurityGroupEntity. func (sge SecurityGroupEntity) AsEntity() (*Entity, bool) { return nil, false @@ -8532,7 +8230,7 @@ type URLEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL', 'KindBookmark' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -8624,11 +8322,6 @@ func (ue URLEntity) AsURLEntity() (*URLEntity, bool) { return &ue, true } -// AsBookmarkEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsBookmarkEntity() (*BookmarkEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for URLEntity. func (ue URLEntity) AsEntity() (*Entity, bool) { return nil, false