Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[AutoPR securityinsight] removing undocumented alert rule types #585

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/securityinsight/azext_sentinel/azext_metadata.json
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{
"azext.isExperimental": true,
"azext.minCliCoreVersion": "2.11.0"
"azext.minCliCoreVersion": "2.15.0"
}
16 changes: 8 additions & 8 deletions src/securityinsight/azext_sentinel/generated/_client_factory.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,34 +11,34 @@

def cf_sentinel_cl(cli_ctx, *_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from ..vendored_sdks.securityinsight import SecurityInsights
from azext_sentinel.vendored_sdks.securityinsight import SecurityInsights
return get_mgmt_service_client(cli_ctx,
SecurityInsights)


def cf_alert_rule(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).alert_rule
return cf_sentinel_cl(cli_ctx).alert_rules


def cf_action(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).action
return cf_sentinel_cl(cli_ctx).actions


def cf_alert_rule_template(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).alert_rule_template
return cf_sentinel_cl(cli_ctx).alert_rule_templates


def cf_bookmark(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).bookmark
return cf_sentinel_cl(cli_ctx).bookmarks


def cf_data_connector(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).data_connector
return cf_sentinel_cl(cli_ctx).data_connectors


def cf_incident(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).incident
return cf_sentinel_cl(cli_ctx).incidents


def cf_incident_comment(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).incident_comment
return cf_sentinel_cl(cli_ctx).incident_comments
248 changes: 159 additions & 89 deletions src/securityinsight/azext_sentinel/generated/_help.py

Large diffs are not rendered by default.

130 changes: 80 additions & 50 deletions src/securityinsight/azext_sentinel/generated/_params.py

Large diffs are not rendered by default.

79 changes: 63 additions & 16 deletions src/securityinsight/azext_sentinel/generated/action.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
d['enabled'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter fusion_alert_rule. All possible keys are: '
'alert-rule-template-name, enabled, etag'.format(k))
d['kind'] = 'Fusion'
return d

Expand Down Expand Up @@ -76,6 +79,11 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
d['enabled'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter microsoft_security_incident_creation_alert'
'_rule. All possible keys are: display-names-filter, display-names-exclude-filter, '
'product-filter, severities-filter, alert-rule-template-name, description, '
'display-name, enabled, etag'.format(k))
d['kind'] = 'MicrosoftSecurityIncidentCreation'
return d

Expand Down Expand Up @@ -125,6 +133,11 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
d['tactics'] = v
elif kl == 'etag':
d['etag'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter scheduled_alert_rule. All possible keys '
'are: query, query-frequency, query-period, severity, trigger-operator, '
'trigger-threshold, alert-rule-template-name, description, display-name, enabled, '
'suppression-duration, suppression-enabled, tactics, etag'.format(k))
d['kind'] = 'Scheduled'
return d

Expand Down Expand Up @@ -154,6 +167,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
d['title'] = v[0]
elif kl == 'relation-name':
d['relation_name'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter incident_info. All possible keys are: '
'incident-id, severity, title, relation-name'.format(k))
return d


Expand All @@ -180,6 +196,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter aad_data_connector. All possible keys '
'are: tenant-id, state, etag'.format(k))
d['kind'] = 'AzureActiveDirectory'
return d

Expand Down Expand Up @@ -207,6 +226,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter aatp_data_connector. All possible keys '
'are: tenant-id, state, etag'.format(k))
d['kind'] = 'AzureAdvancedThreatProtection'
return d

Expand Down Expand Up @@ -234,6 +256,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter asc_data_connector. All possible keys '
'are: subscription-id, state, etag'.format(k))
d['kind'] = 'AzureSecurityCenter'
return d

Expand Down Expand Up @@ -261,6 +286,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter aws_cloud_trail_data_connector. All '
'possible keys are: aws-role-arn, state, etag'.format(k))
d['kind'] = 'AmazonWebServicesCloudTrail'
return d

Expand All @@ -284,12 +312,16 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
v = properties[k]
if kl == 'tenant-id':
d['tenant_id'] = v[0]
elif kl == 'state-data-types-alerts-state':
d['state_data_types_alerts_state'] = v[0]
elif kl == 'state-data-types-discovery-logs-state':
d['state_data_types_discovery_logs_state'] = v[0]
elif kl == 'state-properties-data-types-alerts-state':
d['undefined'] = v[0]
elif kl == 'state-properties-data-types-discovery-logs-state':
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter mcas_data_connector. All possible keys '
'are: tenant-id, state-properties-data-types-alerts-state, '
'state-properties-data-types-discovery-logs-state, etag'.format(k))
d['kind'] = 'MicrosoftCloudAppSecurity'
return d

Expand Down Expand Up @@ -317,6 +349,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter mdatp_data_connector. All possible keys '
'are: tenant-id, state, etag'.format(k))
d['kind'] = 'MicrosoftDefenderAdvancedThreatProtection'
return d

Expand All @@ -334,25 +369,26 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {
'dataTypes': {
'sharePoint': {'state': 'Disabled'},
'exchange': {'state': 'Disabled'}
}
}
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'tenant-id':
d['tenantId'] = v[0]
elif kl == 'sharepoint-enabled':
d['dataTypes']['sharePoint']['state'] = 'Enabled'
elif kl == 'exchange-enabled':
d['dataTypes']['exchange']['state'] = 'Enabled'
d['tenant_id'] = v[0]
elif kl == 'state-properties-data-types-teams-state':
d['state'] = v[0]
elif kl == 'state-properties-data-types-share-point-state':
d['state'] = v[0]
elif kl == 'state-properties-data-types-exchange-state':
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter office_data_connector. All possible keys '
'are: tenant-id, state-properties-data-types-teams-state, '
'state-properties-data-types-share-point-state, state-properties-data-types-exchange-sta'
'te, etag'.format(k))
d['kind'] = 'Office365'
print(d)
return d


Expand All @@ -375,10 +411,15 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
v = properties[k]
if kl == 'tenant-id':
d['tenant_id'] = v[0]
elif kl == 'tip-lookback-period':
d['tip_lookback_period'] = v[0]
elif kl == 'state':
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter ti_data_connector. All possible keys are: '
'tenant-id, tip-lookback-period, state, etag'.format(k))
d['kind'] = 'ThreatIntelligence'
return d

Expand All @@ -402,6 +443,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
v = properties[k]
if kl == 'label-name':
d['label_name'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter labels. All possible keys are: label-name'
.format(k))
return d


Expand Down Expand Up @@ -430,4 +474,7 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use
d['object_id'] = v[0]
elif kl == 'user-principal-name':
d['user_principal_name'] = v[0]
else:
raise CLIError('Unsupported Key {} is provided for parameter owner. All possible keys are: email, '
'assigned-to, object-id, user-principal-name'.format(k))
return d
67 changes: 34 additions & 33 deletions src/securityinsight/azext_sentinel/generated/commands.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,84 +17,85 @@ def load_command_table(self, _):

from azext_sentinel.generated._client_factory import cf_alert_rule
sentinel_alert_rule = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_operations#AlertRuleOperat'
'ions.{}',
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rules_operations#AlertRulesOper'
'ations.{}',
client_factory=cf_alert_rule)
with self.command_group('sentinel alert-rule', sentinel_alert_rule, client_factory=cf_alert_rule,
is_experimental=True) as g:
with self.command_group('sentinel alert-rule', sentinel_alert_rule, client_factory=cf_alert_rule) as g:
g.custom_command('list', 'sentinel_alert_rule_list')
g.custom_show_command('show', 'sentinel_alert_rule_show')
g.custom_command('create', 'sentinel_alert_rule_create')
g.generic_update_command('update', setter_arg_name='alert_rule',
custom_func_name='sentinel_alert_rule_update')
g.custom_command('update', 'sentinel_alert_rule_update')
g.custom_command('delete', 'sentinel_alert_rule_delete', confirmation=True)
g.custom_command('get-action', 'sentinel_alert_rule_get_action')

from azext_sentinel.generated._client_factory import cf_action
sentinel_action = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._action_operations#ActionOperations.{}'
'',
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._actions_operations#ActionsOperations.'
'{}',
client_factory=cf_action)
with self.command_group('sentinel action', sentinel_action, client_factory=cf_action, is_experimental=True) as g:
with self.command_group('sentinel action', sentinel_action, client_factory=cf_action) as g:
g.custom_command('list', 'sentinel_action_list')
g.custom_show_command('show', 'sentinel_action_show')
g.custom_command('create', 'sentinel_action_create')
g.custom_command('update', 'sentinel_action_update')
g.custom_command('delete', 'sentinel_action_delete', confirmation=True)

from azext_sentinel.generated._client_factory import cf_alert_rule_template
sentinel_alert_rule_template = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_template_operations#AlertR'
'uleTemplateOperations.{}',
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_templates_operations#Alert'
'RuleTemplatesOperations.{}',
client_factory=cf_alert_rule_template)
with self.command_group('sentinel alert-rule-template', sentinel_alert_rule_template,
client_factory=cf_alert_rule_template, is_experimental=True) as g:
client_factory=cf_alert_rule_template) as g:
g.custom_command('list', 'sentinel_alert_rule_template_list')
g.custom_show_command('show', 'sentinel_alert_rule_template_show')

from azext_sentinel.generated._client_factory import cf_bookmark
sentinel_bookmark = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._bookmark_operations#BookmarkOperation'
's.{}',
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._bookmarks_operations#BookmarksOperati'
'ons.{}',
client_factory=cf_bookmark)
with self.command_group('sentinel bookmark', sentinel_bookmark, client_factory=cf_bookmark,
is_experimental=True) as g:
with self.command_group('sentinel bookmark', sentinel_bookmark, client_factory=cf_bookmark) as g:
g.custom_command('list', 'sentinel_bookmark_list')
g.custom_show_command('show', 'sentinel_bookmark_show')
g.custom_command('create', 'sentinel_bookmark_create')
g.custom_command('update', 'sentinel_bookmark_update')
g.generic_update_command('update', setter_arg_name='bookmark', custom_func_name='sentinel_bookmark_update')
g.custom_command('delete', 'sentinel_bookmark_delete', confirmation=True)

from azext_sentinel.generated._client_factory import cf_data_connector
sentinel_data_connector = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._data_connector_operations#DataConnect'
'orOperations.{}',
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._data_connectors_operations#DataConnec'
'torsOperations.{}',
client_factory=cf_data_connector)
with self.command_group('sentinel data-connector', sentinel_data_connector, client_factory=cf_data_connector,
is_experimental=True) as g:
with self.command_group('sentinel data-connector', sentinel_data_connector,
client_factory=cf_data_connector) as g:
g.custom_command('list', 'sentinel_data_connector_list')
g.custom_show_command('show', 'sentinel_data_connector_show')
g.custom_command('create', 'sentinel_data_connector_create')
g.generic_update_command('update', setter_arg_name='data_connector', custom_func_name=''
'sentinel_data_connector_update')
g.custom_command('update', 'sentinel_data_connector_update')
g.custom_command('delete', 'sentinel_data_connector_delete', confirmation=True)

from azext_sentinel.generated._client_factory import cf_incident
sentinel_incident = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_operations#IncidentOperation'
's.{}',
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incidents_operations#IncidentsOperati'
'ons.{}',
client_factory=cf_incident)
with self.command_group('sentinel incident', sentinel_incident, client_factory=cf_incident,
is_experimental=True) as g:
with self.command_group('sentinel incident', sentinel_incident, client_factory=cf_incident) as g:
g.custom_command('list', 'sentinel_incident_list')
g.custom_show_command('show', 'sentinel_incident_show')
g.custom_command('create', 'sentinel_incident_create')
g.custom_command('update', 'sentinel_incident_update')
g.generic_update_command('update', setter_arg_name='incident', custom_func_name='sentinel_incident_update')
g.custom_command('delete', 'sentinel_incident_delete', confirmation=True)

from azext_sentinel.generated._client_factory import cf_incident_comment
sentinel_incident_comment = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_comment_operations#IncidentC'
'ommentOperations.{}',
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_comments_operations#Incident'
'CommentsOperations.{}',
client_factory=cf_incident_comment)
with self.command_group('sentinel incident-comment', sentinel_incident_comment, client_factory=cf_incident_comment,
is_experimental=True) as g:
with self.command_group('sentinel incident-comment', sentinel_incident_comment,
client_factory=cf_incident_comment) as g:
g.custom_command('list', 'sentinel_incident_comment_list')
g.custom_show_command('show', 'sentinel_incident_comment_show')
g.custom_command('create', 'sentinel_incident_comment_create')

with self.command_group('sentinel', is_experimental=True):
pass
Loading