From 4539185cebfa0091eb7fb999b2e6a26f76890ece Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Mon, 28 Feb 2022 07:33:29 +0000 Subject: [PATCH] CodeGen from PR 17924 in Azure/azure-rest-api-specs Dev securityinsights microsoft.security insights 2021 10 01 (#17924) * Adds base for updating Microsoft.SecurityInsights from version stable/2021-04-01 to version 2021-10-01 * Updates readme * Updates API version in new specs and examples * Add AlertRules to microsoft.security insights 2021 10 01 (#15657) * Adds base for updating Microsoft.SecurityInsight's AlertRules from version stable/2020-01-01 to version 2021-10-01 * Updates API version in AlertRules specs and examples * Use common types in AlertRules.json and remove redundant SecurityInsights * Add AlertRules to readme * Copy action examples for alert rules * Add type:object where missing * Align CloudError with rest of the resources in this version * Update readme Co-authored-by: Anat Gilenson * Use newest common types to align with rest of Azure (#16130) * Use newest common types to align with rest of Azure * Use ErrorResponse instead of CloudError in operations Co-authored-by: Anat Gilenson * Add AlertRules Stable version to 2021-10-01 (#16268) * Add AlertRules Stable version to 2021-10-01 * Fix missing alignment in common types * prettier fixes * move tactics and severity to common * fix common types file extension * more prettier fixes * Add template version field * prettier * added version to required fields * dummy change to trigger checks again * Add onboarding states to new stable version (#16290) * Add onboarding states to new stable version * Update readme.md * cr fix - remove unused params * Add missing resources 2021 10 01 (#16666) * Add missing resources and examples from 2020-01-01 * Update version in added resources and examples * Use existing common types * Remove unnesessary SecurityInsights.json * Update readme * Use sentinel common types in Incidents and Watchlist * Extract and common IncidentInfo and IncidentSeverity * Extract EntityTypes * Correct double allOf in EntityTypes * update readme * Remove eventGroupingSettings and entityMappings from GetAlertRuleTemplateById example. * rename operations.json Co-authored-by: Anat Gilenson * Fix analytics templates model (#16689) * add missing properties to scheduled template * prettier fixes * restore templates example after merge * fix templates example after merge and run prettier * Use CloudError instead of ErrorResponse to align with preview versions and our back-end. (#17472) * Automation - Stable Version (#17491) * First * readMe * cloudError * CloudError * schema * prettier * Fix * test * fix identifier * fix description * fix lable * fix lable * ownerInfo * Fix * types * conditionMaxLength Co-authored-by: Roy Reinhorn * Done (#17728) Co-authored-by: Roy Reinhorn * Correct 2021 10 01 (#17830) * Remove OperationalInsightsResourceProvider parameter in ThreatIntelligence * Remove OperationalInsightProviderParameter from Watchlist * Align stable operation names with preview * Add missing disciminator property in ThreatIntelligence * Done (#17844) Co-authored-by: Roy Reinhorn * Align enum names with preview (#17831) * Fix 2021 10 01 validation errors (#17937) * Add x-ms-identifiers to all arrays * Add operations_list example * Add x-ms-identifier in all arrays * Run prettier * Fix spelling error * Add isDataAction to operation schema (#18018) Co-authored-by: Anat Gilenson Co-authored-by: laithhisham <49263932+laithhisham@users.noreply.github.com> Co-authored-by: royrein <37300636+royrein@users.noreply.github.com> Co-authored-by: Roy Reinhorn Co-authored-by: Arthur Ning <57385816+akning-ms@users.noreply.github.com> --- .../arm-securityinsight/CHANGELOG.md | 107 + .../arm-securityinsight/_meta.json | 8 +- .../arm-securityinsight/api-extractor.json | 25 +- .../arm-securityinsight/package.json | 23 +- .../review/arm-securityinsight.api.md | 391 ++- .../arm-securityinsight/src/models/index.ts | 1836 ++++++----- .../arm-securityinsight/src/models/mappers.ts | 2804 ++++++++++------- .../src/models/parameters.ts | 255 +- .../src/operations/automationRules.ts | 101 +- .../src/operations/dataConnectors.ts | 4 +- .../src/operations/entities.ts | 2 +- .../src/operations/entityQueries.ts | 4 +- .../src/operations/incidentRelations.ts | 12 +- .../src/operations/incidents.ts | 48 + .../src/operations/index.ts | 14 +- .../operationsInterfaces/automationRules.ts | 7 +- .../src/operationsInterfaces/incidents.ts | 15 + .../src/operationsInterfaces/index.ts | 14 +- .../src/securityInsights.ts | 70 +- .../arm-securityinsight/tsconfig.json | 16 +- sdk/securityinsight/ci.mgmt.yml | 7 +- 21 files changed, 3518 insertions(+), 2245 deletions(-) diff --git a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md index b31724782786..c619d97ea89d 100644 --- a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md +++ b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md @@ -1,5 +1,112 @@ # Release History +## 1.0.0-beta.2 (2022-02-28) + +**Features** + + - Added operation Incidents.runPlaybook + - Added Interface AutomationRulePropertyValuesCondition + - Added Interface BookmarkEntityMappings + - Added Interface EntityFieldMapping + - Added Interface FusionScenarioExclusionPattern + - Added Interface FusionSourceSettings + - Added Interface FusionSourceSubTypeSetting + - Added Interface FusionSubTypeSeverityFilter + - Added Interface FusionSubTypeSeverityFiltersItem + - Added Interface FusionTemplateSourceSetting + - Added Interface FusionTemplateSourceSubType + - Added Interface FusionTemplateSubTypeSeverityFilter + - Added Interface IncidentPropertiesAction + - Added Interface IncidentsRunPlaybookOptionalParams + - Added Interface ManualTriggerRequestBody + - Added Interface Office365ProjectConnectorDataTypes + - Added Interface OfficePowerBIConnectorDataTypes + - Added Interface PlaybookActionProperties + - Added Type Alias ActionType + - Added Type Alias AlertRuleTemplateWithMitreProperties + - Added Type Alias AutomationRulesDeleteResponse + - Added Type Alias ConditionType + - Added Type Alias Enum12 + - Added Type Alias IncidentsRunPlaybookResponse + - Added Type Alias Office365ProjectCheckRequirements + - Added Type Alias Office365ProjectCheckRequirementsProperties + - Added Type Alias Office365ProjectConnectorDataTypesLogs + - Added Type Alias Office365ProjectDataConnector + - Added Type Alias Office365ProjectDataConnectorProperties + - Added Type Alias OfficePowerBICheckRequirements + - Added Type Alias OfficePowerBICheckRequirementsProperties + - Added Type Alias OfficePowerBIConnectorDataTypesLogs + - Added Type Alias OfficePowerBIDataConnector + - Added Type Alias OfficePowerBIDataConnectorProperties + - Added Type Alias PropertyConditionProperties + - Added Type Alias ThreatIntelligenceResourceKindUnion + - Interface AutomationRulesCreateOrUpdateOptionalParams has a new optional parameter automationRuleToUpsert + - Interface IncidentAdditionalData has a new optional parameter providerIncidentUrl + - Interface IncidentAdditionalData has a new optional parameter techniques + - Interface QueryBasedAlertRuleProperties has a new optional parameter techniques + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias FusionAlertRuleTemplateProperties + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias MLBehaviorAnalyticsAlertRuleTemplateProperties + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias NrtAlertRuleTemplateProperties + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias ScheduledAlertRuleTemplateProperties + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias ThreatIntelligenceAlertRuleTemplateProperties + - Type Alias Bookmark has a new parameter entityMappings + - Type Alias Bookmark has a new parameter tactics + - Type Alias Bookmark has a new parameter techniques + - Type Alias FusionAlertRule has a new parameter sourceSettings + - Type Alias FusionAlertRule has a new parameter scenarioExclusionPatterns + - Type Alias FusionAlertRule has a new parameter techniques + - Type Alias FusionAlertRuleTemplate has a new parameter techniques + - Type Alias FusionAlertRuleTemplate has a new parameter sourceSettings + - Type Alias FusionAlertRuleTemplateProperties has a new parameter sourceSettings + - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter displayNamesFilter + - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter displayNamesExcludeFilter + - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter productFilter + - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter severitiesFilter + - Type Alias MLBehaviorAnalyticsAlertRule has a new parameter techniques + - Type Alias MLBehaviorAnalyticsAlertRuleTemplate has a new parameter techniques + - Type Alias NrtAlertRule has a new parameter techniques + - Type Alias NrtAlertRuleTemplate has a new parameter techniques + - Type Alias ScheduledAlertRule has a new parameter techniques + - Type Alias ScheduledAlertRuleTemplate has a new parameter techniques + - Type Alias ThreatIntelligenceAlertRule has a new parameter techniques + - Type Alias ThreatIntelligenceAlertRuleTemplate has a new parameter techniques + - Added Enum KnownActionType + - Added Enum KnownConditionType + - Added Enum KnownEnum12 + - Enum KnownAttackTactic has a new value ImpairProcessControl + - Enum KnownAttackTactic has a new value InhibitResponseFunction + - Enum KnownAttackTactic has a new value Reconnaissance + - Enum KnownAttackTactic has a new value ResourceDevelopment + - Enum KnownAutomationRulePropertyConditionSupportedProperty has a new value AlertProductNames + - Enum KnownAutomationRulePropertyConditionSupportedProperty has a new value IncidentLabel + - Enum KnownDataConnectorKind has a new value Office365Project + - Enum KnownDataConnectorKind has a new value OfficePowerBI + +**Breaking Changes** + + - Operation AutomationRules.createOrUpdate has a new signature + - Interface QueryBasedAlertRuleTemplateProperties no longer has parameter tactics + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias FusionAlertRuleTemplateProperties + - Delete parameters of MicrosoftSecurityIncidentCreationAlertRuleCommonProperties in TypeAlias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias MLBehaviorAnalyticsAlertRuleTemplateProperties + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias NrtAlertRuleTemplateProperties + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias ScheduledAlertRuleTemplateProperties + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias ThreatIntelligenceAlertRuleTemplateProperties + - Type Alias FusionAlertRuleTemplateProperties no longer has parameter tactics + - Type Alias MLBehaviorAnalyticsAlertRuleTemplateProperties no longer has parameter tactics + - Type Alias ThreatIntelligenceAlertRuleTemplateProperties no longer has parameter tactics + - Type Alias ThreatIntelligenceIndicatorModel has a new parameter kind + - Type Alias ThreatIntelligenceIndicatorModelForRequestBody has a new parameter kind + - Type Alias ThreatIntelligenceInformation has a new parameter kind + - Parameter displayName of Type Alias AutomationRule is now required + - Parameter order of Type Alias AutomationRule is now required + - Parameter triggeringLogic of Type Alias AutomationRule is now required + - Parameter actions of Type Alias AutomationRule is now required + - Removed Enum KnownAutomationRuleActionType + - Removed Enum KnownAutomationRuleConditionType + - Removed Enum KnownEnum8 + + ## 1.0.0-beta.1 (2022-01-19) The package of @azure/arm-securityinsight is using our next generation design principles. To learn more, please refer to our documentation [Quick Start](https://aka.ms/js-track2-quickstart). diff --git a/sdk/securityinsight/arm-securityinsight/_meta.json b/sdk/securityinsight/arm-securityinsight/_meta.json index 55f48480abfc..82c9b6ff67e5 100644 --- a/sdk/securityinsight/arm-securityinsight/_meta.json +++ b/sdk/securityinsight/arm-securityinsight/_meta.json @@ -1,7 +1,7 @@ { - "commit": "1b0a465061c68175898f8f5d27f0301f42ce994c", + "commit": "3284dc9bdbda05f84e0fa0b1a2f7ba5d138c504b", "readme": "specification/securityinsights/resource-manager/readme.md", - "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=D:\\mydev\\azure-sdk-for-js ../azure-rest-api-specs/specification/iotspaces/resource-manager/readme.md --use=@autorest/typescript@6.0.0-alpha.16.20220114.1 --generate-sample=true", + "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=/home/vsts/work/1/s/azure-sdk-for-js ../azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md --use=@autorest/typescript@6.0.0-alpha.16.20220105.1", "repository_url": "https://github.com/Azure/azure-rest-api-specs.git", - "use": "@autorest/typescript@6.0.0-alpha.16.20220114.1" -} + "use": "@autorest/typescript@6.0.0-alpha.16.20220105.1" +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/api-extractor.json b/sdk/securityinsight/arm-securityinsight/api-extractor.json index c343bf73e921..ba4f20f727f2 100644 --- a/sdk/securityinsight/arm-securityinsight/api-extractor.json +++ b/sdk/securityinsight/arm-securityinsight/api-extractor.json @@ -1,18 +1,31 @@ { "$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json", "mainEntryPointFilePath": "./dist-esm/src/index.d.ts", - "docModel": { "enabled": true }, - "apiReport": { "enabled": true, "reportFolder": "./review" }, + "docModel": { + "enabled": true + }, + "apiReport": { + "enabled": true, + "reportFolder": "./review" + }, "dtsRollup": { "enabled": true, "untrimmedFilePath": "", "publicTrimmedFilePath": "./types/arm-securityinsight.d.ts" }, "messages": { - "tsdocMessageReporting": { "default": { "logLevel": "none" } }, + "tsdocMessageReporting": { + "default": { + "logLevel": "none" + } + }, "extractorMessageReporting": { - "ae-missing-release-tag": { "logLevel": "none" }, - "ae-unresolved-link": { "logLevel": "none" } + "ae-missing-release-tag": { + "logLevel": "none" + }, + "ae-unresolved-link": { + "logLevel": "none" + } } } -} +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/package.json b/sdk/securityinsight/arm-securityinsight/package.json index 60b9c83bbb72..764262587022 100644 --- a/sdk/securityinsight/arm-securityinsight/package.json +++ b/sdk/securityinsight/arm-securityinsight/package.json @@ -4,7 +4,9 @@ "author": "Microsoft Corporation", "description": "A generated SDK for SecurityInsights.", "version": "1.0.0-beta.1", - "engines": { "node": ">=12.0.0" }, + "engines": { + "node": ">=12.0.0" + }, "dependencies": { "@azure/core-paging": "^1.2.0", "@azure/core-client": "^1.0.0", @@ -12,7 +14,13 @@ "@azure/core-rest-pipeline": "^1.1.0", "tslib": "^2.2.0" }, - "keywords": ["node", "azure", "typescript", "browser", "isomorphic"], + "keywords": [ + "node", + "azure", + "typescript", + "browser", + "isomorphic" + ], "license": "MIT", "main": "./dist/index.js", "module": "./dist-esm/src/index.js", @@ -39,7 +47,9 @@ "type": "git", "url": "https://github.com/Azure/azure-sdk-for-js.git" }, - "bugs": { "url": "https://github.com/Azure/azure-sdk-for-js/issues" }, + "bugs": { + "url": "https://github.com/Azure/azure-sdk-for-js/issues" + }, "files": [ "dist/**/*.js", "dist/**/*.js.map", @@ -86,10 +96,5 @@ "docs": "echo skipped" }, "sideEffects": false, - "//metadata": { - "constantPaths": [ - { "path": "src/SecurityInsights.ts", "prefix": "packageDetails" } - ] - }, "autoPublish": true -} +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md index 0c10f5865d27..b3d4d32442d9 100644 --- a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md +++ b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md @@ -153,6 +153,9 @@ export interface ActionsListByAlertRuleOptionalParams extends coreClient.Operati // @public export type ActionsListByAlertRuleResponse = ActionsList; +// @public +export type ActionType = string; + // @public export type ActivityCustomEntityQuery = CustomEntityQuery & { title?: string; @@ -347,6 +350,12 @@ export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList; // @public (undocumented) export type AlertRuleTemplateUnion = AlertRuleTemplate | MLBehaviorAnalyticsAlertRuleTemplate | FusionAlertRuleTemplate | ThreatIntelligenceAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate | NrtAlertRuleTemplate; +// @public +export type AlertRuleTemplateWithMitreProperties = AlertRuleTemplatePropertiesBase & { + tactics?: AttackTactic[]; + techniques?: string[]; +}; + // @public (undocumented) export type AlertRuleUnion = AlertRule | MLBehaviorAnalyticsAlertRule | FusionAlertRule | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule | NrtAlertRule; @@ -389,99 +398,74 @@ export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & { // @public export type AttackTactic = string; -// @public +// @public (undocumented) export type AutomationRule = ResourceWithEtag & { - displayName?: string; - order?: number; - triggeringLogic?: AutomationRuleTriggeringLogic; - actions?: AutomationRuleActionUnion[]; - readonly createdTimeUtc?: Date; + displayName: string; + order: number; + triggeringLogic: AutomationRuleTriggeringLogic; + actions: AutomationRuleActionUnion[]; readonly lastModifiedTimeUtc?: Date; - readonly createdBy?: ClientInfo; + readonly createdTimeUtc?: Date; readonly lastModifiedBy?: ClientInfo; + readonly createdBy?: ClientInfo; }; // @public export interface AutomationRuleAction { - actionType: "RunPlaybook" | "ModifyProperties"; + actionType: "ModifyProperties" | "RunPlaybook"; + // (undocumented) order: number; } -// @public -export type AutomationRuleActionType = string; - // @public (undocumented) -export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleRunPlaybookAction | AutomationRuleModifyPropertiesAction; +export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookAction; // @public export interface AutomationRuleCondition { conditionType: "Property"; } -// @public -export type AutomationRuleConditionType = string; - // @public (undocumented) -export type AutomationRuleConditionUnion = AutomationRuleCondition | AutomationRulePropertyValuesCondition; +export type AutomationRuleConditionUnion = AutomationRuleCondition | PropertyConditionProperties; // @public export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { actionType: "ModifyProperties"; - actionConfiguration: AutomationRuleModifyPropertiesActionConfiguration; + actionConfiguration?: IncidentPropertiesAction; }; -// @public -export interface AutomationRuleModifyPropertiesActionConfiguration { - classification?: IncidentClassification; - classificationComment?: string; - classificationReason?: IncidentClassificationReason; - labels?: IncidentLabel[]; - owner?: IncidentOwnerInfo; - severity?: IncidentSeverity; - status?: IncidentStatus; -} - // @public export type AutomationRulePropertyConditionSupportedOperator = string; // @public export type AutomationRulePropertyConditionSupportedProperty = string; -// @public -export type AutomationRulePropertyValuesCondition = AutomationRuleCondition & { - conditionType: "Property"; - conditionProperties: AutomationRulePropertyValuesConditionProperties; -}; - -// @public -export interface AutomationRulePropertyValuesConditionProperties { +// @public (undocumented) +export interface AutomationRulePropertyValuesCondition { + // (undocumented) operator?: AutomationRulePropertyConditionSupportedOperator; propertyName?: AutomationRulePropertyConditionSupportedProperty; + // (undocumented) propertyValues?: string[]; } // @public export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { actionType: "RunPlaybook"; - actionConfiguration: AutomationRuleRunPlaybookActionConfiguration; + actionConfiguration?: PlaybookActionProperties; }; -// @public -export interface AutomationRuleRunPlaybookActionConfiguration { - logicAppResourceId?: string; - tenantId?: string; -} - // @public export interface AutomationRules { - createOrUpdate(resourceGroupName: string, workspaceName: string, automationRuleId: string, automationRule: AutomationRule, options?: AutomationRulesCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams): Promise; + createOrUpdate(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams): Promise; get(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesGetOptionalParams): Promise; list(resourceGroupName: string, workspaceName: string, options?: AutomationRulesListOptionalParams): PagedAsyncIterableIterator; } // @public export interface AutomationRulesCreateOrUpdateOptionalParams extends coreClient.OperationOptions { + automationRuleToUpsert?: AutomationRule; } // @public @@ -491,6 +475,9 @@ export type AutomationRulesCreateOrUpdateResponse = AutomationRule; export interface AutomationRulesDeleteOptionalParams extends coreClient.OperationOptions { } +// @public +export type AutomationRulesDeleteResponse = Record; + // @public export interface AutomationRulesGetOptionalParams extends coreClient.OperationOptions { } @@ -498,10 +485,12 @@ export interface AutomationRulesGetOptionalParams extends coreClient.OperationOp // @public export type AutomationRulesGetResponse = AutomationRule; -// @public +// @public (undocumented) export interface AutomationRulesList { - readonly nextLink?: string; - value: AutomationRule[]; + // (undocumented) + nextLink?: string; + // (undocumented) + value?: AutomationRule[]; } // @public @@ -523,7 +512,9 @@ export interface AutomationRuleTriggeringLogic { conditions?: AutomationRuleConditionUnion[]; expirationTimeUtc?: Date; isEnabled: boolean; + // (undocumented) triggersOn: TriggersOn; + // (undocumented) triggersWhen: TriggersWhen; } @@ -604,8 +595,17 @@ export type Bookmark = ResourceWithEtag & { queryStartTime?: Date; queryEndTime?: Date; incidentInfo?: IncidentInfo; + entityMappings?: BookmarkEntityMappings[]; + tactics?: AttackTactic[]; + techniques?: string[]; }; +// @public +export interface BookmarkEntityMappings { + entityType?: string; + fieldMappings?: EntityFieldMapping[]; +} + // @public export type BookmarkExpandOperationResponse = BookmarkExpandResponse; @@ -886,6 +886,9 @@ export type CodelessUiDataConnector = DataConnector & { connectorUiConfig?: CodelessUiConnectorConfigProperties; }; +// @public +export type ConditionType = string; + // @public export type ConfidenceLevel = string; @@ -1004,7 +1007,7 @@ export interface DataConnectors { // @public export interface DataConnectorsCheckRequirements { - kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "ThreatIntelligence" | "ThreatIntelligenceTaxii"; + kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "Office365Project" | "OfficePowerBI" | "ThreatIntelligence" | "ThreatIntelligenceTaxii"; } // @public @@ -1020,7 +1023,7 @@ export interface DataConnectorsCheckRequirementsPostOptionalParams extends coreC export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; // @public (undocumented) -export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements; +export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | Office365ProjectCheckRequirements | OfficePowerBICheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements; // @public export interface DataConnectorsConnectOptionalParams extends coreClient.OperationOptions { @@ -1068,7 +1071,7 @@ export interface DataConnectorTenantId { } // @public (undocumented) -export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector; +export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | Office365ProjectDataConnector | OfficePowerBIDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector; // @public export interface DataConnectorWithAlertsProperties { @@ -1358,6 +1361,12 @@ export interface EntityExpandResponseValue { entities?: EntityUnion[]; } +// @public +export interface EntityFieldMapping { + identifier?: string; + value?: string; +} + // @public export interface EntityGetInsightsParameters { addDefaultExtendedTimeRange?: boolean; @@ -1435,7 +1444,7 @@ export type EntityQueriesGetResponse = EntityQueryUnion; // @public export interface EntityQueriesListNextOptionalParams extends coreClient.OperationOptions { - kind?: Enum8; + kind?: Enum12; } // @public @@ -1443,7 +1452,7 @@ export type EntityQueriesListNextResponse = EntityQueryList; // @public export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions { - kind?: Enum8; + kind?: Enum12; } // @public @@ -1578,27 +1587,7 @@ export type EntityType = string; export type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity; // @public -export type Enum8 = string; - -// @public -export interface ErrorAdditionalInfo { - readonly info?: Record; - readonly type?: string; -} - -// @public -export interface ErrorDetail { - readonly additionalInfo?: ErrorAdditionalInfo[]; - readonly code?: string; - readonly details?: ErrorDetail[]; - readonly message?: string; - readonly target?: string; -} - -// @public -export interface ErrorResponse { - error?: ErrorDetail; -} +export type Enum12 = string; // @public export type EventGroupingAggregationKind = string; @@ -1687,9 +1676,12 @@ export type FusionAlertRule = AlertRule & { readonly description?: string; readonly displayName?: string; enabled?: boolean; + sourceSettings?: FusionSourceSettings[]; + scenarioExclusionPatterns?: FusionScenarioExclusionPattern[]; readonly lastModifiedUtc?: Date; readonly severity?: AlertSeverity; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; }; // @public @@ -1701,16 +1693,70 @@ export type FusionAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; - severity?: AlertSeverity; tactics?: AttackTactic[]; + techniques?: string[]; + severity?: AlertSeverity; + sourceSettings?: FusionTemplateSourceSetting[]; }; // @public -export type FusionAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - severity: AlertSeverity; - tactics?: AttackTactic[]; +export type FusionAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { + severity?: AlertSeverity; + sourceSettings?: FusionTemplateSourceSetting[]; }; +// @public +export interface FusionScenarioExclusionPattern { + dateAddedInUTC: string; + exclusionPattern: string; +} + +// @public +export interface FusionSourceSettings { + enabled: boolean; + sourceName: string; + sourceSubTypes?: FusionSourceSubTypeSetting[]; +} + +// @public +export interface FusionSourceSubTypeSetting { + enabled: boolean; + severityFilters: FusionSubTypeSeverityFilter; + readonly sourceSubTypeDisplayName?: string; + sourceSubTypeName: string; +} + +// @public +export interface FusionSubTypeSeverityFilter { + filters?: FusionSubTypeSeverityFiltersItem[]; + readonly isSupported?: boolean; +} + +// @public +export interface FusionSubTypeSeverityFiltersItem { + enabled: boolean; + severity: AlertSeverity; +} + +// @public +export interface FusionTemplateSourceSetting { + sourceName: string; + sourceSubTypes?: FusionTemplateSourceSubType[]; +} + +// @public +export interface FusionTemplateSourceSubType { + severityFilter: FusionTemplateSubTypeSeverityFilter; + readonly sourceSubTypeDisplayName?: string; + sourceSubTypeName: string; +} + +// @public +export interface FusionTemplateSubTypeSeverityFilter { + isSupported: boolean; + severityFilters?: AlertSeverity[]; +} + // @public export interface GeoLocation { readonly asn?: number; @@ -1852,7 +1898,9 @@ export interface IncidentAdditionalData { readonly alertsCount?: number; readonly bookmarksCount?: number; readonly commentsCount?: number; + readonly providerIncidentUrl?: string; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; } // @public @@ -1983,6 +2031,17 @@ export interface IncidentOwnerInfo { userPrincipalName?: string; } +// @public (undocumented) +export interface IncidentPropertiesAction { + classification?: IncidentClassification; + classificationComment?: string; + classificationReason?: IncidentClassificationReason; + labels?: IncidentLabel[]; + owner?: IncidentOwnerInfo; + severity?: IncidentSeverity; + status?: IncidentStatus; +} + // @public export interface IncidentRelations { createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Relation, options?: IncidentRelationsCreateOrUpdateOptionalParams): Promise; @@ -2041,6 +2100,7 @@ export interface Incidents { listAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListAlertsOptionalParams): Promise; listBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListBookmarksOptionalParams): Promise; listEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListEntitiesOptionalParams): Promise; + runPlaybook(resourceGroupName: string, workspaceName: string, incidentIdentifier: string, options?: IncidentsRunPlaybookOptionalParams): Promise; } // @public @@ -2114,6 +2174,15 @@ export interface IncidentsListOptionalParams extends coreClient.OperationOptions // @public export type IncidentsListResponse = IncidentList; +// @public +export interface IncidentsRunPlaybookOptionalParams extends coreClient.OperationOptions { + // (undocumented) + requestBody?: ManualTriggerRequestBody; +} + +// @public +export type IncidentsRunPlaybookResponse = Record; + // @public export type IncidentStatus = string; @@ -2283,6 +2352,12 @@ export type KillChainIntent = string; // @public export type Kind = string; +// @public +export enum KnownActionType { + ModifyProperties = "ModifyProperties", + RunPlaybook = "RunPlaybook" +} + // @public export enum KnownAlertDetail { DisplayName = "DisplayName", @@ -2349,6 +2424,10 @@ export enum KnownAttackTactic { // (undocumented) Impact = "Impact", // (undocumented) + ImpairProcessControl = "ImpairProcessControl", + // (undocumented) + InhibitResponseFunction = "InhibitResponseFunction", + // (undocumented) InitialAccess = "InitialAccess", // (undocumented) LateralMovement = "LateralMovement", @@ -2357,18 +2436,11 @@ export enum KnownAttackTactic { // (undocumented) PreAttack = "PreAttack", // (undocumented) - PrivilegeEscalation = "PrivilegeEscalation" -} - -// @public -export enum KnownAutomationRuleActionType { - ModifyProperties = "ModifyProperties", - RunPlaybook = "RunPlaybook" -} - -// @public -export enum KnownAutomationRuleConditionType { - Property = "Property" + PrivilegeEscalation = "PrivilegeEscalation", + // (undocumented) + Reconnaissance = "Reconnaissance", + // (undocumented) + ResourceDevelopment = "ResourceDevelopment" } // @public @@ -2393,6 +2465,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { AccountPuid = "AccountPUID", AccountSid = "AccountSid", AccountUPNSuffix = "AccountUPNSuffix", + AlertProductNames = "AlertProductNames", AzureResourceResourceId = "AzureResourceResourceId", AzureResourceSubscriptionId = "AzureResourceSubscriptionId", CloudApplicationAppId = "CloudApplicationAppId", @@ -2407,6 +2480,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { HostNTDomain = "HostNTDomain", HostOSVersion = "HostOSVersion", IncidentDescription = "IncidentDescription", + IncidentLabel = "IncidentLabel", IncidentProviderName = "IncidentProviderName", IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", IncidentSeverity = "IncidentSeverity", @@ -2439,6 +2513,11 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { Url = "Url" } +// @public +export enum KnownConditionType { + Property = "Property" +} + // @public export enum KnownConfidenceLevel { High = "High", @@ -2533,10 +2612,14 @@ export enum KnownDataConnectorKind { // (undocumented) Office365 = "Office365", // (undocumented) + Office365Project = "Office365Project", + // (undocumented) OfficeATP = "OfficeATP", // (undocumented) OfficeIRM = "OfficeIRM", // (undocumented) + OfficePowerBI = "OfficePowerBI", + // (undocumented) ThreatIntelligence = "ThreatIntelligence", // (undocumented) ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii" @@ -2661,7 +2744,7 @@ export enum KnownEntityType { } // @public -export enum KnownEnum8 { +export enum KnownEnum12 { // (undocumented) Activity = "Activity", // (undocumented) @@ -3145,6 +3228,14 @@ export type MalwareEntityProperties = EntityCommonProperties & { readonly processEntityIds?: string[]; }; +// @public (undocumented) +export interface ManualTriggerRequestBody { + // (undocumented) + logicAppsResourceId?: string; + // (undocumented) + tenantId?: string; +} + // @public export type MatchingMethod = string; @@ -3369,7 +3460,12 @@ export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTempla }; // @public -export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {}; +export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { + displayNamesFilter?: string[]; + displayNamesExcludeFilter?: string[]; + productFilter?: MicrosoftSecurityProductName; + severitiesFilter?: AlertSeverity[]; +}; // @public export type MicrosoftSecurityProductName = string; @@ -3383,6 +3479,7 @@ export type MLBehaviorAnalyticsAlertRule = AlertRule & { readonly lastModifiedUtc?: Date; readonly severity?: AlertSeverity; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; }; // @public @@ -3394,14 +3491,14 @@ export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; - severity?: AlertSeverity; tactics?: AttackTactic[]; + techniques?: string[]; + severity?: AlertSeverity; }; // @public -export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { +export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { severity: AlertSeverity; - tactics?: AttackTactic[]; }; // @public @@ -3474,13 +3571,14 @@ export type NrtAlertRule = AlertRule & { templateVersion?: string; description?: string; query?: string; + tactics?: AttackTactic[]; + techniques?: string[]; displayName?: string; enabled?: boolean; readonly lastModifiedUtc?: Date; suppressionDuration?: string; suppressionEnabled?: boolean; severity?: AlertSeverity; - tactics?: AttackTactic[]; incidentConfiguration?: IncidentConfiguration; customDetails?: { [propertyName: string]: string; @@ -3501,9 +3599,10 @@ export type NrtAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; + tactics?: AttackTactic[]; + techniques?: string[]; query?: string; severity?: AlertSeverity; - tactics?: AttackTactic[]; version?: string; customDetails?: { [propertyName: string]: string; @@ -3513,7 +3612,35 @@ export type NrtAlertRuleTemplate = AlertRuleTemplate & { }; // @public -export type NrtAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & {}; +export type NrtAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & {}; + +// @public +export type Office365ProjectCheckRequirements = DataConnectorsCheckRequirements & { + kind: "Office365Project"; + tenantId?: string; +}; + +// @public +export type Office365ProjectCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export interface Office365ProjectConnectorDataTypes { + logs: Office365ProjectConnectorDataTypesLogs; +} + +// @public +export type Office365ProjectConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +// @public +export type Office365ProjectDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: Office365ProjectConnectorDataTypes; +}; + +// @public +export type Office365ProjectDataConnectorProperties = DataConnectorTenantId & { + dataTypes: Office365ProjectConnectorDataTypes; +}; // @public export type OfficeATPCheckRequirements = DataConnectorsCheckRequirements & { @@ -3622,6 +3749,34 @@ export type OfficeIRMDataConnector = DataConnector & { // @public export type OfficeIRMDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; +// @public +export type OfficePowerBICheckRequirements = DataConnectorsCheckRequirements & { + kind: "OfficePowerBI"; + tenantId?: string; +}; + +// @public +export type OfficePowerBICheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export interface OfficePowerBIConnectorDataTypes { + logs: OfficePowerBIConnectorDataTypesLogs; +} + +// @public +export type OfficePowerBIConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +// @public +export type OfficePowerBIDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: OfficePowerBIConnectorDataTypes; +}; + +// @public +export type OfficePowerBIDataConnectorProperties = DataConnectorTenantId & { + dataTypes: OfficePowerBIConnectorDataTypes; +}; + // @public export interface Operation { display?: OperationDisplay; @@ -3691,6 +3846,12 @@ export type PermissionsCustomsItem = Customs & {}; // @public (undocumented) export type PermissionsResourceProviderItem = ResourceProvider & {}; +// @public (undocumented) +export interface PlaybookActionProperties { + logicAppResourceId?: string; + tenantId?: string; +} + // @public export type PollingFrequency = string; @@ -3757,6 +3918,12 @@ export interface ProductSettingsUpdateOptionalParams extends coreClient.Operatio // @public export type ProductSettingsUpdateResponse = SettingsUnion; +// @public +export type PropertyConditionProperties = AutomationRuleCondition & { + conditionType: "Property"; + conditionProperties?: AutomationRulePropertyValuesCondition; +}; + // @public export type ProviderName = string; @@ -3778,6 +3945,7 @@ export interface QueryBasedAlertRuleProperties { suppressionDuration: string; suppressionEnabled: boolean; tactics?: AttackTactic[]; + techniques?: string[]; templateVersion?: string; } @@ -3790,7 +3958,6 @@ export interface QueryBasedAlertRuleTemplateProperties { entityMappings?: EntityMapping[]; query?: string; severity?: AlertSeverity; - tactics?: AttackTactic[]; version?: string; } @@ -3922,13 +4089,14 @@ export type ScheduledAlertRule = AlertRule & { templateVersion?: string; description?: string; query?: string; + tactics?: AttackTactic[]; + techniques?: string[]; displayName?: string; enabled?: boolean; readonly lastModifiedUtc?: Date; suppressionDuration?: string; suppressionEnabled?: boolean; severity?: AlertSeverity; - tactics?: AttackTactic[]; incidentConfiguration?: IncidentConfiguration; customDetails?: { [propertyName: string]: string; @@ -3958,9 +4126,10 @@ export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; + tactics?: AttackTactic[]; + techniques?: string[]; query?: string; severity?: AlertSeverity; - tactics?: AttackTactic[]; version?: string; customDetails?: { [propertyName: string]: string; @@ -3975,7 +4144,7 @@ export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { }; // @public -export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & ScheduledAlertRuleCommonProperties & {}; +export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & ScheduledAlertRuleCommonProperties & {}; // @public export type SecurityAlert = Entity & { @@ -4396,6 +4565,7 @@ export type ThreatIntelligenceAlertRule = AlertRule & { readonly lastModifiedUtc?: Date; readonly severity?: AlertSeverity; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; }; // @public @@ -4407,14 +4577,14 @@ export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; - severity?: AlertSeverity; tactics?: AttackTactic[]; + techniques?: string[]; + severity?: AlertSeverity; }; // @public -export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { +export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { severity: AlertSeverity; - tactics?: AttackTactic[]; }; // @public @@ -4511,6 +4681,7 @@ export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceM // @public export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { + kind: "indicator"; readonly additionalData?: { [propertyName: string]: Record; }; @@ -4549,6 +4720,7 @@ export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { // @public export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { + kind: "indicator"; etag?: string; readonly additionalData?: { [propertyName: string]: Record; @@ -4669,7 +4841,9 @@ export interface ThreatIntelligenceIndicatorsListOptionalParams extends coreClie export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList; // @public -export type ThreatIntelligenceInformation = ResourceWithEtag & ThreatIntelligenceResourceKind & {}; +export type ThreatIntelligenceInformation = ResourceWithEtag & ThreatIntelligenceResourceKind & { + kind: "ThreatIntelligenceInformation" | "indicator"; +}; // @public export interface ThreatIntelligenceInformationList { @@ -4724,12 +4898,15 @@ export interface ThreatIntelligenceParsedPatternTypeValue { // @public export interface ThreatIntelligenceResourceKind { - kind: ThreatIntelligenceResourceKindEnum; + kind: "indicator" | "ThreatIntelligenceInformation" | "indicator"; } // @public export type ThreatIntelligenceResourceKindEnum = string; +// @public (undocumented) +export type ThreatIntelligenceResourceKindUnion = ThreatIntelligenceResourceKind | ThreatIntelligenceIndicatorModelForRequestBody | ThreatIntelligenceInformationUnion; + // @public export interface ThreatIntelligenceSortingCriteria { itemKey?: string; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/index.ts b/sdk/securityinsight/arm-securityinsight/src/models/index.ts index 592c467dbfea..2b20df5b8609 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/index.ts @@ -10,17 +10,21 @@ import * as coreClient from "@azure/core-client"; export type AutomationRuleConditionUnion = | AutomationRuleCondition - | AutomationRulePropertyValuesCondition; + | PropertyConditionProperties; export type AutomationRuleActionUnion = | AutomationRuleAction - | AutomationRuleRunPlaybookAction - | AutomationRuleModifyPropertiesAction; + | AutomationRuleModifyPropertiesAction + | AutomationRuleRunPlaybookAction; export type EntityTimelineItemUnion = | EntityTimelineItem | ActivityTimelineItem | BookmarkTimelineItem | SecurityAlertTimelineItem; export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem; +export type ThreatIntelligenceResourceKindUnion = + | ThreatIntelligenceResourceKind + | ThreatIntelligenceIndicatorModelForRequestBody + | ThreatIntelligenceInformationUnion; export type DataConnectorsCheckRequirementsUnion = | DataConnectorsCheckRequirements | AADCheckRequirements @@ -35,6 +39,8 @@ export type DataConnectorsCheckRequirementsUnion = | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements + | Office365ProjectCheckRequirements + | OfficePowerBICheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements; export type AlertRuleTemplateUnion = @@ -107,6 +113,8 @@ export type DataConnectorUnion = | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector + | Office365ProjectDataConnector + | OfficePowerBIDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector @@ -214,26 +222,13 @@ export interface AlertRuleTemplatesList { value: AlertRuleTemplateUnion[]; } -/** List all the automation rules. */ -export interface AutomationRulesList { - /** - * URL to fetch the next set of automation rules. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of automation rules. */ - value: AutomationRule[]; -} - /** Describes automation rule triggering logic */ export interface AutomationRuleTriggeringLogic { - /** Determines whether the automation rule is enabled or disabled. */ + /** Determines whether the automation rule is enabled or disabled */ isEnabled: boolean; /** Determines when the automation rule should automatically expire and be disabled. */ expirationTimeUtc?: Date; - /** The type of object the automation rule triggers on */ triggersOn: TriggersOn; - /** The type of event the automation rule triggers on */ triggersWhen: TriggersWhen; /** The conditions to evaluate to determine if the automation rule should be triggered on a given object */ conditions?: AutomationRuleConditionUnion[]; @@ -248,8 +243,7 @@ export interface AutomationRuleCondition { /** Describes an automation rule action */ export interface AutomationRuleAction { /** Polymorphic discriminator, which specifies the different types this object can be */ - actionType: "RunPlaybook" | "ModifyProperties"; - /** The order of execution of the automation rule action */ + actionType: "ModifyProperties" | "RunPlaybook"; order: number; } @@ -265,10 +259,20 @@ export interface ClientInfo { userPrincipalName?: string; } +export interface AutomationRulesList { + value?: AutomationRule[]; + nextLink?: string; +} + +export interface ManualTriggerRequestBody { + tenantId?: string; + logicAppsResourceId?: string; +} + /** List all the bookmarks. */ export interface BookmarkList { /** - * URL to fetch the next set of cases. + * URL to fetch the next set of bookmarks. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; @@ -304,6 +308,22 @@ export interface IncidentInfo { relationName?: string; } +/** Describes the entity mappings of a single entity */ +export interface BookmarkEntityMappings { + /** The entity type */ + entityType?: string; + /** Array of fields mapping for that entity type */ + fieldMappings?: EntityFieldMapping[]; +} + +/** Map identifiers of a single entity */ +export interface EntityFieldMapping { + /** Alert V3 identifier */ + identifier?: string; + /** The value of the identifier */ + value?: string; +} + /** List of relations. */ export interface RelationList { /** @@ -485,17 +505,6 @@ export interface EnrichmentDomainWhoisContact { email?: string; } -/** List of all the entity queries. */ -export interface EntityQueryList { - /** - * URL to fetch the next set of entity queries. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of entity queries. */ - value: EntityQueryUnion[]; -} - /** List of all the entities. */ export interface EntityList { /** @@ -689,6 +698,28 @@ export interface InsightsTableResultColumnsItem { name?: string; } +/** List of all the entity queries. */ +export interface EntityQueryList { + /** + * URL to fetch the next set of entity queries. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of entity queries. */ + value: EntityQueryUnion[]; +} + +/** List of all the entity query templates. */ +export interface EntityQueryTemplateList { + /** + * URL to fetch the next set of entity query templates. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of entity query templates. */ + value: EntityQueryTemplateUnion[]; +} + /** List all the incidents. */ export interface IncidentList { /** @@ -722,11 +753,21 @@ export interface IncidentAdditionalData { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly alertProductNames?: string[]; + /** + * The provider incident url to the incident in Microsoft 365 Defender portal + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly providerIncidentUrl?: string; /** * The tactics associated with incident * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques associated with incident's tactics' + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; } /** Represents an incident label */ @@ -932,6 +973,17 @@ export interface MetadataCategories { verticals?: string[]; } +/** List of all the office365 consents. */ +export interface OfficeConsentList { + /** + * URL to fetch the next set of office consents. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of the consents. */ + value: OfficeConsent[]; +} + /** List of the Sentinel onboarding states */ export interface SentinelOnboardingStatesList { /** Array of Sentinel onboarding states */ @@ -998,135 +1050,6 @@ export interface ContentPathMap { path?: string; } -/** List all the watchlists. */ -export interface WatchlistList { - /** - * URL to fetch the next set of watchlists. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of watchlist. */ - value: Watchlist[]; -} - -/** List all the watchlist items. */ -export interface WatchlistItemList { - /** - * URL to fetch the next set of watchlist item. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of watchlist items. */ - value: WatchlistItem[]; -} - -/** List all the data connectors. */ -export interface DataConnectorList { - /** - * URL to fetch the next set of data connectors. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of data connectors. */ - value: DataConnectorUnion[]; -} - -/** Represents Codeless API Polling data connector. */ -export interface DataConnectorConnectBody { - /** The authentication kind used to poll the data */ - kind?: ConnectAuthKind; - /** The API key of the audit server. */ - apiKey?: string; - /** The client secret of the OAuth 2.0 application. */ - clientSecret?: string; - /** The client id of the OAuth 2.0 application. */ - clientId?: string; - /** The authorization code used in OAuth 2.0 code flow to issue a token. */ - authorizationCode?: string; - /** The user name in the audit log server. */ - userName?: string; - /** The user password in the audit log server. */ - password?: string; - requestConfigUserInputValues?: Record[]; -} - -/** Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). */ -export interface ErrorResponse { - /** The error object. */ - error?: ErrorDetail; -} - -/** The error detail. */ -export interface ErrorDetail { - /** - * The error code. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly code?: string; - /** - * The error message. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly message?: string; - /** - * The error target. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly target?: string; - /** - * The error details. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly details?: ErrorDetail[]; - /** - * The error additional info. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalInfo?: ErrorAdditionalInfo[]; -} - -/** The resource management error additional info. */ -export interface ErrorAdditionalInfo { - /** - * The additional info type. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly type?: string; - /** - * The additional info. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly info?: Record; -} - -/** Data connector requirements properties. */ -export interface DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: - | "AzureActiveDirectory" - | "AzureAdvancedThreatProtection" - | "AzureSecurityCenter" - | "AmazonWebServicesCloudTrail" - | "AmazonWebServicesS3" - | "Dynamics365" - | "MicrosoftCloudAppSecurity" - | "MicrosoftDefenderAdvancedThreatProtection" - | "MicrosoftThreatIntelligence" - | "MicrosoftThreatProtection" - | "OfficeATP" - | "OfficeIRM" - | "ThreatIntelligence" - | "ThreatIntelligenceTaxii"; -} - -/** Data connector requirements status. */ -export interface DataConnectorRequirementsState { - /** Authorization state for this connector */ - authorizationState?: DataConnectorAuthorizationState; - /** License state for this connector */ - licenseState?: DataConnectorLicenseState; -} - /** Describes threat kill chain phase entity */ export interface ThreatIntelligenceKillChainPhase { /** Kill chainName name */ @@ -1177,8 +1100,8 @@ export interface ThreatIntelligenceGranularMarkingModel { /** Describes an entity with kind. */ export interface ThreatIntelligenceResourceKind { - /** The kind of the entity. */ - kind: ThreatIntelligenceResourceKindEnum; + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "indicator" | "ThreatIntelligenceInformation" | "indicator"; } /** List of all the threat intelligence information objects. */ @@ -1268,84 +1191,144 @@ export interface ThreatIntelligenceAppendTags { threatIntelligenceTags?: string[]; } -/** Lists the operations available in the SecurityInsights RP. */ -export interface OperationsList { +/** List all the watchlists. */ +export interface WatchlistList { /** - * URL to fetch the next set of operations. + * URL to fetch the next set of watchlists. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of operations */ - value: Operation[]; -} - -/** Operation provided by provider */ -export interface Operation { - /** Properties of the operation */ - display?: OperationDisplay; - /** Name of the operation */ - name?: string; - /** The origin of the operation */ - origin?: string; - /** Indicates whether the operation is a data action */ - isDataAction?: boolean; -} - -/** Properties of the operation */ -export interface OperationDisplay { - /** Description of the operation */ - description?: string; - /** Operation name */ - operation?: string; - /** Provider name */ - provider?: string; - /** Resource name */ - resource?: string; + /** Array of watchlist. */ + value: Watchlist[]; } -/** List of all the office365 consents. */ -export interface OfficeConsentList { +/** List all the watchlist items. */ +export interface WatchlistItemList { /** - * URL to fetch the next set of office consents. + * URL to fetch the next set of watchlist item. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of the consents. */ - value: OfficeConsent[]; + /** Array of watchlist items. */ + value: WatchlistItem[]; } -/** List of all the entity query templates. */ -export interface EntityQueryTemplateList { +/** List all the data connectors. */ +export interface DataConnectorList { /** - * URL to fetch the next set of entity query templates. + * URL to fetch the next set of data connectors. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of entity query templates. */ - value: EntityQueryTemplateUnion[]; -} - -/** alert rule template data sources */ -export interface AlertRuleTemplateDataSource { - /** The connector id that provides the following data types */ - connectorId?: string; - /** The data types used by the alert rule template */ - dataTypes?: string[]; + /** Array of data connectors. */ + value: DataConnectorUnion[]; } -/** Base alert rule template property bag. */ -export interface AlertRuleTemplatePropertiesBase { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; - /** - * The last time that this alert rule template has been updated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastUpdatedDateUTC?: Date; - /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ +/** Represents Codeless API Polling data connector. */ +export interface DataConnectorConnectBody { + /** The authentication kind used to poll the data */ + kind?: ConnectAuthKind; + /** The API key of the audit server. */ + apiKey?: string; + /** The client secret of the OAuth 2.0 application. */ + clientSecret?: string; + /** The client id of the OAuth 2.0 application. */ + clientId?: string; + /** The authorization code used in OAuth 2.0 code flow to issue a token. */ + authorizationCode?: string; + /** The user name in the audit log server. */ + userName?: string; + /** The user password in the audit log server. */ + password?: string; + requestConfigUserInputValues?: Record[]; +} + +/** Data connector requirements properties. */ +export interface DataConnectorsCheckRequirements { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: + | "AzureActiveDirectory" + | "AzureAdvancedThreatProtection" + | "AzureSecurityCenter" + | "AmazonWebServicesCloudTrail" + | "AmazonWebServicesS3" + | "Dynamics365" + | "MicrosoftCloudAppSecurity" + | "MicrosoftDefenderAdvancedThreatProtection" + | "MicrosoftThreatIntelligence" + | "MicrosoftThreatProtection" + | "OfficeATP" + | "OfficeIRM" + | "Office365Project" + | "OfficePowerBI" + | "ThreatIntelligence" + | "ThreatIntelligenceTaxii"; +} + +/** Data connector requirements status. */ +export interface DataConnectorRequirementsState { + /** Authorization state for this connector */ + authorizationState?: DataConnectorAuthorizationState; + /** License state for this connector */ + licenseState?: DataConnectorLicenseState; +} + +/** Lists the operations available in the SecurityInsights RP. */ +export interface OperationsList { + /** + * URL to fetch the next set of operations. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of operations */ + value: Operation[]; +} + +/** Operation provided by provider */ +export interface Operation { + /** Properties of the operation */ + display?: OperationDisplay; + /** Name of the operation */ + name?: string; + /** The origin of the operation */ + origin?: string; + /** Indicates whether the operation is a data action */ + isDataAction?: boolean; +} + +/** Properties of the operation */ +export interface OperationDisplay { + /** Description of the operation */ + description?: string; + /** Operation name */ + operation?: string; + /** Provider name */ + provider?: string; + /** Resource name */ + resource?: string; +} + +/** alert rule template data sources */ +export interface AlertRuleTemplateDataSource { + /** The connector id that provides the following data types */ + connectorId?: string; + /** The data types used by the alert rule template */ + dataTypes?: string[]; +} + +/** Base alert rule template property bag. */ +export interface AlertRuleTemplatePropertiesBase { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; + /** + * The last time that this alert rule template has been updated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The time that this alert rule template has been added. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ readonly createdDateUTC?: Date; /** The description of the alert rule template. */ description?: string; @@ -1363,8 +1346,6 @@ export interface QueryBasedAlertRuleTemplateProperties { query?: string; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ version?: string; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -1403,6 +1384,87 @@ export interface AlertDetailsOverride { alertSeverityColumnName?: string; } +/** Represents a supported source signal configuration in Fusion detection. */ +export interface FusionSourceSettings { + /** Determines whether this source signal is enabled or disabled in Fusion detection. */ + enabled: boolean; + /** Name of the Fusion source signal. Refer to Fusion alert rule template for supported values. */ + sourceName: string; + /** Configuration for all source subtypes under this source signal consumed in fusion detection. */ + sourceSubTypes?: FusionSourceSubTypeSetting[]; +} + +/** Represents a supported source subtype configuration under a source signal in Fusion detection. */ +export interface FusionSourceSubTypeSetting { + /** Determines whether this source subtype under source signal is enabled or disabled in Fusion detection. */ + enabled: boolean; + /** The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values. */ + sourceSubTypeName: string; + /** + * The display name of source subtype under a source signal consumed in Fusion detection. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sourceSubTypeDisplayName?: string; + /** Severity configuration for a source subtype consumed in fusion detection. */ + severityFilters: FusionSubTypeSeverityFilter; +} + +/** Represents severity configuration for a source subtype consumed in Fusion detection. */ +export interface FusionSubTypeSeverityFilter { + /** + * Determines whether this source subtype supports severity configuration or not. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isSupported?: boolean; + /** Individual Severity configuration settings for a given source subtype consumed in Fusion detection. */ + filters?: FusionSubTypeSeverityFiltersItem[]; +} + +/** Represents a Severity filter setting for a given source subtype consumed in Fusion detection. */ +export interface FusionSubTypeSeverityFiltersItem { + /** The Severity for a given source subtype consumed in Fusion detection. */ + severity: AlertSeverity; + /** Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection. */ + enabled: boolean; +} + +/** Represents a Fusion scenario exclusion patterns in Fusion detection. */ +export interface FusionScenarioExclusionPattern { + /** Scenario exclusion pattern. */ + exclusionPattern: string; + /** DateTime when scenario exclusion pattern is added in UTC. */ + dateAddedInUTC: string; +} + +/** Represents a source signal consumed in Fusion detection. */ +export interface FusionTemplateSourceSetting { + /** The name of a source signal consumed in Fusion detection. */ + sourceName: string; + /** All supported source subtypes under this source signal consumed in fusion detection. */ + sourceSubTypes?: FusionTemplateSourceSubType[]; +} + +/** Represents a source subtype under a source signal consumed in Fusion detection. */ +export interface FusionTemplateSourceSubType { + /** The name of source subtype under a source signal consumed in Fusion detection. */ + sourceSubTypeName: string; + /** + * The display name of source subtype under a source signal consumed in Fusion detection. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sourceSubTypeDisplayName?: string; + /** Severity configuration available for a source subtype consumed in fusion detection. */ + severityFilter: FusionTemplateSubTypeSeverityFilter; +} + +/** Represents severity configurations available for a source subtype consumed in Fusion detection. */ +export interface FusionTemplateSubTypeSeverityFilter { + /** Determines whether severity configuration is supported for this source subtype consumed in Fusion detection. */ + isSupported: boolean; + /** List of all supported severities for this source subtype consumed in Fusion detection. */ + severityFilters?: AlertSeverity[]; +} + /** MicrosoftSecurityIncidentCreation rule common property bag. */ export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { /** the alerts' displayNames on which the cases will be generated */ @@ -1425,6 +1487,10 @@ export interface QueryBasedAlertRuleProperties { description?: string; /** The query that creates alerts for this rule. */ query?: string; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The display name for alerts created by this alert rule. */ displayName: string; /** Determines whether this alert rule is enabled or disabled. */ @@ -1440,8 +1506,6 @@ export interface QueryBasedAlertRuleProperties { suppressionEnabled: boolean; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The settings of the incidents that created from alerts triggered by this analytics rule */ incidentConfiguration?: IncidentConfiguration; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -1498,46 +1562,35 @@ export interface EventGroupingSettings { aggregationKind?: EventGroupingAggregationKind; } -/** The configuration of the run playbook automation rule action */ -export interface AutomationRuleRunPlaybookActionConfiguration { - /** The resource id of the playbook resource */ - logicAppResourceId?: string; - /** The tenant id of the playbook resource */ - tenantId?: string; -} - -/** The configuration of the modify properties automation rule action */ -export interface AutomationRuleModifyPropertiesActionConfiguration { +export interface IncidentPropertiesAction { + /** The severity of the incident */ + severity?: IncidentSeverity; + /** The status of the incident */ + status?: IncidentStatus; /** The reason the incident was closed */ classification?: IncidentClassification; - /** Describes the reason the incident was closed */ - classificationComment?: string; /** The classification reason the incident was closed with */ classificationReason?: IncidentClassificationReason; + /** Describes the reason the incident was closed */ + classificationComment?: string; + /** Information on the user an incident is assigned to */ + owner?: IncidentOwnerInfo; /** List of labels to add to the incident */ labels?: IncidentLabel[]; - /** Describes a user that the incident is assigned to */ - owner?: IncidentOwnerInfo; - /** The severity of the incident */ - severity?: IncidentSeverity; - /** The status of the incident */ - status?: IncidentStatus; } -/** The configuration of the automation rule condition */ -export interface AutomationRulePropertyValuesConditionProperties { - /** The property to evaluate */ +export interface AutomationRulePropertyValuesCondition { + /** The property to evaluate in an automation rule property condition */ propertyName?: AutomationRulePropertyConditionSupportedProperty; - /** The operator to use for evaluation the condition */ operator?: AutomationRulePropertyConditionSupportedOperator; - /** The values to use for evaluating the condition */ propertyValues?: string[]; } -/** The Activity query definitions */ -export interface ActivityEntityQueriesPropertiesQueryDefinitions { - /** The Activity query to run on a given entity */ - query?: string; +export interface PlaybookActionProperties { + /** The resource id of the playbook resource */ + logicAppResourceId?: string; + /** The tenant id of the playbook resource */ + tenantId?: string; } /** An properties abstract Query item for entity */ @@ -1614,6 +1667,26 @@ export interface InsightQueryItemPropertiesReferenceTimeRange { beforeRange?: string; } +/** The Activity query definitions */ +export interface ActivityEntityQueriesPropertiesQueryDefinitions { + /** The Activity query to run on a given entity */ + query?: string; +} + +/** The Activity query definitions */ +export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { + /** The Activity query to run on a given entity */ + query?: string; + /** The dimensions we want to summarize the timeline results on, this is comma separated list */ + summarizeBy?: string; +} + +/** The data type definition */ +export interface DataTypeDefinitions { + /** The data type name */ + dataType?: string; +} + /** The pricing tier of the solution */ export interface Sku { /** The kind of the tier */ @@ -1678,6 +1751,18 @@ export interface Dynamics365DataConnectorDataTypes { dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities; } +/** The available data types for Office Microsoft Project data connector. */ +export interface Office365ProjectConnectorDataTypes { + /** Logs data type. */ + logs: Office365ProjectConnectorDataTypesLogs; +} + +/** The available data types for Office Microsoft PowerBI data connector. */ +export interface OfficePowerBIConnectorDataTypes { + /** Logs data type. */ + logs: OfficePowerBIConnectorDataTypesLogs; +} + /** The available data types for office data connector. */ export interface OfficeDataConnectorDataTypes { /** Exchange data type connection. */ @@ -1936,20 +2021,6 @@ export interface CodelessConnectorPollingResponseProperties { isGzipCompressed?: boolean; } -/** The Activity query definitions */ -export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { - /** The Activity query to run on a given entity */ - query?: string; - /** The dimensions we want to summarize the timeline results on, this is comma separated list */ - summarizeBy?: string; -} - -/** The data type definition */ -export interface DataTypeDefinitions { - /** The data type name */ - dataType?: string; -} - /** ThreatIntelligence property bag. */ export interface ThreatIntelligence { /** @@ -2041,6 +2112,12 @@ export type Entity = Resource & { kind: EntityKind; }; +/** Specific entity query template. */ +export type EntityQueryTemplate = Resource & { + /** the entity query template kind */ + kind: EntityQueryTemplateKind; +}; + /** Consent for Office365 tenant that already made. */ export type OfficeConsent = Resource & { /** The tenantId of the Office365 with the consent. */ @@ -2049,12 +2126,6 @@ export type OfficeConsent = Resource & { consentId?: string; }; -/** Specific entity query template. */ -export type EntityQueryTemplate = Resource & { - /** the entity query template kind */ - kind: EntityQueryTemplateKind; -}; - /** Action property bag. */ export type ActionResponseProperties = ActionPropertiesBase & { /** The name of the logic app's workflow. */ @@ -2068,27 +2139,24 @@ export type ActionRequestProperties = ActionPropertiesBase & { }; /** Describes an automation rule condition that evaluates a property's value */ -export type AutomationRulePropertyValuesCondition = AutomationRuleCondition & { +export type PropertyConditionProperties = AutomationRuleCondition & { /** Polymorphic discriminator, which specifies the different types this object can be */ conditionType: "Property"; - /** The configuration of the automation rule condition */ - conditionProperties: AutomationRulePropertyValuesConditionProperties; -}; - -/** Describes an automation rule action to run a playbook */ -export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - actionType: "RunPlaybook"; - /** The configuration of the run playbook automation rule action */ - actionConfiguration: AutomationRuleRunPlaybookActionConfiguration; + conditionProperties?: AutomationRulePropertyValuesCondition; }; /** Describes an automation rule action to modify an object's properties */ export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { /** Polymorphic discriminator, which specifies the different types this object can be */ actionType: "ModifyProperties"; - /** The configuration of the modify properties automation rule action */ - actionConfiguration: AutomationRuleModifyPropertiesActionConfiguration; + actionConfiguration?: IncidentPropertiesAction; +}; + +/** Describes an automation rule action to run a playbook */ +export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + actionType: "RunPlaybook"; + actionConfiguration?: PlaybookActionProperties; }; /** Represents Activity timeline item. */ @@ -3088,30 +3156,111 @@ export type UrlEntityProperties = EntityCommonProperties & { readonly url?: string; }; -/** Represents AAD (Azure Active Directory) requirements check request. */ -export type AADCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AzureActiveDirectory"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Represents AATP (Azure Advanced Threat Protection) requirements check request. */ -export type AatpCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AzureAdvancedThreatProtection"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Represents ASC (Azure Security Center) requirements check request. */ -export type ASCCheckRequirements = DataConnectorsCheckRequirements & { +/** Threat intelligence indicator entity used in request body. */ +export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AzureSecurityCenter"; - /** The subscription id to connect to, and get the data from. */ - subscriptionId?: string; -}; - + kind: "indicator"; + /** Etag of the azure resource */ + etag?: string; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** List of tags */ + threatIntelligenceTags?: string[]; + /** Last updated time in UTC */ + lastUpdatedTimeUtc?: string; + /** Source of a threat intelligence entity */ + source?: string; + /** Display name of a threat intelligence entity */ + displayName?: string; + /** Description of a threat intelligence entity */ + description?: string; + /** Indicator types of threat intelligence entities */ + indicatorTypes?: string[]; + /** Pattern of a threat intelligence entity */ + pattern?: string; + /** Pattern type of a threat intelligence entity */ + patternType?: string; + /** Pattern version of a threat intelligence entity */ + patternVersion?: string; + /** Kill chain phases */ + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + /** Parsed patterns */ + parsedPattern?: ThreatIntelligenceParsedPattern[]; + /** External ID of threat intelligence entity */ + externalId?: string; + /** Created by reference of threat intelligence entity */ + createdByRef?: string; + /** Is threat intelligence entity defanged */ + defanged?: boolean; + /** External last updated time in UTC */ + externalLastUpdatedTimeUtc?: string; + /** External References */ + externalReferences?: ThreatIntelligenceExternalReference[]; + /** Granular Markings */ + granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; + /** Labels of threat intelligence entity */ + labels?: string[]; + /** Is threat intelligence entity revoked */ + revoked?: boolean; + /** Confidence of threat intelligence entity */ + confidence?: number; + /** Threat intelligence entity object marking references */ + objectMarkingRefs?: string[]; + /** Language of threat intelligence entity */ + language?: string; + /** Threat types */ + threatTypes?: string[]; + /** Valid from */ + validFrom?: string; + /** Valid until */ + validUntil?: string; + /** Created by */ + created?: string; + /** Modified by */ + modified?: string; + /** Extensions map */ + extensions?: { [propertyName: string]: any }; +}; + +/** Threat intelligence information object. */ +export type ThreatIntelligenceInformation = ResourceWithEtag & + ThreatIntelligenceResourceKind & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "ThreatIntelligenceInformation" | "indicator"; + }; + +/** Represents AAD (Azure Active Directory) requirements check request. */ +export type AADCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "AzureActiveDirectory"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents AATP (Azure Advanced Threat Protection) requirements check request. */ +export type AatpCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "AzureAdvancedThreatProtection"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents ASC (Azure Security Center) requirements check request. */ +export type ASCCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "AzureSecurityCenter"; + /** The subscription id to connect to, and get the data from. */ + subscriptionId?: string; +}; + /** Amazon Web Services CloudTrail requirements check request. */ export type AwsCloudTrailCheckRequirements = DataConnectorsCheckRequirements & { /** Polymorphic discriminator, which specifies the different types this object can be */ @@ -3180,6 +3329,22 @@ export type OfficeIRMCheckRequirements = DataConnectorsCheckRequirements & { tenantId?: string; }; +/** Represents Office365 Project requirements check request. */ +export type Office365ProjectCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "Office365Project"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents Office PowerBI requirements check request. */ +export type OfficePowerBICheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "OfficePowerBI"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + /** Threat Intelligence Platforms data connector check requirements */ export type TICheckRequirements = DataConnectorsCheckRequirements & { /** Polymorphic discriminator, which specifies the different types this object can be */ @@ -3196,117 +3361,33 @@ export type TiTaxiiCheckRequirements = DataConnectorsCheckRequirements & { tenantId?: string; }; -/** Threat intelligence indicator entity used in request body. */ -export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { - /** Etag of the azure resource */ - etag?: string; - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** List of tags */ - threatIntelligenceTags?: string[]; - /** Last updated time in UTC */ - lastUpdatedTimeUtc?: string; - /** Source of a threat intelligence entity */ - source?: string; - /** Display name of a threat intelligence entity */ - displayName?: string; - /** Description of a threat intelligence entity */ - description?: string; - /** Indicator types of threat intelligence entities */ - indicatorTypes?: string[]; - /** Pattern of a threat intelligence entity */ - pattern?: string; - /** Pattern type of a threat intelligence entity */ - patternType?: string; - /** Pattern version of a threat intelligence entity */ - patternVersion?: string; - /** Kill chain phases */ - killChainPhases?: ThreatIntelligenceKillChainPhase[]; - /** Parsed patterns */ - parsedPattern?: ThreatIntelligenceParsedPattern[]; - /** External ID of threat intelligence entity */ - externalId?: string; - /** Created by reference of threat intelligence entity */ - createdByRef?: string; - /** Is threat intelligence entity defanged */ - defanged?: boolean; - /** External last updated time in UTC */ - externalLastUpdatedTimeUtc?: string; - /** External References */ - externalReferences?: ThreatIntelligenceExternalReference[]; - /** Granular Markings */ - granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; - /** Labels of threat intelligence entity */ - labels?: string[]; - /** Is threat intelligence entity revoked */ - revoked?: boolean; - /** Confidence of threat intelligence entity */ - confidence?: number; - /** Threat intelligence entity object marking references */ - objectMarkingRefs?: string[]; - /** Language of threat intelligence entity */ - language?: string; - /** Threat types */ - threatTypes?: string[]; - /** Valid from */ - validFrom?: string; - /** Valid until */ - validUntil?: string; - /** Created by */ - created?: string; - /** Modified by */ - modified?: string; - /** Extensions map */ - extensions?: { [propertyName: string]: any }; -}; - -/** Threat intelligence information object. */ -export type ThreatIntelligenceInformation = ResourceWithEtag & - ThreatIntelligenceResourceKind & {}; - -/** MLBehaviorAnalytics alert rule template properties. */ -export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template. */ - tactics?: AttackTactic[]; -}; - -/** Fusion alert rule template properties */ -export type FusionAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; -}; - -/** Threat Intelligence alert rule template properties */ -export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template */ +/** Alert rule template with MITRE property bag. */ +export type AlertRuleTemplateWithMitreProperties = AlertRuleTemplatePropertiesBase & { + /** The tactics of the alert rule */ tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; }; /** MicrosoftSecurityIncidentCreation rule template properties */ -export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & - MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {}; +export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { + /** the alerts' displayNames on which the cases will be generated */ + displayNamesFilter?: string[]; + /** the alerts' displayNames on which the cases will not be generated */ + displayNamesExcludeFilter?: string[]; + /** The alerts' productName on which the cases will be generated */ + productFilter?: MicrosoftSecurityProductName; + /** the alerts' severities on which the cases will be generated */ + severitiesFilter?: AlertSeverity[]; +}; /** Scheduled alert rule template properties */ -export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & +export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & ScheduledAlertRuleCommonProperties & {}; /** NRT alert rule template properties */ -export type NrtAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & +export type NrtAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & {}; /** MicrosoftSecurityIncidentCreation rule property bag. */ @@ -3380,6 +3461,12 @@ export type OfficeATPCheckRequirementsProperties = DataConnectorTenantId & {}; /** OfficeIRM (Microsoft Insider Risk Management) requirements check properties. */ export type OfficeIRMCheckRequirementsProperties = DataConnectorTenantId & {}; +/** Office365 Project requirements check properties. */ +export type Office365ProjectCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** Office PowerBI requirements check properties. */ +export type OfficePowerBICheckRequirementsProperties = DataConnectorTenantId & {}; + /** Threat Intelligence Platforms data connector required properties. */ export type TICheckRequirementsProperties = DataConnectorTenantId & {}; @@ -3422,6 +3509,18 @@ export type Dynamics365DataConnectorProperties = DataConnectorTenantId & { export type OfficeATPDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; +/** Office Microsoft Project data connector properties. */ +export type Office365ProjectDataConnectorProperties = DataConnectorTenantId & { + /** The available data types for the connector. */ + dataTypes: Office365ProjectConnectorDataTypes; +}; + +/** Office Microsoft PowerBI data connector properties. */ +export type OfficePowerBIDataConnectorProperties = DataConnectorTenantId & { + /** The available data types for the connector. */ + dataTypes: OfficePowerBIConnectorDataTypes; +}; + /** OfficeIRM (Microsoft Insider Risk Management) data connector properties. */ export type OfficeIRMDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; @@ -3502,6 +3601,12 @@ export type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; /** Common Data Service data type connection. */ export type Dynamics365DataConnectorDataTypesDynamics365CdsActivities = DataConnectorDataTypeCommon & {}; +/** Logs data type. */ +export type Office365ProjectConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +/** Logs data type. */ +export type OfficePowerBIConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + /** Exchange data type connection. */ export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {}; @@ -3556,36 +3661,35 @@ export type ActionRequest = ResourceWithEtag & { triggerUri?: string; }; -/** Represents an automation rule. */ export type AutomationRule = ResourceWithEtag & { - /** The display name of the automation rule */ - displayName?: string; + /** The display name of the automation rule */ + displayName: string; /** The order of execution of the automation rule */ - order?: number; - /** The triggering logic of the automation rule */ - triggeringLogic?: AutomationRuleTriggeringLogic; + order: number; + /** Describes automation rule triggering logic */ + triggeringLogic: AutomationRuleTriggeringLogic; /** The actions to execute when the automation rule is triggered */ - actions?: AutomationRuleActionUnion[]; - /** - * The time the automation rule was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdTimeUtc?: Date; + actions: AutomationRuleActionUnion[]; /** * The last time the automation rule was updated * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastModifiedTimeUtc?: Date; /** - * Describes the client that created the automation rule + * The time the automation rule was created * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly createdBy?: ClientInfo; + readonly createdTimeUtc?: Date; /** - * Describes the client that last updated the automation rule + * Information on the client (user or application) that made some action * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastModifiedBy?: ClientInfo; + /** + * Information on the client (user or application) that made some action + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdBy?: ClientInfo; }; /** Represents a bookmark in Azure Security Insights. */ @@ -3616,6 +3720,12 @@ export type Bookmark = ResourceWithEtag & { queryEndTime?: Date; /** Describes an incident that relates to bookmark */ incidentInfo?: IncidentInfo; + /** Describes the entity mappings of the bookmark */ + entityMappings?: BookmarkEntityMappings[]; + /** A list of relevant mitre attacks */ + tactics?: AttackTactic[]; + /** A list of relevant mitre techniques */ + techniques?: string[]; }; /** Represents a relation between two resources */ @@ -3916,10 +4026,12 @@ export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule template. */ - tactics?: AttackTactic[]; }; /** Represents Fusion alert rule template. */ @@ -3944,10 +4056,14 @@ export type FusionAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; + /** All supported source signal configurations consumed in fusion detection. */ + sourceSettings?: FusionTemplateSourceSetting[]; }; /** Represents Threat Intelligence alert rule template. */ @@ -3972,10 +4088,12 @@ export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; }; /** Represents MicrosoftSecurityIncidentCreation rule template. */ @@ -4032,12 +4150,14 @@ export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The query that creates alerts for this rule. */ query?: string; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ version?: string; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -4080,12 +4200,14 @@ export type NrtAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The query that creates alerts for this rule. */ query?: string; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ version?: string; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -5191,6 +5313,8 @@ export type ActivityEntityQueryTemplate = EntityQueryTemplate & { /** Threat intelligence indicator entity. */ export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "indicator"; /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5259,9 +5383,29 @@ export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { extensions?: { [propertyName: string]: any }; }; -export type PermissionsCustomsItem = Customs & {}; - -/** Represents MLBehaviorAnalytics alert rule. */ +/** MLBehaviorAnalytics alert rule template properties. */ +export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { + /** The severity for alerts created by this alert rule. */ + severity: AlertSeverity; +}; + +/** Fusion alert rule template properties */ +export type FusionAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** All supported source signal configurations consumed in fusion detection. */ + sourceSettings?: FusionTemplateSourceSetting[]; +}; + +/** Threat Intelligence alert rule template properties */ +export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { + /** The severity for alerts created by this alert rule. */ + severity: AlertSeverity; +}; + +export type PermissionsCustomsItem = Customs & {}; + +/** Represents MLBehaviorAnalytics alert rule. */ export type MLBehaviorAnalyticsAlertRule = AlertRule & { /** The Name of the alert rule template used to create this rule. */ alertRuleTemplateName?: string; @@ -5292,6 +5436,11 @@ export type MLBehaviorAnalyticsAlertRule = AlertRule & { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; }; /** Represents Fusion alert rule. */ @@ -5310,6 +5459,10 @@ export type FusionAlertRule = AlertRule & { readonly displayName?: string; /** Determines whether this alert rule is enabled or disabled. */ enabled?: boolean; + /** Configuration for all supported source signals in fusion detection. */ + sourceSettings?: FusionSourceSettings[]; + /** Configuration to exclude scenarios in fusion detection. */ + scenarioExclusionPatterns?: FusionScenarioExclusionPattern[]; /** * The last time that this alert has been modified. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5325,6 +5478,11 @@ export type FusionAlertRule = AlertRule & { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; }; /** Represents Threat Intelligence alert rule. */ @@ -5358,6 +5516,11 @@ export type ThreatIntelligenceAlertRule = AlertRule & { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; }; /** Represents MicrosoftSecurityIncidentCreation rule. */ @@ -5405,6 +5568,10 @@ export type ScheduledAlertRule = AlertRule & { description?: string; /** The query that creates alerts for this rule. */ query?: string; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The display name for alerts created by this alert rule. */ displayName?: string; /** Determines whether this alert rule is enabled or disabled. */ @@ -5420,8 +5587,6 @@ export type ScheduledAlertRule = AlertRule & { suppressionEnabled?: boolean; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The settings of the incidents that created from alerts triggered by this analytics rule */ incidentConfiguration?: IncidentConfiguration; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -5442,6 +5607,10 @@ export type NrtAlertRule = AlertRule & { description?: string; /** The query that creates alerts for this rule. */ query?: string; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The display name for alerts created by this alert rule. */ displayName?: string; /** Determines whether this alert rule is enabled or disabled. */ @@ -5457,8 +5626,6 @@ export type NrtAlertRule = AlertRule & { suppressionEnabled?: boolean; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The settings of the incidents that created from alerts triggered by this analytics rule */ incidentConfiguration?: IncidentConfiguration; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -5666,6 +5833,22 @@ export type OfficeATPDataConnector = DataConnector & { dataTypes?: AlertsDataTypeOfDataConnector; }; +/** Represents Office Microsoft Project data connector. */ +export type Office365ProjectDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: Office365ProjectConnectorDataTypes; +}; + +/** Represents Office Microsoft PowerBI data connector. */ +export type OfficePowerBIDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: OfficePowerBIConnectorDataTypes; +}; + /** Represents OfficeIRM (Microsoft Insider Risk Management) data connector. */ export type OfficeIRMDataConnector = DataConnector & { /** The tenant id to connect to, and get the data from. */ @@ -5812,23 +5995,23 @@ export enum KnownTriggersWhen { */ export type TriggersWhen = string; -/** Known values of {@link AutomationRuleConditionType} that the service accepts. */ -export enum KnownAutomationRuleConditionType { +/** Known values of {@link ConditionType} that the service accepts. */ +export enum KnownConditionType { /** Evaluate an object property value */ Property = "Property" } /** - * Defines values for AutomationRuleConditionType. \ - * {@link KnownAutomationRuleConditionType} can be used interchangeably with AutomationRuleConditionType, + * Defines values for ConditionType. \ + * {@link KnownConditionType} can be used interchangeably with ConditionType, * this enum contains the known values that the service supports. * ### Known values supported by the service * **Property**: Evaluate an object property value */ -export type AutomationRuleConditionType = string; +export type ConditionType = string; -/** Known values of {@link AutomationRuleActionType} that the service accepts. */ -export enum KnownAutomationRuleActionType { +/** Known values of {@link ActionType} that the service accepts. */ +export enum KnownActionType { /** Modify an object's properties */ ModifyProperties = "ModifyProperties", /** Run a playbook on an object */ @@ -5836,14 +6019,14 @@ export enum KnownAutomationRuleActionType { } /** - * Defines values for AutomationRuleActionType. \ - * {@link KnownAutomationRuleActionType} can be used interchangeably with AutomationRuleActionType, + * Defines values for ActionType. \ + * {@link KnownActionType} can be used interchangeably with ActionType, * this enum contains the known values that the service supports. * ### Known values supported by the service * **ModifyProperties**: Modify an object's properties \ * **RunPlaybook**: Run a playbook on an object */ -export type AutomationRuleActionType = string; +export type ActionType = string; /** Known values of {@link IncidentSeverity} that the service accepts. */ export enum KnownIncidentSeverity { @@ -5869,6 +6052,52 @@ export enum KnownIncidentSeverity { */ export type IncidentSeverity = string; +/** Known values of {@link AttackTactic} that the service accepts. */ +export enum KnownAttackTactic { + Reconnaissance = "Reconnaissance", + ResourceDevelopment = "ResourceDevelopment", + InitialAccess = "InitialAccess", + Execution = "Execution", + Persistence = "Persistence", + PrivilegeEscalation = "PrivilegeEscalation", + DefenseEvasion = "DefenseEvasion", + CredentialAccess = "CredentialAccess", + Discovery = "Discovery", + LateralMovement = "LateralMovement", + Collection = "Collection", + Exfiltration = "Exfiltration", + CommandAndControl = "CommandAndControl", + Impact = "Impact", + PreAttack = "PreAttack", + ImpairProcessControl = "ImpairProcessControl", + InhibitResponseFunction = "InhibitResponseFunction" +} + +/** + * Defines values for AttackTactic. \ + * {@link KnownAttackTactic} can be used interchangeably with AttackTactic, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Reconnaissance** \ + * **ResourceDevelopment** \ + * **InitialAccess** \ + * **Execution** \ + * **Persistence** \ + * **PrivilegeEscalation** \ + * **DefenseEvasion** \ + * **CredentialAccess** \ + * **Discovery** \ + * **LateralMovement** \ + * **Collection** \ + * **Exfiltration** \ + * **CommandAndControl** \ + * **Impact** \ + * **PreAttack** \ + * **ImpairProcessControl** \ + * **InhibitResponseFunction** + */ +export type AttackTactic = string; + /** Known values of {@link EntityKind} that the service accepts. */ export enum KnownEntityKind { /** Entity represents account in the system. */ @@ -5944,21 +6173,41 @@ export enum KnownEntityKind { */ export type EntityKind = string; -/** Known values of {@link Enum8} that the service accepts. */ -export enum KnownEnum8 { - Expansion = "Expansion", - Activity = "Activity" +/** Known values of {@link EntityTimelineKind} that the service accepts. */ +export enum KnownEntityTimelineKind { + /** activity */ + Activity = "Activity", + /** bookmarks */ + Bookmark = "Bookmark", + /** security alerts */ + SecurityAlert = "SecurityAlert" } /** - * Defines values for Enum8. \ - * {@link KnownEnum8} can be used interchangeably with Enum8, + * Defines values for EntityTimelineKind. \ + * {@link KnownEntityTimelineKind} can be used interchangeably with EntityTimelineKind, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Expansion** \ - * **Activity** + * **Activity**: activity \ + * **Bookmark**: bookmarks \ + * **SecurityAlert**: security alerts + */ +export type EntityTimelineKind = string; + +/** Known values of {@link EntityItemQueryKind} that the service accepts. */ +export enum KnownEntityItemQueryKind { + /** insight */ + Insight = "Insight" +} + +/** + * Defines values for EntityItemQueryKind. \ + * {@link KnownEntityItemQueryKind} can be used interchangeably with EntityItemQueryKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Insight**: insight */ -export type Enum8 = string; +export type EntityItemQueryKind = string; /** Known values of {@link EntityQueryKind} that the service accepts. */ export enum KnownEntityQueryKind { @@ -5978,93 +6227,49 @@ export enum KnownEntityQueryKind { */ export type EntityQueryKind = string; -/** Known values of {@link CustomEntityQueryKind} that the service accepts. */ -export enum KnownCustomEntityQueryKind { +/** Known values of {@link Enum12} that the service accepts. */ +export enum KnownEnum12 { + Expansion = "Expansion", Activity = "Activity" } /** - * Defines values for CustomEntityQueryKind. \ - * {@link KnownCustomEntityQueryKind} can be used interchangeably with CustomEntityQueryKind, + * Defines values for Enum12. \ + * {@link KnownEnum12} can be used interchangeably with Enum12, * this enum contains the known values that the service supports. * ### Known values supported by the service + * **Expansion** \ * **Activity** */ -export type CustomEntityQueryKind = string; - -/** Known values of {@link EntityTimelineKind} that the service accepts. */ -export enum KnownEntityTimelineKind { - /** activity */ - Activity = "Activity", - /** bookmarks */ - Bookmark = "Bookmark", - /** security alerts */ - SecurityAlert = "SecurityAlert" -} - -/** - * Defines values for EntityTimelineKind. \ - * {@link KnownEntityTimelineKind} can be used interchangeably with EntityTimelineKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Activity**: activity \ - * **Bookmark**: bookmarks \ - * **SecurityAlert**: security alerts - */ -export type EntityTimelineKind = string; +export type Enum12 = string; -/** Known values of {@link EntityItemQueryKind} that the service accepts. */ -export enum KnownEntityItemQueryKind { - /** insight */ - Insight = "Insight" +/** Known values of {@link CustomEntityQueryKind} that the service accepts. */ +export enum KnownCustomEntityQueryKind { + Activity = "Activity" } /** - * Defines values for EntityItemQueryKind. \ - * {@link KnownEntityItemQueryKind} can be used interchangeably with EntityItemQueryKind, + * Defines values for CustomEntityQueryKind. \ + * {@link KnownCustomEntityQueryKind} can be used interchangeably with CustomEntityQueryKind, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Insight**: insight + * **Activity** */ -export type EntityItemQueryKind = string; +export type CustomEntityQueryKind = string; -/** Known values of {@link AttackTactic} that the service accepts. */ -export enum KnownAttackTactic { - InitialAccess = "InitialAccess", - Execution = "Execution", - Persistence = "Persistence", - PrivilegeEscalation = "PrivilegeEscalation", - DefenseEvasion = "DefenseEvasion", - CredentialAccess = "CredentialAccess", - Discovery = "Discovery", - LateralMovement = "LateralMovement", - Collection = "Collection", - Exfiltration = "Exfiltration", - CommandAndControl = "CommandAndControl", - Impact = "Impact", - PreAttack = "PreAttack" +/** Known values of {@link EntityQueryTemplateKind} that the service accepts. */ +export enum KnownEntityQueryTemplateKind { + Activity = "Activity" } /** - * Defines values for AttackTactic. \ - * {@link KnownAttackTactic} can be used interchangeably with AttackTactic, + * Defines values for EntityQueryTemplateKind. \ + * {@link KnownEntityQueryTemplateKind} can be used interchangeably with EntityQueryTemplateKind, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **InitialAccess** \ - * **Execution** \ - * **Persistence** \ - * **PrivilegeEscalation** \ - * **DefenseEvasion** \ - * **CredentialAccess** \ - * **Discovery** \ - * **LateralMovement** \ - * **Collection** \ - * **Exfiltration** \ - * **CommandAndControl** \ - * **Impact** \ - * **PreAttack** + * **Activity** */ -export type AttackTactic = string; +export type EntityQueryTemplateKind = string; /** Known values of {@link IncidentClassification} that the service accepts. */ export enum KnownIncidentClassification { @@ -6470,6 +6675,39 @@ export enum KnownContentType { */ export type ContentType = string; +/** Known values of {@link ThreatIntelligenceResourceKindEnum} that the service accepts. */ +export enum KnownThreatIntelligenceResourceKindEnum { + /** Entity represents threat intelligence indicator in the system. */ + Indicator = "indicator" +} + +/** + * Defines values for ThreatIntelligenceResourceKindEnum. \ + * {@link KnownThreatIntelligenceResourceKindEnum} can be used interchangeably with ThreatIntelligenceResourceKindEnum, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **indicator**: Entity represents threat intelligence indicator in the system. + */ +export type ThreatIntelligenceResourceKindEnum = string; + +/** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */ +export enum KnownThreatIntelligenceSortingCriteriaEnum { + Unsorted = "unsorted", + Ascending = "ascending", + Descending = "descending" +} + +/** + * Defines values for ThreatIntelligenceSortingCriteriaEnum. \ + * {@link KnownThreatIntelligenceSortingCriteriaEnum} can be used interchangeably with ThreatIntelligenceSortingCriteriaEnum, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **unsorted** \ + * **ascending** \ + * **descending** + */ +export type ThreatIntelligenceSortingCriteriaEnum = string; + /** Known values of {@link Source} that the service accepts. */ export enum KnownSource { LocalFile = "Local file", @@ -6496,6 +6734,8 @@ export enum KnownDataConnectorKind { Office365 = "Office365", OfficeATP = "OfficeATP", OfficeIRM = "OfficeIRM", + Office365Project = "Office365Project", + OfficePowerBI = "OfficePowerBI", AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", AmazonWebServicesS3 = "AmazonWebServicesS3", AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", @@ -6520,6 +6760,8 @@ export enum KnownDataConnectorKind { * **Office365** \ * **OfficeATP** \ * **OfficeIRM** \ + * **Office365Project** \ + * **OfficePowerBI** \ * **AmazonWebServicesCloudTrail** \ * **AmazonWebServicesS3** \ * **AzureAdvancedThreatProtection** \ @@ -6584,73 +6826,26 @@ export enum KnownDataConnectorLicenseState { */ export type DataConnectorLicenseState = string; -/** Known values of {@link ThreatIntelligenceResourceKindEnum} that the service accepts. */ -export enum KnownThreatIntelligenceResourceKindEnum { - /** Entity represents threat intelligence indicator in the system. */ - Indicator = "indicator" +/** Known values of {@link TemplateStatus} that the service accepts. */ +export enum KnownTemplateStatus { + /** Alert rule template installed. and can not use more then once */ + Installed = "Installed", + /** Alert rule template is available. */ + Available = "Available", + /** Alert rule template is not available */ + NotAvailable = "NotAvailable" } /** - * Defines values for ThreatIntelligenceResourceKindEnum. \ - * {@link KnownThreatIntelligenceResourceKindEnum} can be used interchangeably with ThreatIntelligenceResourceKindEnum, + * Defines values for TemplateStatus. \ + * {@link KnownTemplateStatus} can be used interchangeably with TemplateStatus, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **indicator**: Entity represents threat intelligence indicator in the system. + * **Installed**: Alert rule template installed. and can not use more then once \ + * **Available**: Alert rule template is available. \ + * **NotAvailable**: Alert rule template is not available */ -export type ThreatIntelligenceResourceKindEnum = string; - -/** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */ -export enum KnownThreatIntelligenceSortingCriteriaEnum { - Unsorted = "unsorted", - Ascending = "ascending", - Descending = "descending" -} - -/** - * Defines values for ThreatIntelligenceSortingCriteriaEnum. \ - * {@link KnownThreatIntelligenceSortingCriteriaEnum} can be used interchangeably with ThreatIntelligenceSortingCriteriaEnum, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **unsorted** \ - * **ascending** \ - * **descending** - */ -export type ThreatIntelligenceSortingCriteriaEnum = string; - -/** Known values of {@link EntityQueryTemplateKind} that the service accepts. */ -export enum KnownEntityQueryTemplateKind { - Activity = "Activity" -} - -/** - * Defines values for EntityQueryTemplateKind. \ - * {@link KnownEntityQueryTemplateKind} can be used interchangeably with EntityQueryTemplateKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Activity** - */ -export type EntityQueryTemplateKind = string; - -/** Known values of {@link TemplateStatus} that the service accepts. */ -export enum KnownTemplateStatus { - /** Alert rule template installed. and can not use more then once */ - Installed = "Installed", - /** Alert rule template is available. */ - Available = "Available", - /** Alert rule template is not available */ - NotAvailable = "NotAvailable" -} - -/** - * Defines values for TemplateStatus. \ - * {@link KnownTemplateStatus} can be used interchangeably with TemplateStatus, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Installed**: Alert rule template installed. and can not use more then once \ - * **Available**: Alert rule template is available. \ - * **NotAvailable**: Alert rule template is not available - */ -export type TemplateStatus = string; +export type TemplateStatus = string; /** Known values of {@link EntityMappingType} that the service accepts. */ export enum KnownEntityMappingType { @@ -6809,15 +7004,17 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { IncidentSeverity = "IncidentSeverity", /** The status of the incident */ IncidentStatus = "IncidentStatus", - /** The tactics of the incident */ - IncidentTactics = "IncidentTactics", /** The related Analytic rule ids of the incident */ IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", + /** The tactics of the incident */ + IncidentTactics = "IncidentTactics", + /** The labels of the incident */ + IncidentLabel = "IncidentLabel", /** The provider name of the incident */ IncidentProviderName = "IncidentProviderName", /** The account Azure Active Directory tenant id */ AccountAadTenantId = "AccountAadTenantId", - /** The account Azure Active Directory user id. */ + /** The account Azure Active Directory user id */ AccountAadUserId = "AccountAadUserId", /** The account name */ AccountName = "AccountName", @@ -6831,6 +7028,8 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { AccountObjectGuid = "AccountObjectGuid", /** The account user principal name suffix */ AccountUPNSuffix = "AccountUPNSuffix", + /** The name of the product of the alert */ + AlertProductNames = "AlertProductNames", /** The Azure resource id */ AzureResourceResourceId = "AzureResourceResourceId", /** The Azure resource subscription id */ @@ -6857,7 +7056,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { HostNTDomain = "HostNTDomain", /** The host operating system */ HostOSVersion = "HostOSVersion", - /** The IoT device id */ + /** "The IoT device id */ IoTDeviceId = "IoTDeviceId", /** The IoT device name */ IoTDeviceName = "IoTDeviceName", @@ -6916,17 +7115,19 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { * **IncidentDescription**: The description of the incident \ * **IncidentSeverity**: The severity of the incident \ * **IncidentStatus**: The status of the incident \ - * **IncidentTactics**: The tactics of the incident \ * **IncidentRelatedAnalyticRuleIds**: The related Analytic rule ids of the incident \ + * **IncidentTactics**: The tactics of the incident \ + * **IncidentLabel**: The labels of the incident \ * **IncidentProviderName**: The provider name of the incident \ * **AccountAadTenantId**: The account Azure Active Directory tenant id \ - * **AccountAadUserId**: The account Azure Active Directory user id. \ + * **AccountAadUserId**: The account Azure Active Directory user id \ * **AccountName**: The account name \ * **AccountNTDomain**: The account NetBIOS domain name \ * **AccountPUID**: The account Azure Active Directory Passport User ID \ * **AccountSid**: The account security identifier \ * **AccountObjectGuid**: The account unique identifier \ * **AccountUPNSuffix**: The account user principal name suffix \ + * **AlertProductNames**: The name of the product of the alert \ * **AzureResourceResourceId**: The Azure resource id \ * **AzureResourceSubscriptionId**: The Azure resource subscription id \ * **CloudApplicationAppId**: The cloud application identifier \ @@ -6940,7 +7141,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { * **HostNetBiosName**: The host NetBIOS name \ * **HostNTDomain**: The host NT domain \ * **HostOSVersion**: The host operating system \ - * **IoTDeviceId**: The IoT device id \ + * **IoTDeviceId**: "The IoT device id \ * **IoTDeviceName**: The IoT device name \ * **IoTDeviceType**: The IoT device type \ * **IoTDeviceVendor**: The IoT device vendor \ @@ -7482,6 +7683,30 @@ export interface AlertRuleTemplatesListNextOptionalParams /** Contains response data for the listNext operation. */ export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList; +/** Optional parameters. */ +export interface AutomationRulesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type AutomationRulesGetResponse = AutomationRule; + +/** Optional parameters. */ +export interface AutomationRulesCreateOrUpdateOptionalParams + extends coreClient.OperationOptions { + /** The automation rule */ + automationRuleToUpsert?: AutomationRule; +} + +/** Contains response data for the createOrUpdate operation. */ +export type AutomationRulesCreateOrUpdateResponse = AutomationRule; + +/** Optional parameters. */ +export interface AutomationRulesDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the delete operation. */ +export type AutomationRulesDeleteResponse = Record; + /** Optional parameters. */ export interface AutomationRulesListOptionalParams extends coreClient.OperationOptions {} @@ -7490,29 +7715,98 @@ export interface AutomationRulesListOptionalParams export type AutomationRulesListResponse = AutomationRulesList; /** Optional parameters. */ -export interface AutomationRulesGetOptionalParams +export interface AutomationRulesListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type AutomationRulesListNextResponse = AutomationRulesList; + +/** Optional parameters. */ +export interface IncidentsRunPlaybookOptionalParams + extends coreClient.OperationOptions { + requestBody?: ManualTriggerRequestBody; +} + +/** Contains response data for the runPlaybook operation. */ +export type IncidentsRunPlaybookResponse = Record; + +/** Optional parameters. */ +export interface IncidentsListOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the list operation. */ +export type IncidentsListResponse = IncidentList; + +/** Optional parameters. */ +export interface IncidentsGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type AutomationRulesGetResponse = AutomationRule; +export type IncidentsGetResponse = Incident; /** Optional parameters. */ -export interface AutomationRulesCreateOrUpdateOptionalParams +export interface IncidentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the createOrUpdate operation. */ -export type AutomationRulesCreateOrUpdateResponse = AutomationRule; +export type IncidentsCreateOrUpdateResponse = Incident; /** Optional parameters. */ -export interface AutomationRulesDeleteOptionalParams +export interface IncidentsDeleteOptionalParams extends coreClient.OperationOptions {} /** Optional parameters. */ -export interface AutomationRulesListNextOptionalParams +export interface IncidentsCreateTeamOptionalParams extends coreClient.OperationOptions {} +/** Contains response data for the createTeam operation. */ +export type IncidentsCreateTeamResponse = TeamInformation; + +/** Optional parameters. */ +export interface IncidentsListAlertsOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listAlerts operation. */ +export type IncidentsListAlertsResponse = IncidentAlertList; + +/** Optional parameters. */ +export interface IncidentsListBookmarksOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listBookmarks operation. */ +export type IncidentsListBookmarksResponse = IncidentBookmarkList; + +/** Optional parameters. */ +export interface IncidentsListEntitiesOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listEntities operation. */ +export type IncidentsListEntitiesResponse = IncidentEntitiesResponse; + +/** Optional parameters. */ +export interface IncidentsListNextOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + /** Contains response data for the listNext operation. */ -export type AutomationRulesListNextResponse = AutomationRulesList; +export type IncidentsListNextResponse = IncidentList; /** Optional parameters. */ export interface BookmarksListOptionalParams @@ -7617,44 +7911,6 @@ export interface DomainWhoisGetOptionalParams /** Contains response data for the get operation. */ export type DomainWhoisGetResponse = EnrichmentDomainWhois; -/** Optional parameters. */ -export interface EntityQueriesListOptionalParams - extends coreClient.OperationOptions { - /** The entity query kind we want to fetch */ - kind?: Enum8; -} - -/** Contains response data for the list operation. */ -export type EntityQueriesListResponse = EntityQueryList; - -/** Optional parameters. */ -export interface EntityQueriesGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type EntityQueriesGetResponse = EntityQueryUnion; - -/** Optional parameters. */ -export interface EntityQueriesCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; - -/** Optional parameters. */ -export interface EntityQueriesDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface EntityQueriesListNextOptionalParams - extends coreClient.OperationOptions { - /** The entity query kind we want to fetch */ - kind?: Enum8; -} - -/** Contains response data for the listNext operation. */ -export type EntityQueriesListNextResponse = EntityQueryList; - /** Optional parameters. */ export interface EntitiesListOptionalParams extends coreClient.OperationOptions {} @@ -7744,82 +8000,63 @@ export interface EntityRelationsGetRelationOptionalParams export type EntityRelationsGetRelationResponse = Relation; /** Optional parameters. */ -export interface IncidentsListOptionalParams +export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; + /** The entity query kind we want to fetch */ + kind?: Enum12; } /** Contains response data for the list operation. */ -export type IncidentsListResponse = IncidentList; +export type EntityQueriesListResponse = EntityQueryList; /** Optional parameters. */ -export interface IncidentsGetOptionalParams +export interface EntityQueriesGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type IncidentsGetResponse = Incident; +export type EntityQueriesGetResponse = EntityQueryUnion; /** Optional parameters. */ -export interface IncidentsCreateOrUpdateOptionalParams +export interface EntityQueriesCreateOrUpdateOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the createOrUpdate operation. */ -export type IncidentsCreateOrUpdateResponse = Incident; +export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; /** Optional parameters. */ -export interface IncidentsDeleteOptionalParams +export interface EntityQueriesDeleteOptionalParams extends coreClient.OperationOptions {} /** Optional parameters. */ -export interface IncidentsCreateTeamOptionalParams - extends coreClient.OperationOptions {} +export interface EntityQueriesListNextOptionalParams + extends coreClient.OperationOptions { + /** The entity query kind we want to fetch */ + kind?: Enum12; +} -/** Contains response data for the createTeam operation. */ -export type IncidentsCreateTeamResponse = TeamInformation; +/** Contains response data for the listNext operation. */ +export type EntityQueriesListNextResponse = EntityQueryList; /** Optional parameters. */ -export interface IncidentsListAlertsOptionalParams +export interface EntityQueryTemplatesListOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the listAlerts operation. */ -export type IncidentsListAlertsResponse = IncidentAlertList; +/** Contains response data for the list operation. */ +export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; /** Optional parameters. */ -export interface IncidentsListBookmarksOptionalParams +export interface EntityQueryTemplatesGetOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the listBookmarks operation. */ -export type IncidentsListBookmarksResponse = IncidentBookmarkList; +/** Contains response data for the get operation. */ +export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; /** Optional parameters. */ -export interface IncidentsListEntitiesOptionalParams +export interface EntityQueryTemplatesListNextOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the listEntities operation. */ -export type IncidentsListEntitiesResponse = IncidentEntitiesResponse; - -/** Optional parameters. */ -export interface IncidentsListNextOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - /** Contains response data for the listNext operation. */ -export type IncidentsListNextResponse = IncidentList; +export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; /** Optional parameters. */ export interface IncidentCommentsListOptionalParams @@ -7978,6 +8215,31 @@ export interface MetadataListNextOptionalParams /** Contains response data for the listNext operation. */ export type MetadataListNextResponse = MetadataList; +/** Optional parameters. */ +export interface OfficeConsentsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type OfficeConsentsListResponse = OfficeConsentList; + +/** Optional parameters. */ +export interface OfficeConsentsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type OfficeConsentsGetResponse = OfficeConsent; + +/** Optional parameters. */ +export interface OfficeConsentsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface OfficeConsentsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type OfficeConsentsListNextResponse = OfficeConsentList; + /** Optional parameters. */ export interface SentinelOnboardingStatesGetOptionalParams extends coreClient.OperationOptions {} @@ -8077,117 +8339,6 @@ export interface SourceControlsListNextOptionalParams /** Contains response data for the listNext operation. */ export type SourceControlsListNextResponse = SourceControlList; -/** Optional parameters. */ -export interface WatchlistsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type WatchlistsListResponse = WatchlistList; - -/** Optional parameters. */ -export interface WatchlistsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type WatchlistsGetResponse = Watchlist; - -/** Optional parameters. */ -export interface WatchlistsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface WatchlistsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type WatchlistsCreateOrUpdateResponse = Watchlist; - -/** Optional parameters. */ -export interface WatchlistsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type WatchlistsListNextResponse = WatchlistList; - -/** Optional parameters. */ -export interface WatchlistItemsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type WatchlistItemsListResponse = WatchlistItemList; - -/** Optional parameters. */ -export interface WatchlistItemsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type WatchlistItemsGetResponse = WatchlistItem; - -/** Optional parameters. */ -export interface WatchlistItemsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface WatchlistItemsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem; - -/** Optional parameters. */ -export interface WatchlistItemsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type WatchlistItemsListNextResponse = WatchlistItemList; - -/** Optional parameters. */ -export interface DataConnectorsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type DataConnectorsListResponse = DataConnectorList; - -/** Optional parameters. */ -export interface DataConnectorsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type DataConnectorsGetResponse = DataConnectorUnion; - -/** Optional parameters. */ -export interface DataConnectorsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; - -/** Optional parameters. */ -export interface DataConnectorsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsConnectOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsDisconnectOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type DataConnectorsListNextResponse = DataConnectorList; - -/** Optional parameters. */ -export interface DataConnectorsCheckRequirementsPostOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the post operation. */ -export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; - /** Optional parameters. */ export interface ThreatIntelligenceIndicatorCreateIndicatorOptionalParams extends coreClient.OperationOptions {} @@ -8278,64 +8429,129 @@ export interface ThreatIntelligenceIndicatorMetricsListOptionalParams export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList; /** Optional parameters. */ -export interface OperationsListOptionalParams +export interface WatchlistsListOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the list operation. */ -export type OperationsListResponse = OperationsList; +export type WatchlistsListResponse = WatchlistList; /** Optional parameters. */ -export interface OperationsListNextOptionalParams +export interface WatchlistsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type WatchlistsGetResponse = Watchlist; + +/** Optional parameters. */ +export interface WatchlistsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface WatchlistsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type WatchlistsCreateOrUpdateResponse = Watchlist; + +/** Optional parameters. */ +export interface WatchlistsListNextOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the listNext operation. */ -export type OperationsListNextResponse = OperationsList; +export type WatchlistsListNextResponse = WatchlistList; /** Optional parameters. */ -export interface OfficeConsentsListOptionalParams +export interface WatchlistItemsListOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the list operation. */ -export type OfficeConsentsListResponse = OfficeConsentList; +export type WatchlistItemsListResponse = WatchlistItemList; /** Optional parameters. */ -export interface OfficeConsentsGetOptionalParams +export interface WatchlistItemsGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type OfficeConsentsGetResponse = OfficeConsent; +export type WatchlistItemsGetResponse = WatchlistItem; /** Optional parameters. */ -export interface OfficeConsentsDeleteOptionalParams +export interface WatchlistItemsDeleteOptionalParams extends coreClient.OperationOptions {} /** Optional parameters. */ -export interface OfficeConsentsListNextOptionalParams +export interface WatchlistItemsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem; + +/** Optional parameters. */ +export interface WatchlistItemsListNextOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the listNext operation. */ -export type OfficeConsentsListNextResponse = OfficeConsentList; +export type WatchlistItemsListNextResponse = WatchlistItemList; /** Optional parameters. */ -export interface EntityQueryTemplatesListOptionalParams +export interface DataConnectorsListOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the list operation. */ -export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; +export type DataConnectorsListResponse = DataConnectorList; /** Optional parameters. */ -export interface EntityQueryTemplatesGetOptionalParams +export interface DataConnectorsGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; +export type DataConnectorsGetResponse = DataConnectorUnion; /** Optional parameters. */ -export interface EntityQueryTemplatesListNextOptionalParams +export interface DataConnectorsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; + +/** Optional parameters. */ +export interface DataConnectorsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsConnectOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsDisconnectOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsListNextOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the listNext operation. */ -export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; +export type DataConnectorsListNextResponse = DataConnectorList; + +/** Optional parameters. */ +export interface DataConnectorsCheckRequirementsPostOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the post operation. */ +export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; + +/** Optional parameters. */ +export interface OperationsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type OperationsListResponse = OperationsList; + +/** Optional parameters. */ +export interface OperationsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type OperationsListNextResponse = OperationsList; /** Optional parameters. */ export interface SecurityInsightsOptionalParams diff --git a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts index dee7eb969f7d..171a564fd828 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts @@ -232,35 +232,6 @@ export const AlertRuleTemplatesList: coreClient.CompositeMapper = { } }; -export const AutomationRulesList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRulesList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AutomationRule" - } - } - } - } - } - } -}; - export const AutomationRuleTriggeringLogic: coreClient.CompositeMapper = { type: { name: "Composite", @@ -391,6 +362,54 @@ export const ClientInfo: coreClient.CompositeMapper = { } }; +export const AutomationRulesList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AutomationRulesList", + modelProperties: { + value: { + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AutomationRule" + } + } + } + }, + nextLink: { + serializedName: "nextLink", + type: { + name: "String" + } + } + } + } +}; + +export const ManualTriggerRequestBody: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ManualTriggerRequestBody", + modelProperties: { + tenantId: { + serializedName: "tenantId", + type: { + name: "Uuid" + } + }, + logicAppsResourceId: { + serializedName: "logicAppsResourceId", + type: { + name: "String" + } + } + } + } +}; + export const BookmarkList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -483,6 +502,54 @@ export const IncidentInfo: coreClient.CompositeMapper = { } }; +export const BookmarkEntityMappings: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "BookmarkEntityMappings", + modelProperties: { + entityType: { + serializedName: "entityType", + type: { + name: "String" + } + }, + fieldMappings: { + serializedName: "fieldMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityFieldMapping" + } + } + } + } + } + } +}; + +export const EntityFieldMapping: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityFieldMapping", + modelProperties: { + identifier: { + serializedName: "identifier", + type: { + name: "String" + } + }, + value: { + serializedName: "value", + type: { + name: "String" + } + } + } + } +}; + export const RelationList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -1031,35 +1098,6 @@ export const EnrichmentDomainWhoisContact: coreClient.CompositeMapper = { } }; -export const EntityQueryList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQuery" - } - } - } - } - } - } -}; - export const EntityList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -1685,6 +1723,64 @@ export const InsightsTableResultColumnsItem: coreClient.CompositeMapper = { } }; +export const EntityQueryList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityQueryList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQuery" + } + } + } + } + } + } +}; + +export const EntityQueryTemplateList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityQueryTemplateList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQueryTemplate" + } + } + } + } + } + } +}; + export const IncidentList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -1752,6 +1848,13 @@ export const IncidentAdditionalData: coreClient.CompositeMapper = { } } }, + providerIncidentUrl: { + serializedName: "providerIncidentUrl", + readOnly: true, + type: { + name: "String" + } + }, tactics: { serializedName: "tactics", readOnly: true, @@ -1763,6 +1866,18 @@ export const IncidentAdditionalData: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -2297,6 +2412,35 @@ export const MetadataCategories: coreClient.CompositeMapper = { } }; +export const OfficeConsentList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeConsentList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "OfficeConsent" + } + } + } + } + } + } +}; + export const SentinelOnboardingStatesList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -2497,56 +2641,46 @@ export const ContentPathMap: coreClient.CompositeMapper = { } }; -export const WatchlistList: coreClient.CompositeMapper = { +export const ThreatIntelligenceKillChainPhase: coreClient.CompositeMapper = { type: { name: "Composite", - className: "WatchlistList", + className: "ThreatIntelligenceKillChainPhase", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + killChainName: { + serializedName: "killChainName", type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + phaseName: { + serializedName: "phaseName", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Watchlist" - } - } + name: "String" } } } } }; -export const WatchlistItemList: coreClient.CompositeMapper = { +export const ThreatIntelligenceParsedPattern: coreClient.CompositeMapper = { type: { name: "Composite", - className: "WatchlistItemList", + className: "ThreatIntelligenceParsedPattern", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + patternTypeKey: { + serializedName: "patternTypeKey", type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + patternTypeValues: { + serializedName: "patternTypeValues", type: { name: "Sequence", element: { type: { name: "Composite", - className: "WatchlistItem" + className: "ThreatIntelligenceParsedPatternTypeValue" } } } @@ -2555,90 +2689,91 @@ export const WatchlistItemList: coreClient.CompositeMapper = { } }; -export const DataConnectorList: coreClient.CompositeMapper = { +export const ThreatIntelligenceParsedPatternTypeValue: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorList", + className: "ThreatIntelligenceParsedPatternTypeValue", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + valueType: { + serializedName: "valueType", type: { name: "String" } }, value: { serializedName: "value", - required: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "DataConnector" - } - } + name: "String" } } } } }; -export const DataConnectorConnectBody: coreClient.CompositeMapper = { +export const ThreatIntelligenceExternalReference: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorConnectBody", + className: "ThreatIntelligenceExternalReference", modelProperties: { - kind: { - serializedName: "kind", + description: { + serializedName: "description", type: { name: "String" } }, - apiKey: { - serializedName: "apiKey", + externalId: { + serializedName: "externalId", type: { name: "String" } }, - clientSecret: { - serializedName: "clientSecret", + sourceName: { + serializedName: "sourceName", type: { name: "String" } }, - clientId: { - serializedName: "clientId", + url: { + serializedName: "url", type: { name: "String" } }, - authorizationCode: { - serializedName: "authorizationCode", + hashes: { + serializedName: "hashes", type: { - name: "String" + name: "Dictionary", + value: { type: { name: "String" } } } - }, - userName: { - serializedName: "userName", + } + } + } +}; + +export const ThreatIntelligenceGranularMarkingModel: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceGranularMarkingModel", + modelProperties: { + language: { + serializedName: "language", type: { name: "String" } }, - password: { - serializedName: "password", + markingRef: { + serializedName: "markingRef", type: { - name: "String" + name: "Number" } }, - requestConfigUserInputValues: { - serializedName: "requestConfigUserInputValues", + selectors: { + serializedName: "selectors", type: { name: "Sequence", element: { type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "String" } } } @@ -2647,184 +2782,276 @@ export const DataConnectorConnectBody: coreClient.CompositeMapper = { } }; -export const ErrorResponse: coreClient.CompositeMapper = { +export const ThreatIntelligenceResourceKind: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ErrorResponse", + className: "ThreatIntelligenceResourceKind", + uberParent: "ThreatIntelligenceResourceKind", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { - error: { - serializedName: "error", + kind: { + serializedName: "kind", + required: true, type: { - name: "Composite", - className: "ErrorDetail" + name: "String" } } } } }; -export const ErrorDetail: coreClient.CompositeMapper = { +export const ThreatIntelligenceInformationList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ErrorDetail", + className: "ThreatIntelligenceInformationList", modelProperties: { - code: { - serializedName: "code", + nextLink: { + serializedName: "nextLink", readOnly: true, type: { name: "String" } }, - message: { - serializedName: "message", - readOnly: true, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceInformation" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceFilteringCriteria: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceFilteringCriteria", + modelProperties: { + pageSize: { + serializedName: "pageSize", + type: { + name: "Number" + } + }, + minConfidence: { + serializedName: "minConfidence", + type: { + name: "Number" + } + }, + maxConfidence: { + serializedName: "maxConfidence", + type: { + name: "Number" + } + }, + minValidUntil: { + serializedName: "minValidUntil", type: { name: "String" } }, - target: { - serializedName: "target", - readOnly: true, + maxValidUntil: { + serializedName: "maxValidUntil", type: { name: "String" } }, - details: { - serializedName: "details", - readOnly: true, + includeDisabled: { + serializedName: "includeDisabled", + type: { + name: "Boolean" + } + }, + sortBy: { + serializedName: "sortBy", type: { name: "Sequence", element: { type: { name: "Composite", - className: "ErrorDetail" + className: "ThreatIntelligenceSortingCriteria" } } } }, - additionalInfo: { - serializedName: "additionalInfo", - readOnly: true, + sources: { + serializedName: "sources", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "ErrorAdditionalInfo" + name: "String" + } + } + } + }, + patternTypes: { + serializedName: "patternTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + threatTypes: { + serializedName: "threatTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + ids: { + serializedName: "ids", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + keywords: { + serializedName: "keywords", + type: { + name: "Sequence", + element: { + type: { + name: "String" } } } + }, + skipToken: { + serializedName: "skipToken", + type: { + name: "String" + } } } } }; -export const ErrorAdditionalInfo: coreClient.CompositeMapper = { +export const ThreatIntelligenceSortingCriteria: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ErrorAdditionalInfo", + className: "ThreatIntelligenceSortingCriteria", modelProperties: { - type: { - serializedName: "type", - readOnly: true, + itemKey: { + serializedName: "itemKey", type: { name: "String" } }, - info: { - serializedName: "info", - readOnly: true, + sortOrder: { + serializedName: "sortOrder", type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "String" } } } } }; -export const DataConnectorsCheckRequirements: coreClient.CompositeMapper = { +export const ThreatIntelligenceMetricsList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorsCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, + className: "ThreatIntelligenceMetricsList", modelProperties: { - kind: { - serializedName: "kind", + value: { + serializedName: "value", required: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetrics" + } + } } } } } }; -export const DataConnectorRequirementsState: coreClient.CompositeMapper = { +export const ThreatIntelligenceMetrics: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorRequirementsState", + className: "ThreatIntelligenceMetrics", modelProperties: { - authorizationState: { - serializedName: "authorizationState", - type: { - name: "String" - } - }, - licenseState: { - serializedName: "licenseState", + properties: { + serializedName: "properties", type: { - name: "String" + name: "Composite", + className: "ThreatIntelligenceMetric" } } } } }; -export const ThreatIntelligenceKillChainPhase: coreClient.CompositeMapper = { +export const ThreatIntelligenceMetric: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceKillChainPhase", + className: "ThreatIntelligenceMetric", modelProperties: { - killChainName: { - serializedName: "killChainName", + lastUpdatedTimeUtc: { + serializedName: "lastUpdatedTimeUtc", type: { name: "String" } }, - phaseName: { - serializedName: "phaseName", + threatTypeMetrics: { + serializedName: "threatTypeMetrics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricEntity" + } + } } - } - } - } -}; - -export const ThreatIntelligenceParsedPattern: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceParsedPattern", - modelProperties: { - patternTypeKey: { - serializedName: "patternTypeKey", + }, + patternTypeMetrics: { + serializedName: "patternTypeMetrics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricEntity" + } + } } }, - patternTypeValues: { - serializedName: "patternTypeValues", + sourceMetrics: { + serializedName: "sourceMetrics", type: { name: "Sequence", element: { type: { name: "Composite", - className: "ThreatIntelligenceParsedPatternTypeValue" + className: "ThreatIntelligenceMetricEntity" } } } @@ -2833,91 +3060,68 @@ export const ThreatIntelligenceParsedPattern: coreClient.CompositeMapper = { } }; -export const ThreatIntelligenceParsedPatternTypeValue: coreClient.CompositeMapper = { +export const ThreatIntelligenceMetricEntity: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceParsedPatternTypeValue", + className: "ThreatIntelligenceMetricEntity", modelProperties: { - valueType: { - serializedName: "valueType", + metricName: { + serializedName: "metricName", type: { name: "String" } }, - value: { - serializedName: "value", + metricValue: { + serializedName: "metricValue", type: { - name: "String" + name: "Number" } } } } }; -export const ThreatIntelligenceExternalReference: coreClient.CompositeMapper = { +export const ThreatIntelligenceAppendTags: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceExternalReference", + className: "ThreatIntelligenceAppendTags", modelProperties: { - description: { - serializedName: "description", - type: { - name: "String" - } - }, - externalId: { - serializedName: "externalId", - type: { - name: "String" - } - }, - sourceName: { - serializedName: "sourceName", - type: { - name: "String" - } - }, - url: { - serializedName: "url", - type: { - name: "String" - } - }, - hashes: { - serializedName: "hashes", + threatIntelligenceTags: { + serializedName: "threatIntelligenceTags", type: { - name: "Dictionary", - value: { type: { name: "String" } } + name: "Sequence", + element: { + type: { + name: "String" + } + } } } } } }; -export const ThreatIntelligenceGranularMarkingModel: coreClient.CompositeMapper = { +export const WatchlistList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceGranularMarkingModel", + className: "WatchlistList", modelProperties: { - language: { - serializedName: "language", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { name: "String" } }, - markingRef: { - serializedName: "markingRef", - type: { - name: "Number" - } - }, - selectors: { - serializedName: "selectors", + value: { + serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { - name: "String" + name: "Composite", + className: "Watchlist" } } } @@ -2926,26 +3130,39 @@ export const ThreatIntelligenceGranularMarkingModel: coreClient.CompositeMapper } }; -export const ThreatIntelligenceResourceKind: coreClient.CompositeMapper = { +export const WatchlistItemList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceResourceKind", + className: "WatchlistItemList", modelProperties: { - kind: { - serializedName: "kind", - required: true, + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { name: "String" } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "WatchlistItem" + } + } + } } } } }; -export const ThreatIntelligenceInformationList: coreClient.CompositeMapper = { +export const DataConnectorList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceInformationList", + className: "DataConnectorList", modelProperties: { nextLink: { serializedName: "nextLink", @@ -2962,7 +3179,7 @@ export const ThreatIntelligenceInformationList: coreClient.CompositeMapper = { element: { type: { name: "Composite", - className: "ThreatIntelligenceInformation" + className: "DataConnector" } } } @@ -2971,269 +3188,105 @@ export const ThreatIntelligenceInformationList: coreClient.CompositeMapper = { } }; -export const ThreatIntelligenceFilteringCriteria: coreClient.CompositeMapper = { +export const DataConnectorConnectBody: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceFilteringCriteria", + className: "DataConnectorConnectBody", modelProperties: { - pageSize: { - serializedName: "pageSize", - type: { - name: "Number" - } - }, - minConfidence: { - serializedName: "minConfidence", + kind: { + serializedName: "kind", type: { - name: "Number" + name: "String" } }, - maxConfidence: { - serializedName: "maxConfidence", + apiKey: { + serializedName: "apiKey", type: { - name: "Number" + name: "String" } }, - minValidUntil: { - serializedName: "minValidUntil", + clientSecret: { + serializedName: "clientSecret", type: { name: "String" } }, - maxValidUntil: { - serializedName: "maxValidUntil", + clientId: { + serializedName: "clientId", type: { name: "String" } }, - includeDisabled: { - serializedName: "includeDisabled", + authorizationCode: { + serializedName: "authorizationCode", type: { - name: "Boolean" + name: "String" } }, - sortBy: { - serializedName: "sortBy", + userName: { + serializedName: "userName", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceSortingCriteria" - } - } + name: "String" } }, - sources: { - serializedName: "sources", + password: { + serializedName: "password", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - patternTypes: { - serializedName: "patternTypes", + requestConfigUserInputValues: { + serializedName: "requestConfigUserInputValues", type: { name: "Sequence", element: { type: { - name: "String" + name: "Dictionary", + value: { type: { name: "any" } } } } } - }, - threatTypes: { - serializedName: "threatTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - ids: { - serializedName: "ids", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - keywords: { - serializedName: "keywords", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - skipToken: { - serializedName: "skipToken", - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligenceSortingCriteria: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceSortingCriteria", - modelProperties: { - itemKey: { - serializedName: "itemKey", - type: { - name: "String" - } - }, - sortOrder: { - serializedName: "sortOrder", - type: { - name: "String" - } } } } }; -export const ThreatIntelligenceMetricsList: coreClient.CompositeMapper = { +export const DataConnectorsCheckRequirements: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceMetricsList", + className: "DataConnectorsCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { - value: { - serializedName: "value", + kind: { + serializedName: "kind", required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetrics" - } - } - } - } - } - } -}; - -export const ThreatIntelligenceMetrics: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceMetrics", - modelProperties: { - properties: { - serializedName: "properties", - type: { - name: "Composite", - className: "ThreatIntelligenceMetric" - } - } - } - } -}; - -export const ThreatIntelligenceMetric: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceMetric", - modelProperties: { - lastUpdatedTimeUtc: { - serializedName: "lastUpdatedTimeUtc", type: { name: "String" } - }, - threatTypeMetrics: { - serializedName: "threatTypeMetrics", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricEntity" - } - } - } - }, - patternTypeMetrics: { - serializedName: "patternTypeMetrics", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricEntity" - } - } - } - }, - sourceMetrics: { - serializedName: "sourceMetrics", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricEntity" - } - } - } } } } }; -export const ThreatIntelligenceMetricEntity: coreClient.CompositeMapper = { +export const DataConnectorRequirementsState: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceMetricEntity", + className: "DataConnectorRequirementsState", modelProperties: { - metricName: { - serializedName: "metricName", + authorizationState: { + serializedName: "authorizationState", type: { name: "String" } }, - metricValue: { - serializedName: "metricValue", - type: { - name: "Number" - } - } - } - } -}; - -export const ThreatIntelligenceAppendTags: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceAppendTags", - modelProperties: { - threatIntelligenceTags: { - serializedName: "threatIntelligenceTags", + licenseState: { + serializedName: "licenseState", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } } } @@ -3336,64 +3389,6 @@ export const OperationDisplay: coreClient.CompositeMapper = { } }; -export const OfficeConsentList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeConsentList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "OfficeConsent" - } - } - } - } - } - } -}; - -export const EntityQueryTemplateList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryTemplateList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQueryTemplate" - } - } - } - } - } - } -}; - export const AlertRuleTemplateDataSource: coreClient.CompositeMapper = { type: { name: "Composite", @@ -3496,17 +3491,6 @@ export const QueryBasedAlertRuleTemplateProperties: coreClient.CompositeMapper = name: "String" } }, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, version: { serializedName: "version", type: { @@ -3624,19 +3608,250 @@ export const AlertDetailsOverride: coreClient.CompositeMapper = { } }; -export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreClient.CompositeMapper = { +export const FusionSourceSettings: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", + className: "FusionSourceSettings", modelProperties: { - displayNamesFilter: { - serializedName: "displayNamesFilter", + enabled: { + serializedName: "enabled", + required: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } + name: "Boolean" + } + }, + sourceName: { + serializedName: "sourceName", + required: true, + type: { + name: "String" + } + }, + sourceSubTypes: { + serializedName: "sourceSubTypes", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionSourceSubTypeSetting" + } + } + } + } + } + } +}; + +export const FusionSourceSubTypeSetting: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionSourceSubTypeSetting", + modelProperties: { + enabled: { + serializedName: "enabled", + required: true, + type: { + name: "Boolean" + } + }, + sourceSubTypeName: { + serializedName: "sourceSubTypeName", + required: true, + type: { + name: "String" + } + }, + sourceSubTypeDisplayName: { + serializedName: "sourceSubTypeDisplayName", + readOnly: true, + type: { + name: "String" + } + }, + severityFilters: { + serializedName: "severityFilters", + type: { + name: "Composite", + className: "FusionSubTypeSeverityFilter" + } + } + } + } +}; + +export const FusionSubTypeSeverityFilter: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionSubTypeSeverityFilter", + modelProperties: { + isSupported: { + serializedName: "isSupported", + readOnly: true, + type: { + name: "Boolean" + } + }, + filters: { + serializedName: "filters", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionSubTypeSeverityFiltersItem" + } + } + } + } + } + } +}; + +export const FusionSubTypeSeverityFiltersItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionSubTypeSeverityFiltersItem", + modelProperties: { + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + }, + enabled: { + serializedName: "enabled", + required: true, + type: { + name: "Boolean" + } + } + } + } +}; + +export const FusionScenarioExclusionPattern: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionScenarioExclusionPattern", + modelProperties: { + exclusionPattern: { + serializedName: "exclusionPattern", + required: true, + type: { + name: "String" + } + }, + dateAddedInUTC: { + serializedName: "dateAddedInUTC", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const FusionTemplateSourceSetting: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionTemplateSourceSetting", + modelProperties: { + sourceName: { + serializedName: "sourceName", + required: true, + type: { + name: "String" + } + }, + sourceSubTypes: { + serializedName: "sourceSubTypes", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionTemplateSourceSubType" + } + } + } + } + } + } +}; + +export const FusionTemplateSourceSubType: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionTemplateSourceSubType", + modelProperties: { + sourceSubTypeName: { + serializedName: "sourceSubTypeName", + required: true, + type: { + name: "String" + } + }, + sourceSubTypeDisplayName: { + serializedName: "sourceSubTypeDisplayName", + readOnly: true, + type: { + name: "String" + } + }, + severityFilter: { + serializedName: "severityFilter", + type: { + name: "Composite", + className: "FusionTemplateSubTypeSeverityFilter" + } + } + } + } +}; + +export const FusionTemplateSubTypeSeverityFilter: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionTemplateSubTypeSeverityFilter", + modelProperties: { + isSupported: { + serializedName: "isSupported", + required: true, + type: { + name: "Boolean" + } + }, + severityFilters: { + serializedName: "severityFilters", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", + modelProperties: { + displayNamesFilter: { + serializedName: "displayNamesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } } } }, @@ -3702,6 +3917,28 @@ export const QueryBasedAlertRuleProperties: coreClient.CompositeMapper = { name: "String" } }, + tactics: { + serializedName: "tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, displayName: { serializedName: "displayName", required: true, @@ -3743,17 +3980,6 @@ export const QueryBasedAlertRuleProperties: coreClient.CompositeMapper = { name: "String" } }, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, incidentConfiguration: { serializedName: "incidentConfiguration", type: { @@ -3940,48 +4166,46 @@ export const EventGroupingSettings: coreClient.CompositeMapper = { } }; -export const AutomationRuleRunPlaybookActionConfiguration: coreClient.CompositeMapper = { +export const IncidentPropertiesAction: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AutomationRuleRunPlaybookActionConfiguration", + className: "IncidentPropertiesAction", modelProperties: { - logicAppResourceId: { - serializedName: "logicAppResourceId", + severity: { + serializedName: "severity", type: { name: "String" } }, - tenantId: { - serializedName: "tenantId", + status: { + serializedName: "status", type: { name: "String" } - } - } - } -}; - -export const AutomationRuleModifyPropertiesActionConfiguration: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRuleModifyPropertiesActionConfiguration", - modelProperties: { + }, classification: { serializedName: "classification", type: { name: "String" } }, + classificationReason: { + serializedName: "classificationReason", + type: { + name: "String" + } + }, classificationComment: { serializedName: "classificationComment", type: { name: "String" } }, - classificationReason: { - serializedName: "classificationReason", + owner: { + serializedName: "owner", type: { - name: "String" + name: "Composite", + className: "IncidentOwnerInfo" } }, labels: { @@ -3995,34 +4219,15 @@ export const AutomationRuleModifyPropertiesActionConfiguration: coreClient.Compo } } } - }, - owner: { - serializedName: "owner", - type: { - name: "Composite", - className: "IncidentOwnerInfo" - } - }, - severity: { - serializedName: "severity", - type: { - name: "String" - } - }, - status: { - serializedName: "status", - type: { - name: "String" - } } } } }; -export const AutomationRulePropertyValuesConditionProperties: coreClient.CompositeMapper = { +export const AutomationRulePropertyValuesCondition: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AutomationRulePropertyValuesConditionProperties", + className: "AutomationRulePropertyValuesCondition", modelProperties: { propertyName: { serializedName: "propertyName", @@ -4051,16 +4256,22 @@ export const AutomationRulePropertyValuesConditionProperties: coreClient.Composi } }; -export const ActivityEntityQueriesPropertiesQueryDefinitions: coreClient.CompositeMapper = { +export const PlaybookActionProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ActivityEntityQueriesPropertiesQueryDefinitions", + className: "PlaybookActionProperties", modelProperties: { - query: { - serializedName: "query", + logicAppResourceId: { + serializedName: "logicAppResourceId", type: { name: "String" } + }, + tenantId: { + serializedName: "tenantId", + type: { + name: "Uuid" + } } } } @@ -4312,6 +4523,57 @@ export const InsightQueryItemPropertiesReferenceTimeRange: coreClient.CompositeM } }; +export const ActivityEntityQueriesPropertiesQueryDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActivityEntityQueriesPropertiesQueryDefinitions", + modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + } + } + } +}; + +export const ActivityEntityQueryTemplatePropertiesQueryDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions", + modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + }, + summarizeBy: { + serializedName: "summarizeBy", + type: { + name: "String" + } + } + } + } +}; + +export const DataTypeDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataTypeDefinitions", + modelProperties: { + dataType: { + serializedName: "dataType", + type: { + name: "String" + } + } + } + } +}; + export const Sku: coreClient.CompositeMapper = { type: { name: "Composite", @@ -4484,6 +4746,38 @@ export const Dynamics365DataConnectorDataTypes: coreClient.CompositeMapper = { } }; +export const Office365ProjectConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypesLogs" + } + } + } + } +}; + +export const OfficePowerBIConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypesLogs" + } + } + } + } +}; + export const OfficeDataConnectorDataTypes: coreClient.CompositeMapper = { type: { name: "Composite", @@ -5295,42 +5589,6 @@ export const CodelessConnectorPollingResponseProperties: coreClient.CompositeMap } }; -export const ActivityEntityQueryTemplatePropertiesQueryDefinitions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions", - modelProperties: { - query: { - serializedName: "query", - type: { - name: "String" - } - }, - summarizeBy: { - serializedName: "summarizeBy", - type: { - name: "String" - } - } - } - } -}; - -export const DataTypeDefinitions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataTypeDefinitions", - modelProperties: { - dataType: { - serializedName: "dataType", - type: { - name: "String" - } - } - } - } -}; - export const ThreatIntelligence: coreClient.CompositeMapper = { type: { name: "Composite", @@ -5502,20 +5760,21 @@ export const Entity: coreClient.CompositeMapper = { } }; -export const OfficeConsent: coreClient.CompositeMapper = { +export const EntityQueryTemplate: coreClient.CompositeMapper = { + serializedName: "EntityQueryTemplate", type: { name: "Composite", - className: "OfficeConsent", + className: "EntityQueryTemplate", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { ...Resource.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - consentId: { - serializedName: "properties.consentId", + kind: { + serializedName: "kind", + required: true, type: { name: "String" } @@ -5524,21 +5783,20 @@ export const OfficeConsent: coreClient.CompositeMapper = { } }; -export const EntityQueryTemplate: coreClient.CompositeMapper = { - serializedName: "EntityQueryTemplate", +export const OfficeConsent: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityQueryTemplate", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, + className: "OfficeConsent", modelProperties: { ...Resource.type.modelProperties, - kind: { - serializedName: "kind", - required: true, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + consentId: { + serializedName: "properties.consentId", type: { name: "String" } @@ -5580,11 +5838,11 @@ export const ActionRequestProperties: coreClient.CompositeMapper = { } }; -export const AutomationRulePropertyValuesCondition: coreClient.CompositeMapper = { +export const PropertyConditionProperties: coreClient.CompositeMapper = { serializedName: "Property", type: { name: "Composite", - className: "AutomationRulePropertyValuesCondition", + className: "PropertyConditionProperties", uberParent: "AutomationRuleCondition", polymorphicDiscriminator: AutomationRuleCondition.type.polymorphicDiscriminator, @@ -5594,18 +5852,18 @@ export const AutomationRulePropertyValuesCondition: coreClient.CompositeMapper = serializedName: "conditionProperties", type: { name: "Composite", - className: "AutomationRulePropertyValuesConditionProperties" + className: "AutomationRulePropertyValuesCondition" } } } } }; -export const AutomationRuleRunPlaybookAction: coreClient.CompositeMapper = { - serializedName: "RunPlaybook", +export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = { + serializedName: "ModifyProperties", type: { name: "Composite", - className: "AutomationRuleRunPlaybookAction", + className: "AutomationRuleModifyPropertiesAction", uberParent: "AutomationRuleAction", polymorphicDiscriminator: AutomationRuleAction.type.polymorphicDiscriminator, @@ -5615,18 +5873,18 @@ export const AutomationRuleRunPlaybookAction: coreClient.CompositeMapper = { serializedName: "actionConfiguration", type: { name: "Composite", - className: "AutomationRuleRunPlaybookActionConfiguration" + className: "IncidentPropertiesAction" } } } } }; -export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = { - serializedName: "ModifyProperties", +export const AutomationRuleRunPlaybookAction: coreClient.CompositeMapper = { + serializedName: "RunPlaybook", type: { name: "Composite", - className: "AutomationRuleModifyPropertiesAction", + className: "AutomationRuleRunPlaybookAction", uberParent: "AutomationRuleAction", polymorphicDiscriminator: AutomationRuleAction.type.polymorphicDiscriminator, @@ -5636,7 +5894,7 @@ export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = serializedName: "actionConfiguration", type: { name: "Composite", - className: "AutomationRuleModifyPropertiesActionConfiguration" + className: "PlaybookActionProperties" } } } @@ -7588,300 +7846,35 @@ export const UrlEntityProperties: coreClient.CompositeMapper = { } }; -export const AADCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureActiveDirectory", +export const ThreatIntelligenceIndicatorModelForRequestBody: coreClient.CompositeMapper = { + serializedName: "indicator", type: { name: "Composite", - className: "AADCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", + className: "ThreatIntelligenceIndicatorModelForRequestBody", + uberParent: "ThreatIntelligenceResourceKind", polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + ThreatIntelligenceResourceKind.type.polymorphicDiscriminator, modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + ...ThreatIntelligenceResourceKind.type.modelProperties, + etag: { + serializedName: "etag", type: { name: "String" } - } - } - } -}; - -export const AatpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureAdvancedThreatProtection", - type: { - name: "Composite", - className: "AatpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const ASCCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureSecurityCenter", - type: { - name: "Composite", - className: "ASCCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - subscriptionId: { - serializedName: "properties.subscriptionId", - type: { - name: "String" - } - } - } - } -}; - -export const AwsCloudTrailCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesCloudTrail", - type: { - name: "Composite", - className: "AwsCloudTrailCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties - } - } -}; - -export const AwsS3CheckRequirements: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesS3", - type: { - name: "Composite", - className: "AwsS3CheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties - } - } -}; - -export const Dynamics365CheckRequirements: coreClient.CompositeMapper = { - serializedName: "Dynamics365", - type: { - name: "Composite", - className: "Dynamics365CheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const McasCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftCloudAppSecurity", - type: { - name: "Composite", - className: "McasCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MdatpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftDefenderAdvancedThreatProtection", - type: { - name: "Composite", - className: "MdatpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MstiCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatIntelligence", - type: { - name: "Composite", - className: "MstiCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MtpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatProtection", - type: { - name: "Composite", - className: "MtpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const OfficeATPCheckRequirements: coreClient.CompositeMapper = { - serializedName: "OfficeATP", - type: { - name: "Composite", - className: "OfficeATPCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const OfficeIRMCheckRequirements: coreClient.CompositeMapper = { - serializedName: "OfficeIRM", - type: { - name: "Composite", - className: "OfficeIRMCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const TICheckRequirements: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligence", - type: { - name: "Composite", - className: "TICheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const TiTaxiiCheckRequirements: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligenceTaxii", - type: { - name: "Composite", - className: "TiTaxiiCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligenceIndicatorModelForRequestBody: coreClient.CompositeMapper = { - serializedName: "indicator", - type: { - name: "Composite", - className: "ThreatIntelligenceIndicatorModelForRequestBody", - modelProperties: { - ...ThreatIntelligenceResourceKind.type.modelProperties, - etag: { - serializedName: "etag", - type: { - name: "String" - } - }, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, + }, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { name: "String" } @@ -8114,8 +8107,10 @@ export const ThreatIntelligenceInformation: coreClient.CompositeMapper = { name: "Composite", className: "ThreatIntelligenceInformation", uberParent: "ThreatIntelligenceResourceKind", - polymorphicDiscriminator: - ThreatIntelligenceResourceKind.type.polymorphicDiscriminator, + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { ...ResourceWithEtag.type.modelProperties, ...ThreatIntelligenceResourceKind.type.modelProperties @@ -8123,21 +8118,333 @@ export const ThreatIntelligenceInformation: coreClient.CompositeMapper = { } }; -export const MLBehaviorAnalyticsAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { +export const AADCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureActiveDirectory", + type: { name: "Composite", - className: "MLBehaviorAnalyticsAlertRuleTemplateProperties", + className: "AADCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const AatpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureAdvancedThreatProtection", + type: { + name: "Composite", + className: "AatpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const ASCCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureSecurityCenter", + type: { + name: "Composite", + className: "ASCCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + subscriptionId: { + serializedName: "properties.subscriptionId", + type: { + name: "String" + } + } + } + } +}; + +export const AwsCloudTrailCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AmazonWebServicesCloudTrail", + type: { + name: "Composite", + className: "AwsCloudTrailCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties + } + } +}; + +export const AwsS3CheckRequirements: coreClient.CompositeMapper = { + serializedName: "AmazonWebServicesS3", + type: { + name: "Composite", + className: "AwsS3CheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties + } + } +}; + +export const Dynamics365CheckRequirements: coreClient.CompositeMapper = { + serializedName: "Dynamics365", + type: { + name: "Composite", + className: "Dynamics365CheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { name: "String" } + } + } + } +}; + +export const McasCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftCloudAppSecurity", + type: { + name: "Composite", + className: "McasCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MdatpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftDefenderAdvancedThreatProtection", + type: { + name: "Composite", + className: "MdatpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MstiCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftThreatIntelligence", + type: { + name: "Composite", + className: "MstiCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MtpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftThreatProtection", + type: { + name: "Composite", + className: "MtpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficeATPCheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficeATP", + type: { + name: "Composite", + className: "OfficeATPCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficeIRMCheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficeIRM", + type: { + name: "Composite", + className: "OfficeIRMCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const Office365ProjectCheckRequirements: coreClient.CompositeMapper = { + serializedName: "Office365Project", + type: { + name: "Composite", + className: "Office365ProjectCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficePowerBICheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficePowerBI", + type: { + name: "Composite", + className: "OfficePowerBICheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const TICheckRequirements: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligence", + type: { + name: "Composite", + className: "TICheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const TiTaxiiCheckRequirements: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligenceTaxii", + type: { + name: "Composite", + className: "TiTaxiiCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const AlertRuleTemplateWithMitreProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AlertRuleTemplateWithMitreProperties", + modelProperties: { + ...AlertRuleTemplatePropertiesBase.type.modelProperties, + tactics: { + serializedName: "tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } }, - tactics: { - serializedName: "tactics", + techniques: { + serializedName: "techniques", type: { name: "Sequence", element: { @@ -8151,21 +8458,25 @@ export const MLBehaviorAnalyticsAlertRuleTemplateProperties: coreClient.Composit } }; -export const FusionAlertRuleTemplateProperties: coreClient.CompositeMapper = { +export const MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "FusionAlertRuleTemplateProperties", + className: "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", modelProperties: { ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, + displayNamesFilter: { + serializedName: "displayNamesFilter", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - tactics: { - serializedName: "tactics", + displayNamesExcludeFilter: { + serializedName: "displayNamesExcludeFilter", type: { name: "Sequence", element: { @@ -8174,26 +8485,15 @@ export const FusionAlertRuleTemplateProperties: coreClient.CompositeMapper = { } } } - } - } - } -}; - -export const ThreatIntelligenceAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, + }, + productFilter: { + serializedName: "productFilter", type: { name: "String" } }, - tactics: { - serializedName: "tactics", + severitiesFilter: { + serializedName: "severitiesFilter", type: { name: "Sequence", element: { @@ -8207,24 +8507,12 @@ export const ThreatIntelligenceAlertRuleTemplateProperties: coreClient.Composite } }; -export const MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - ...MicrosoftSecurityIncidentCreationAlertRuleCommonProperties.type - .modelProperties - } - } -}; - export const ScheduledAlertRuleTemplateProperties: coreClient.CompositeMapper = { type: { name: "Composite", className: "ScheduledAlertRuleTemplateProperties", modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, ...QueryBasedAlertRuleTemplateProperties.type.modelProperties, ...ScheduledAlertRuleCommonProperties.type.modelProperties } @@ -8236,7 +8524,7 @@ export const NrtAlertRuleTemplateProperties: coreClient.CompositeMapper = { name: "Composite", className: "NrtAlertRuleTemplateProperties", modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, ...QueryBasedAlertRuleTemplateProperties.type.modelProperties } } @@ -8308,7 +8596,6 @@ export const NrtAlertRuleProperties: coreClient.CompositeMapper = { }; export const InsightQueryItemProperties: coreClient.CompositeMapper = { - serializedName: "Insight", type: { name: "Composite", className: "InsightQueryItemProperties", @@ -8461,6 +8748,26 @@ export const OfficeIRMCheckRequirementsProperties: coreClient.CompositeMapper = } }; +export const Office365ProjectCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const OfficePowerBICheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBICheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + export const TICheckRequirementsProperties: coreClient.CompositeMapper = { type: { name: "Composite", @@ -8582,6 +8889,40 @@ export const OfficeATPDataConnectorProperties: coreClient.CompositeMapper = { } }; +export const Office365ProjectDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypes" + } + } + } + } +}; + +export const OfficePowerBIDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBIDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypes" + } + } + } + } +}; + export const OfficeIRMDataConnectorProperties: coreClient.CompositeMapper = { type: { name: "Composite", @@ -8820,6 +9161,26 @@ export const Dynamics365DataConnectorDataTypesDynamics365CdsActivities: coreClie } }; +export const Office365ProjectConnectorDataTypesLogs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypesLogs", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const OfficePowerBIConnectorDataTypesLogs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypesLogs", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + export const OfficeDataConnectorDataTypesExchange: coreClient.CompositeMapper = { type: { name: "Composite", @@ -9025,12 +9386,14 @@ export const AutomationRule: coreClient.CompositeMapper = { ...ResourceWithEtag.type.modelProperties, displayName: { serializedName: "properties.displayName", + required: true, type: { name: "String" } }, order: { serializedName: "properties.order", + required: true, type: { name: "Number" } @@ -9044,6 +9407,7 @@ export const AutomationRule: coreClient.CompositeMapper = { }, actions: { serializedName: "properties.actions", + required: true, type: { name: "Sequence", element: { @@ -9054,29 +9418,29 @@ export const AutomationRule: coreClient.CompositeMapper = { } } }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", readOnly: true, type: { name: "DateTime" } }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", readOnly: true, type: { name: "DateTime" } }, - createdBy: { - serializedName: "properties.createdBy", + lastModifiedBy: { + serializedName: "properties.lastModifiedBy", type: { name: "Composite", className: "ClientInfo" } }, - lastModifiedBy: { - serializedName: "properties.lastModifiedBy", + createdBy: { + serializedName: "properties.createdBy", type: { name: "Composite", className: "ClientInfo" @@ -9177,6 +9541,40 @@ export const Bookmark: coreClient.CompositeMapper = { name: "Composite", className: "IncidentInfo" } + }, + entityMappings: { + serializedName: "properties.entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "BookmarkEntityMappings" + } + } + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -10025,14 +10423,19 @@ export const MLBehaviorAnalyticsAlertRuleTemplate: coreClient.CompositeMapper = name: "String" } }, - severity: { - serializedName: "properties.severity", + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - tactics: { - serializedName: "properties.tactics", + techniques: { + serializedName: "properties.techniques", type: { name: "Sequence", element: { @@ -10041,6 +10444,12 @@ export const MLBehaviorAnalyticsAlertRuleTemplate: coreClient.CompositeMapper = } } } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } } } } @@ -10105,19 +10514,42 @@ export const FusionAlertRuleTemplate: coreClient.CompositeMapper = { name: "String" } }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, severity: { serializedName: "properties.severity", type: { name: "String" } }, - tactics: { - serializedName: "properties.tactics", + sourceSettings: { + serializedName: "properties.sourceSettings", type: { name: "Sequence", element: { type: { - name: "String" + name: "Composite", + className: "FusionTemplateSourceSetting" } } } @@ -10185,14 +10617,19 @@ export const ThreatIntelligenceAlertRuleTemplate: coreClient.CompositeMapper = { name: "String" } }, - severity: { - serializedName: "properties.severity", + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - tactics: { - serializedName: "properties.tactics", + techniques: { + serializedName: "properties.techniques", type: { name: "Sequence", element: { @@ -10201,6 +10638,12 @@ export const ThreatIntelligenceAlertRuleTemplate: coreClient.CompositeMapper = { } } } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } } } } @@ -10367,27 +10810,38 @@ export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { name: "String" } }, - query: { - serializedName: "properties.query", + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - severity: { - serializedName: "properties.severity", + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + query: { + serializedName: "properties.query", type: { name: "String" } }, - tactics: { - serializedName: "properties.tactics", + severity: { + serializedName: "properties.severity", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, version: { @@ -10517,20 +10971,19 @@ export const NrtAlertRuleTemplate: coreClient.CompositeMapper = { name: "String" } }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - severity: { - serializedName: "properties.severity", + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - tactics: { - serializedName: "properties.tactics", + techniques: { + serializedName: "properties.techniques", type: { name: "Sequence", element: { @@ -10540,6 +10993,18 @@ export const NrtAlertRuleTemplate: coreClient.CompositeMapper = { } } }, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, version: { serializedName: "properties.version", type: { @@ -12817,6 +13282,68 @@ export const ThreatIntelligenceIndicatorModel: coreClient.CompositeMapper = { } }; +export const MLBehaviorAnalyticsAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MLBehaviorAnalyticsAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const FusionAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, + severity: { + serializedName: "severity", + type: { + name: "String" + } + }, + sourceSettings: { + serializedName: "sourceSettings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionTemplateSourceSetting" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + } + } + } +}; + export const PermissionsCustomsItem: coreClient.CompositeMapper = { type: { name: "Composite", @@ -12887,6 +13414,18 @@ export const MLBehaviorAnalyticsAlertRule: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "properties.techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -12927,6 +13466,30 @@ export const FusionAlertRule: coreClient.CompositeMapper = { name: "Boolean" } }, + sourceSettings: { + serializedName: "properties.sourceSettings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionSourceSettings" + } + } + } + }, + scenarioExclusionPatterns: { + serializedName: "properties.scenarioExclusionPatterns", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionScenarioExclusionPattern" + } + } + } + }, lastModifiedUtc: { serializedName: "properties.lastModifiedUtc", readOnly: true, @@ -12952,6 +13515,18 @@ export const FusionAlertRule: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "properties.techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -13017,6 +13592,18 @@ export const ThreatIntelligenceAlertRule: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "properties.techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -13170,6 +13757,28 @@ export const ScheduledAlertRule: coreClient.CompositeMapper = { name: "String" } }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, displayName: { serializedName: "properties.displayName", type: { @@ -13207,17 +13816,6 @@ export const ScheduledAlertRule: coreClient.CompositeMapper = { name: "String" } }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, incidentConfiguration: { serializedName: "properties.incidentConfiguration", type: { @@ -13288,6 +13886,28 @@ export const NrtAlertRule: coreClient.CompositeMapper = { name: "String" } }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, displayName: { serializedName: "properties.displayName", type: { @@ -13325,17 +13945,6 @@ export const NrtAlertRule: coreClient.CompositeMapper = { name: "String" } }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, incidentConfiguration: { serializedName: "properties.incidentConfiguration", type: { @@ -13988,6 +14597,58 @@ export const OfficeATPDataConnector: coreClient.CompositeMapper = { } }; +export const Office365ProjectDataConnector: coreClient.CompositeMapper = { + serializedName: "Office365Project", + type: { + name: "Composite", + className: "Office365ProjectDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypes" + } + } + } + } +}; + +export const OfficePowerBIDataConnector: coreClient.CompositeMapper = { + serializedName: "OfficePowerBI", + type: { + name: "Composite", + className: "OfficePowerBIDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypes" + } + } + } + } +}; + export const OfficeIRMDataConnector: coreClient.CompositeMapper = { serializedName: "OfficeIRM", type: { @@ -14227,17 +14888,20 @@ export let discriminators = { AutomationRuleAction: AutomationRuleAction, EntityTimelineItem: EntityTimelineItem, EntityQueryItem: EntityQueryItem, + ThreatIntelligenceResourceKind: ThreatIntelligenceResourceKind, DataConnectorsCheckRequirements: DataConnectorsCheckRequirements, "Resource.AlertRuleTemplate": AlertRuleTemplate, "Resource.Entity": Entity, "Resource.EntityQueryTemplate": EntityQueryTemplate, - "AutomationRuleCondition.Property": AutomationRulePropertyValuesCondition, - "AutomationRuleAction.RunPlaybook": AutomationRuleRunPlaybookAction, + "AutomationRuleCondition.Property": PropertyConditionProperties, "AutomationRuleAction.ModifyProperties": AutomationRuleModifyPropertiesAction, + "AutomationRuleAction.RunPlaybook": AutomationRuleRunPlaybookAction, "EntityTimelineItem.Activity": ActivityTimelineItem, "EntityTimelineItem.Bookmark": BookmarkTimelineItem, "EntityTimelineItem.SecurityAlert": SecurityAlertTimelineItem, "EntityQueryItem.Insight": InsightQueryItem, + "ThreatIntelligenceResourceKind.indicator": ThreatIntelligenceIndicatorModel, + "ThreatIntelligenceResourceKind.ThreatIntelligenceInformation": ThreatIntelligenceInformation, "DataConnectorsCheckRequirements.AzureActiveDirectory": AADCheckRequirements, "DataConnectorsCheckRequirements.AzureAdvancedThreatProtection": AatpCheckRequirements, "DataConnectorsCheckRequirements.AzureSecurityCenter": ASCCheckRequirements, @@ -14250,9 +14914,10 @@ export let discriminators = { "DataConnectorsCheckRequirements.MicrosoftThreatProtection": MtpCheckRequirements, "DataConnectorsCheckRequirements.OfficeATP": OfficeATPCheckRequirements, "DataConnectorsCheckRequirements.OfficeIRM": OfficeIRMCheckRequirements, + "DataConnectorsCheckRequirements.Office365Project": Office365ProjectCheckRequirements, + "DataConnectorsCheckRequirements.OfficePowerBI": OfficePowerBICheckRequirements, "DataConnectorsCheckRequirements.ThreatIntelligence": TICheckRequirements, "DataConnectorsCheckRequirements.ThreatIntelligenceTaxii": TiTaxiiCheckRequirements, - "ThreatIntelligenceResourceKind.ThreatIntelligenceInformation": ThreatIntelligenceInformation, "Resource.AlertRule": AlertRule, "Resource.EntityQuery": EntityQuery, "Resource.CustomEntityQuery": CustomEntityQuery, @@ -14286,7 +14951,6 @@ export let discriminators = { "Resource.SubmissionMail": SubmissionMailEntity, "Resource.Url": UrlEntity, "Resource.Activity": ActivityCustomEntityQuery, - "ThreatIntelligenceResourceKind.indicator": ThreatIntelligenceIndicatorModel, "Resource.Expansion": ExpansionEntityQuery, "Resource.Anomalies": Anomalies, "Resource.EyesOn": EyesOn, @@ -14302,6 +14966,8 @@ export let discriminators = { "Resource.MicrosoftCloudAppSecurity": McasDataConnector, "Resource.Dynamics365": Dynamics365DataConnector, "Resource.OfficeATP": OfficeATPDataConnector, + "Resource.Office365Project": Office365ProjectDataConnector, + "Resource.OfficePowerBI": OfficePowerBIDataConnector, "Resource.OfficeIRM": OfficeIRMDataConnector, "Resource.MicrosoftDefenderAdvancedThreatProtection": MdatpDataConnector, "Resource.Office365": OfficeDataConnector, diff --git a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts index f9957be1f9cd..91baa3c58ce8 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts @@ -15,29 +15,30 @@ import { AlertRule as AlertRuleMapper, ActionRequest as ActionRequestMapper, AutomationRule as AutomationRuleMapper, + ManualTriggerRequestBody as ManualTriggerRequestBodyMapper, + Incident as IncidentMapper, + TeamProperties as TeamPropertiesMapper, Bookmark as BookmarkMapper, Relation as RelationMapper, BookmarkExpandParameters as BookmarkExpandParametersMapper, - CustomEntityQuery as CustomEntityQueryMapper, EntityExpandParameters as EntityExpandParametersMapper, EntityGetInsightsParameters as EntityGetInsightsParametersMapper, EntityTimelineParameters as EntityTimelineParametersMapper, - Incident as IncidentMapper, - TeamProperties as TeamPropertiesMapper, + CustomEntityQuery as CustomEntityQueryMapper, IncidentComment as IncidentCommentMapper, MetadataModel as MetadataModelMapper, MetadataPatch as MetadataPatchMapper, SentinelOnboardingState as SentinelOnboardingStateMapper, Settings as SettingsMapper, SourceControl as SourceControlMapper, + ThreatIntelligenceIndicatorModelForRequestBody as ThreatIntelligenceIndicatorModelForRequestBodyMapper, + ThreatIntelligenceFilteringCriteria as ThreatIntelligenceFilteringCriteriaMapper, + ThreatIntelligenceAppendTags as ThreatIntelligenceAppendTagsMapper, Watchlist as WatchlistMapper, WatchlistItem as WatchlistItemMapper, DataConnector as DataConnectorMapper, DataConnectorConnectBody as DataConnectorConnectBodyMapper, - DataConnectorsCheckRequirements as DataConnectorsCheckRequirementsMapper, - ThreatIntelligenceIndicatorModelForRequestBody as ThreatIntelligenceIndicatorModelForRequestBodyMapper, - ThreatIntelligenceFilteringCriteria as ThreatIntelligenceFilteringCriteriaMapper, - ThreatIntelligenceAppendTags as ThreatIntelligenceAppendTagsMapper + DataConnectorsCheckRequirements as DataConnectorsCheckRequirementsMapper } from "../models/mappers"; export const accept: OperationParameter = { @@ -67,7 +68,7 @@ export const $host: OperationURLParameter = { export const apiVersion: OperationQueryParameter = { parameterPath: "apiVersion", mapper: { - defaultValue: "2021-09-01-preview", + defaultValue: "2021-10-01-preview", isConstant: true, serializedName: "api-version", type: { @@ -198,15 +199,20 @@ export const automationRuleId: OperationURLParameter = { } }; -export const automationRule: OperationParameter = { - parameterPath: "automationRule", +export const automationRuleToUpsert: OperationParameter = { + parameterPath: ["options", "automationRuleToUpsert"], mapper: AutomationRuleMapper }; -export const bookmarkId: OperationURLParameter = { - parameterPath: "bookmarkId", +export const requestBody: OperationParameter = { + parameterPath: ["options", "requestBody"], + mapper: ManualTriggerRequestBodyMapper +}; + +export const incidentIdentifier: OperationURLParameter = { + parameterPath: "incidentIdentifier", mapper: { - serializedName: "bookmarkId", + serializedName: "incidentIdentifier", required: true, type: { name: "String" @@ -214,11 +220,6 @@ export const bookmarkId: OperationURLParameter = { } }; -export const bookmark: OperationParameter = { - parameterPath: "bookmark", - mapper: BookmarkMapper -}; - export const filter: OperationQueryParameter = { parameterPath: ["options", "filter"], mapper: { @@ -259,10 +260,10 @@ export const skipToken: OperationQueryParameter = { } }; -export const relationName: OperationURLParameter = { - parameterPath: "relationName", +export const incidentId: OperationURLParameter = { + parameterPath: "incidentId", mapper: { - serializedName: "relationName", + serializedName: "incidentId", required: true, type: { name: "String" @@ -270,20 +271,20 @@ export const relationName: OperationURLParameter = { } }; -export const relation: OperationParameter = { - parameterPath: "relation", - mapper: RelationMapper +export const incident: OperationParameter = { + parameterPath: "incident", + mapper: IncidentMapper }; -export const parameters: OperationParameter = { - parameterPath: "parameters", - mapper: BookmarkExpandParametersMapper +export const teamProperties: OperationParameter = { + parameterPath: "teamProperties", + mapper: TeamPropertiesMapper }; -export const ipAddress: OperationQueryParameter = { - parameterPath: "ipAddress", +export const bookmarkId: OperationURLParameter = { + parameterPath: "bookmarkId", mapper: { - serializedName: "ipAddress", + serializedName: "bookmarkId", required: true, type: { name: "String" @@ -291,10 +292,15 @@ export const ipAddress: OperationQueryParameter = { } }; -export const domain: OperationQueryParameter = { - parameterPath: "domain", +export const bookmark: OperationParameter = { + parameterPath: "bookmark", + mapper: BookmarkMapper +}; + +export const relationName: OperationURLParameter = { + parameterPath: "relationName", mapper: { - serializedName: "domain", + serializedName: "relationName", required: true, type: { name: "String" @@ -302,20 +308,31 @@ export const domain: OperationQueryParameter = { } }; -export const kind: OperationQueryParameter = { - parameterPath: ["options", "kind"], +export const relation: OperationParameter = { + parameterPath: "relation", + mapper: RelationMapper +}; + +export const parameters: OperationParameter = { + parameterPath: "parameters", + mapper: BookmarkExpandParametersMapper +}; + +export const ipAddress: OperationQueryParameter = { + parameterPath: "ipAddress", mapper: { - serializedName: "kind", + serializedName: "ipAddress", + required: true, type: { name: "String" } } }; -export const entityQueryId: OperationURLParameter = { - parameterPath: "entityQueryId", +export const domain: OperationQueryParameter = { + parameterPath: "domain", mapper: { - serializedName: "entityQueryId", + serializedName: "domain", required: true, type: { name: "String" @@ -323,11 +340,6 @@ export const entityQueryId: OperationURLParameter = { } }; -export const entityQuery: OperationParameter = { - parameterPath: "entityQuery", - mapper: CustomEntityQueryMapper -}; - export const entityId: OperationURLParameter = { parameterPath: "entityId", mapper: { @@ -344,7 +356,7 @@ export const parameters1: OperationParameter = { mapper: EntityExpandParametersMapper }; -export const kind1: OperationQueryParameter = { +export const kind: OperationQueryParameter = { parameterPath: "kind", mapper: { serializedName: "kind", @@ -365,10 +377,20 @@ export const parameters3: OperationParameter = { mapper: EntityTimelineParametersMapper }; -export const incidentId: OperationURLParameter = { - parameterPath: "incidentId", +export const kind1: OperationQueryParameter = { + parameterPath: ["options", "kind"], mapper: { - serializedName: "incidentId", + serializedName: "kind", + type: { + name: "String" + } + } +}; + +export const entityQueryId: OperationURLParameter = { + parameterPath: "entityQueryId", + mapper: { + serializedName: "entityQueryId", required: true, type: { name: "String" @@ -376,14 +398,32 @@ export const incidentId: OperationURLParameter = { } }; -export const incident: OperationParameter = { - parameterPath: "incident", - mapper: IncidentMapper +export const entityQuery: OperationParameter = { + parameterPath: "entityQuery", + mapper: CustomEntityQueryMapper }; -export const teamProperties: OperationParameter = { - parameterPath: "teamProperties", - mapper: TeamPropertiesMapper +export const kind2: OperationQueryParameter = { + parameterPath: ["options", "kind"], + mapper: { + defaultValue: "Activity", + isConstant: true, + serializedName: "kind", + type: { + name: "String" + } + } +}; + +export const entityQueryTemplateId: OperationURLParameter = { + parameterPath: "entityQueryTemplateId", + mapper: { + serializedName: "entityQueryTemplateId", + required: true, + type: { + name: "String" + } + } }; export const incidentCommentId: OperationURLParameter = { @@ -433,6 +473,17 @@ export const metadataPatch: OperationParameter = { mapper: MetadataPatchMapper }; +export const consentId: OperationURLParameter = { + parameterPath: "consentId", + mapper: { + serializedName: "consentId", + required: true, + type: { + name: "String" + } + } +}; + export const sentinelOnboardingStateName: OperationURLParameter = { parameterPath: "sentinelOnboardingStateName", mapper: { @@ -492,6 +543,37 @@ export const sourceControl: OperationParameter = { mapper: SourceControlMapper }; +export const threatIntelligenceProperties: OperationParameter = { + parameterPath: "threatIntelligenceProperties", + mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper +}; + +export const name: OperationURLParameter = { + parameterPath: "name", + mapper: { + serializedName: "name", + required: true, + type: { + name: "String" + } + } +}; + +export const threatIntelligenceFilteringCriteria: OperationParameter = { + parameterPath: "threatIntelligenceFilteringCriteria", + mapper: ThreatIntelligenceFilteringCriteriaMapper +}; + +export const threatIntelligenceAppendTags: OperationParameter = { + parameterPath: "threatIntelligenceAppendTags", + mapper: ThreatIntelligenceAppendTagsMapper +}; + +export const threatIntelligenceReplaceTags: OperationParameter = { + parameterPath: "threatIntelligenceReplaceTags", + mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper +}; + export const watchlistAlias: OperationURLParameter = { parameterPath: "watchlistAlias", mapper: { @@ -549,68 +631,3 @@ export const dataConnectorsCheckRequirements: OperationParameter = { parameterPath: "dataConnectorsCheckRequirements", mapper: DataConnectorsCheckRequirementsMapper }; - -export const threatIntelligenceProperties: OperationParameter = { - parameterPath: "threatIntelligenceProperties", - mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper -}; - -export const name: OperationURLParameter = { - parameterPath: "name", - mapper: { - serializedName: "name", - required: true, - type: { - name: "String" - } - } -}; - -export const threatIntelligenceFilteringCriteria: OperationParameter = { - parameterPath: "threatIntelligenceFilteringCriteria", - mapper: ThreatIntelligenceFilteringCriteriaMapper -}; - -export const threatIntelligenceAppendTags: OperationParameter = { - parameterPath: "threatIntelligenceAppendTags", - mapper: ThreatIntelligenceAppendTagsMapper -}; - -export const threatIntelligenceReplaceTags: OperationParameter = { - parameterPath: "threatIntelligenceReplaceTags", - mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper -}; - -export const consentId: OperationURLParameter = { - parameterPath: "consentId", - mapper: { - serializedName: "consentId", - required: true, - type: { - name: "String" - } - } -}; - -export const kind2: OperationQueryParameter = { - parameterPath: ["options", "kind"], - mapper: { - defaultValue: "Activity", - isConstant: true, - serializedName: "kind", - type: { - name: "String" - } - } -}; - -export const entityQueryTemplateId: OperationURLParameter = { - parameterPath: "entityQueryTemplateId", - mapper: { - serializedName: "entityQueryTemplateId", - required: true, - type: { - name: "String" - } - } -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts index 55f54bf28e69..9e885d622466 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts @@ -16,12 +16,13 @@ import { AutomationRule, AutomationRulesListNextOptionalParams, AutomationRulesListOptionalParams, - AutomationRulesListResponse, AutomationRulesGetOptionalParams, AutomationRulesGetResponse, AutomationRulesCreateOrUpdateOptionalParams, AutomationRulesCreateOrUpdateResponse, AutomationRulesDeleteOptionalParams, + AutomationRulesDeleteResponse, + AutomationRulesListResponse, AutomationRulesListNextResponse } from "../models"; @@ -97,23 +98,6 @@ export class AutomationRulesImpl implements AutomationRules { } } - /** - * Gets all automation rules. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: AutomationRulesListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - /** * Gets the automation rule. * @param resourceGroupName The name of the resource group. The name is case insensitive. @@ -138,24 +122,16 @@ export class AutomationRulesImpl implements AutomationRules { * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID - * @param automationRule The automation rule * @param options The options parameters. */ createOrUpdate( resourceGroupName: string, workspaceName: string, automationRuleId: string, - automationRule: AutomationRule, options?: AutomationRulesCreateOrUpdateOptionalParams ): Promise { return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - automationRuleId, - automationRule, - options - }, + { resourceGroupName, workspaceName, automationRuleId, options }, createOrUpdateOperationSpec ); } @@ -172,13 +148,30 @@ export class AutomationRulesImpl implements AutomationRules { workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams - ): Promise { + ): Promise { return this.client.sendOperationRequest( { resourceGroupName, workspaceName, automationRuleId, options }, deleteOperationSpec ); } + /** + * Gets all automation rules. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: AutomationRulesListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + /** * ListNext * @param resourceGroupName The name of the resource group. The name is case insensitive. @@ -201,13 +194,13 @@ export class AutomationRulesImpl implements AutomationRules { // Operation Specifications const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); -const listOperationSpec: coreClient.OperationSpec = { +const getOperationSpec: coreClient.OperationSpec = { path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", httpMethod: "GET", responses: { 200: { - bodyMapper: Mappers.AutomationRulesList + bodyMapper: Mappers.AutomationRule }, default: { bodyMapper: Mappers.CloudError @@ -218,23 +211,28 @@ const listOperationSpec: coreClient.OperationSpec = { Parameters.$host, Parameters.subscriptionId, Parameters.resourceGroupName, - Parameters.workspaceName + Parameters.workspaceName, + Parameters.automationRuleId ], headerParameters: [Parameters.accept], serializer }; -const getOperationSpec: coreClient.OperationSpec = { +const createOrUpdateOperationSpec: coreClient.OperationSpec = { path: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "GET", + httpMethod: "PUT", responses: { 200: { bodyMapper: Mappers.AutomationRule }, + 201: { + bodyMapper: Mappers.AutomationRule + }, default: { bodyMapper: Mappers.CloudError } }, + requestBody: Parameters.automationRuleToUpsert, queryParameters: [Parameters.apiVersion], urlParameters: [ Parameters.$host, @@ -243,25 +241,29 @@ const getOperationSpec: coreClient.OperationSpec = { Parameters.workspaceName, Parameters.automationRuleId ], - headerParameters: [Parameters.accept], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", serializer }; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { +const deleteOperationSpec: coreClient.OperationSpec = { path: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "PUT", + httpMethod: "DELETE", responses: { 200: { - bodyMapper: Mappers.AutomationRule + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } }, - 201: { - bodyMapper: Mappers.AutomationRule + 204: { + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } }, default: { bodyMapper: Mappers.CloudError } }, - requestBody: Parameters.automationRule, queryParameters: [Parameters.apiVersion], urlParameters: [ Parameters.$host, @@ -270,17 +272,17 @@ const createOrUpdateOperationSpec: coreClient.OperationSpec = { Parameters.workspaceName, Parameters.automationRuleId ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", + headerParameters: [Parameters.accept], serializer }; -const deleteOperationSpec: coreClient.OperationSpec = { +const listOperationSpec: coreClient.OperationSpec = { path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "DELETE", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules", + httpMethod: "GET", responses: { - 200: {}, - 204: {}, + 200: { + bodyMapper: Mappers.AutomationRulesList + }, default: { bodyMapper: Mappers.CloudError } @@ -290,8 +292,7 @@ const deleteOperationSpec: coreClient.OperationSpec = { Parameters.$host, Parameters.subscriptionId, Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.automationRuleId + Parameters.workspaceName ], headerParameters: [Parameters.accept], serializer diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts index 82199b6e0cb2..ff60c1cc995f 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts @@ -352,7 +352,7 @@ const connectOperationSpec: coreClient.OperationSpec = { responses: { 200: {}, default: { - bodyMapper: Mappers.ErrorResponse + bodyMapper: Mappers.CloudError } }, requestBody: Parameters.connectBody, @@ -375,7 +375,7 @@ const disconnectOperationSpec: coreClient.OperationSpec = { responses: { 200: {}, default: { - bodyMapper: Mappers.ErrorResponse + bodyMapper: Mappers.CloudError } }, queryParameters: [Parameters.apiVersion], diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts index c29d5caa98b8..3f01a3174daa 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts @@ -306,7 +306,7 @@ const queriesOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion, Parameters.kind1], + queryParameters: [Parameters.apiVersion, Parameters.kind], urlParameters: [ Parameters.$host, Parameters.subscriptionId, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts index 85592e81dda7..21190c27d569 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts @@ -208,7 +208,7 @@ const listOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion, Parameters.kind], + queryParameters: [Parameters.apiVersion, Parameters.kind1], urlParameters: [ Parameters.$host, Parameters.subscriptionId, @@ -302,7 +302,7 @@ const listNextOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion, Parameters.kind], + queryParameters: [Parameters.apiVersion, Parameters.kind1], urlParameters: [ Parameters.$host, Parameters.subscriptionId, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts index 86c73b551a2f..c58d9e3de7af 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts @@ -280,8 +280,8 @@ const getOperationSpec: coreClient.OperationSpec = { Parameters.subscriptionId, Parameters.resourceGroupName, Parameters.workspaceName, - Parameters.relationName, - Parameters.incidentId + Parameters.incidentId, + Parameters.relationName ], headerParameters: [Parameters.accept], serializer @@ -308,8 +308,8 @@ const createOrUpdateOperationSpec: coreClient.OperationSpec = { Parameters.subscriptionId, Parameters.resourceGroupName, Parameters.workspaceName, - Parameters.relationName, - Parameters.incidentId + Parameters.incidentId, + Parameters.relationName ], headerParameters: [Parameters.accept, Parameters.contentType], mediaType: "json", @@ -332,8 +332,8 @@ const deleteOperationSpec: coreClient.OperationSpec = { Parameters.subscriptionId, Parameters.resourceGroupName, Parameters.workspaceName, - Parameters.relationName, - Parameters.incidentId + Parameters.incidentId, + Parameters.relationName ], headerParameters: [Parameters.accept], serializer diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts index ad5f24a076f9..3cf9b36c40ec 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts @@ -16,6 +16,8 @@ import { Incident, IncidentsListNextOptionalParams, IncidentsListOptionalParams, + IncidentsRunPlaybookOptionalParams, + IncidentsRunPlaybookResponse, IncidentsListResponse, IncidentsGetOptionalParams, IncidentsGetResponse, @@ -106,6 +108,25 @@ export class IncidentsImpl implements Incidents { } } + /** + * Triggers playbook on a specific incident + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentIdentifier + * @param options The options parameters. + */ + runPlaybook( + resourceGroupName: string, + workspaceName: string, + incidentIdentifier: string, + options?: IncidentsRunPlaybookOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentIdentifier, options }, + runPlaybookOperationSpec + ); + } + /** * Gets all incidents. * @param resourceGroupName The name of the resource group. The name is case insensitive. @@ -283,6 +304,33 @@ export class IncidentsImpl implements Incidents { // Operation Specifications const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); +const runPlaybookOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook", + httpMethod: "POST", + responses: { + 204: { + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.requestBody, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentIdentifier + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; const listOperationSpec: coreClient.OperationSpec = { path: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents", diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts index 1cf716300f95..2fb99b67a9bb 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts @@ -10,31 +10,31 @@ export * from "./alertRules"; export * from "./actions"; export * from "./alertRuleTemplates"; export * from "./automationRules"; +export * from "./incidents"; export * from "./bookmarks"; export * from "./bookmarkRelations"; export * from "./bookmarkOperations"; export * from "./iPGeodata"; export * from "./domainWhois"; -export * from "./entityQueries"; export * from "./entities"; export * from "./entitiesGetTimeline"; export * from "./entitiesRelations"; export * from "./entityRelations"; -export * from "./incidents"; +export * from "./entityQueries"; +export * from "./entityQueryTemplates"; export * from "./incidentComments"; export * from "./incidentRelations"; export * from "./metadata"; +export * from "./officeConsents"; export * from "./sentinelOnboardingStates"; export * from "./productSettings"; export * from "./sourceControlOperations"; export * from "./sourceControls"; +export * from "./threatIntelligenceIndicator"; +export * from "./threatIntelligenceIndicators"; +export * from "./threatIntelligenceIndicatorMetrics"; export * from "./watchlists"; export * from "./watchlistItems"; export * from "./dataConnectors"; export * from "./dataConnectorsCheckRequirementsOperations"; -export * from "./threatIntelligenceIndicator"; -export * from "./threatIntelligenceIndicators"; -export * from "./threatIntelligenceIndicatorMetrics"; export * from "./operations"; -export * from "./officeConsents"; -export * from "./entityQueryTemplates"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts index fc1210e5c84e..4a1dbaad4bcb 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts @@ -14,7 +14,8 @@ import { AutomationRulesGetResponse, AutomationRulesCreateOrUpdateOptionalParams, AutomationRulesCreateOrUpdateResponse, - AutomationRulesDeleteOptionalParams + AutomationRulesDeleteOptionalParams, + AutomationRulesDeleteResponse } from "../models"; /// @@ -49,14 +50,12 @@ export interface AutomationRules { * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID - * @param automationRule The automation rule * @param options The options parameters. */ createOrUpdate( resourceGroupName: string, workspaceName: string, automationRuleId: string, - automationRule: AutomationRule, options?: AutomationRulesCreateOrUpdateOptionalParams ): Promise; /** @@ -71,5 +70,5 @@ export interface AutomationRules { workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams - ): Promise; + ): Promise; } diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts index 472272b92f69..18695a4f8cc7 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts @@ -10,6 +10,8 @@ import { PagedAsyncIterableIterator } from "@azure/core-paging"; import { Incident, IncidentsListOptionalParams, + IncidentsRunPlaybookOptionalParams, + IncidentsRunPlaybookResponse, IncidentsGetOptionalParams, IncidentsGetResponse, IncidentsCreateOrUpdateOptionalParams, @@ -40,6 +42,19 @@ export interface Incidents { workspaceName: string, options?: IncidentsListOptionalParams ): PagedAsyncIterableIterator; + /** + * Triggers playbook on a specific incident + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentIdentifier + * @param options The options parameters. + */ + runPlaybook( + resourceGroupName: string, + workspaceName: string, + incidentIdentifier: string, + options?: IncidentsRunPlaybookOptionalParams + ): Promise; /** * Gets an incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts index 1cf716300f95..2fb99b67a9bb 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts @@ -10,31 +10,31 @@ export * from "./alertRules"; export * from "./actions"; export * from "./alertRuleTemplates"; export * from "./automationRules"; +export * from "./incidents"; export * from "./bookmarks"; export * from "./bookmarkRelations"; export * from "./bookmarkOperations"; export * from "./iPGeodata"; export * from "./domainWhois"; -export * from "./entityQueries"; export * from "./entities"; export * from "./entitiesGetTimeline"; export * from "./entitiesRelations"; export * from "./entityRelations"; -export * from "./incidents"; +export * from "./entityQueries"; +export * from "./entityQueryTemplates"; export * from "./incidentComments"; export * from "./incidentRelations"; export * from "./metadata"; +export * from "./officeConsents"; export * from "./sentinelOnboardingStates"; export * from "./productSettings"; export * from "./sourceControlOperations"; export * from "./sourceControls"; +export * from "./threatIntelligenceIndicator"; +export * from "./threatIntelligenceIndicators"; +export * from "./threatIntelligenceIndicatorMetrics"; export * from "./watchlists"; export * from "./watchlistItems"; export * from "./dataConnectors"; export * from "./dataConnectorsCheckRequirementsOperations"; -export * from "./threatIntelligenceIndicator"; -export * from "./threatIntelligenceIndicators"; -export * from "./threatIntelligenceIndicatorMetrics"; export * from "./operations"; -export * from "./officeConsents"; -export * from "./entityQueryTemplates"; diff --git a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts index 957dd1d33970..99fdb14364bf 100644 --- a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts +++ b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts @@ -13,68 +13,68 @@ import { ActionsImpl, AlertRuleTemplatesImpl, AutomationRulesImpl, + IncidentsImpl, BookmarksImpl, BookmarkRelationsImpl, BookmarkOperationsImpl, IPGeodataImpl, DomainWhoisImpl, - EntityQueriesImpl, EntitiesImpl, EntitiesGetTimelineImpl, EntitiesRelationsImpl, EntityRelationsImpl, - IncidentsImpl, + EntityQueriesImpl, + EntityQueryTemplatesImpl, IncidentCommentsImpl, IncidentRelationsImpl, MetadataImpl, + OfficeConsentsImpl, SentinelOnboardingStatesImpl, ProductSettingsImpl, SourceControlOperationsImpl, SourceControlsImpl, + ThreatIntelligenceIndicatorImpl, + ThreatIntelligenceIndicatorsImpl, + ThreatIntelligenceIndicatorMetricsImpl, WatchlistsImpl, WatchlistItemsImpl, DataConnectorsImpl, DataConnectorsCheckRequirementsOperationsImpl, - ThreatIntelligenceIndicatorImpl, - ThreatIntelligenceIndicatorsImpl, - ThreatIntelligenceIndicatorMetricsImpl, - OperationsImpl, - OfficeConsentsImpl, - EntityQueryTemplatesImpl + OperationsImpl } from "./operations"; import { AlertRules, Actions, AlertRuleTemplates, AutomationRules, + Incidents, Bookmarks, BookmarkRelations, BookmarkOperations, IPGeodata, DomainWhois, - EntityQueries, Entities, EntitiesGetTimeline, EntitiesRelations, EntityRelations, - Incidents, + EntityQueries, + EntityQueryTemplates, IncidentComments, IncidentRelations, Metadata, + OfficeConsents, SentinelOnboardingStates, ProductSettings, SourceControlOperations, SourceControls, + ThreatIntelligenceIndicator, + ThreatIntelligenceIndicators, + ThreatIntelligenceIndicatorMetrics, Watchlists, WatchlistItems, DataConnectors, DataConnectorsCheckRequirementsOperations, - ThreatIntelligenceIndicator, - ThreatIntelligenceIndicators, - ThreatIntelligenceIndicatorMetrics, - Operations, - OfficeConsents, - EntityQueryTemplates + Operations } from "./operationsInterfaces"; import { SecurityInsightsOptionalParams } from "./models"; @@ -110,7 +110,7 @@ export class SecurityInsights extends coreClient.ServiceClient { credential: credentials }; - const packageDetails = `azsdk-js-arm-securityinsight/1.0.0-beta.1`; + const packageDetails = `azsdk-js-arm-securityinsight/1.0.0-beta.2`; const userAgentPrefix = options.userAgentOptions && options.userAgentOptions.userAgentPrefix ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}` @@ -133,35 +133,31 @@ export class SecurityInsights extends coreClient.ServiceClient { // Assigning values to Constant parameters this.$host = options.$host || "https://management.azure.com"; - this.apiVersion = options.apiVersion || "2021-09-01-preview"; + this.apiVersion = options.apiVersion || "2021-10-01-preview"; this.alertRules = new AlertRulesImpl(this); this.actions = new ActionsImpl(this); this.alertRuleTemplates = new AlertRuleTemplatesImpl(this); this.automationRules = new AutomationRulesImpl(this); + this.incidents = new IncidentsImpl(this); this.bookmarks = new BookmarksImpl(this); this.bookmarkRelations = new BookmarkRelationsImpl(this); this.bookmarkOperations = new BookmarkOperationsImpl(this); this.iPGeodata = new IPGeodataImpl(this); this.domainWhois = new DomainWhoisImpl(this); - this.entityQueries = new EntityQueriesImpl(this); this.entities = new EntitiesImpl(this); this.entitiesGetTimeline = new EntitiesGetTimelineImpl(this); this.entitiesRelations = new EntitiesRelationsImpl(this); this.entityRelations = new EntityRelationsImpl(this); - this.incidents = new IncidentsImpl(this); + this.entityQueries = new EntityQueriesImpl(this); + this.entityQueryTemplates = new EntityQueryTemplatesImpl(this); this.incidentComments = new IncidentCommentsImpl(this); this.incidentRelations = new IncidentRelationsImpl(this); this.metadata = new MetadataImpl(this); + this.officeConsents = new OfficeConsentsImpl(this); this.sentinelOnboardingStates = new SentinelOnboardingStatesImpl(this); this.productSettings = new ProductSettingsImpl(this); this.sourceControlOperations = new SourceControlOperationsImpl(this); this.sourceControls = new SourceControlsImpl(this); - this.watchlists = new WatchlistsImpl(this); - this.watchlistItems = new WatchlistItemsImpl(this); - this.dataConnectors = new DataConnectorsImpl(this); - this.dataConnectorsCheckRequirementsOperations = new DataConnectorsCheckRequirementsOperationsImpl( - this - ); this.threatIntelligenceIndicator = new ThreatIntelligenceIndicatorImpl( this ); @@ -171,41 +167,45 @@ export class SecurityInsights extends coreClient.ServiceClient { this.threatIntelligenceIndicatorMetrics = new ThreatIntelligenceIndicatorMetricsImpl( this ); + this.watchlists = new WatchlistsImpl(this); + this.watchlistItems = new WatchlistItemsImpl(this); + this.dataConnectors = new DataConnectorsImpl(this); + this.dataConnectorsCheckRequirementsOperations = new DataConnectorsCheckRequirementsOperationsImpl( + this + ); this.operations = new OperationsImpl(this); - this.officeConsents = new OfficeConsentsImpl(this); - this.entityQueryTemplates = new EntityQueryTemplatesImpl(this); } alertRules: AlertRules; actions: Actions; alertRuleTemplates: AlertRuleTemplates; automationRules: AutomationRules; + incidents: Incidents; bookmarks: Bookmarks; bookmarkRelations: BookmarkRelations; bookmarkOperations: BookmarkOperations; iPGeodata: IPGeodata; domainWhois: DomainWhois; - entityQueries: EntityQueries; entities: Entities; entitiesGetTimeline: EntitiesGetTimeline; entitiesRelations: EntitiesRelations; entityRelations: EntityRelations; - incidents: Incidents; + entityQueries: EntityQueries; + entityQueryTemplates: EntityQueryTemplates; incidentComments: IncidentComments; incidentRelations: IncidentRelations; metadata: Metadata; + officeConsents: OfficeConsents; sentinelOnboardingStates: SentinelOnboardingStates; productSettings: ProductSettings; sourceControlOperations: SourceControlOperations; sourceControls: SourceControls; + threatIntelligenceIndicator: ThreatIntelligenceIndicator; + threatIntelligenceIndicators: ThreatIntelligenceIndicators; + threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics; watchlists: Watchlists; watchlistItems: WatchlistItems; dataConnectors: DataConnectors; dataConnectorsCheckRequirementsOperations: DataConnectorsCheckRequirementsOperations; - threatIntelligenceIndicator: ThreatIntelligenceIndicator; - threatIntelligenceIndicators: ThreatIntelligenceIndicators; - threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics; operations: Operations; - officeConsents: OfficeConsents; - entityQueryTemplates: EntityQueryTemplates; } diff --git a/sdk/securityinsight/arm-securityinsight/tsconfig.json b/sdk/securityinsight/arm-securityinsight/tsconfig.json index 6e3251194117..3e6ae96443f3 100644 --- a/sdk/securityinsight/arm-securityinsight/tsconfig.json +++ b/sdk/securityinsight/arm-securityinsight/tsconfig.json @@ -9,11 +9,19 @@ "esModuleInterop": true, "allowSyntheticDefaultImports": true, "forceConsistentCasingInFileNames": true, - "lib": ["es6", "dom"], + "lib": [ + "es6", + "dom" + ], "declaration": true, "outDir": "./dist-esm", "importHelpers": true }, - "include": ["./src/**/*.ts", "./test/**/*.ts"], - "exclude": ["node_modules"] -} + "include": [ + "./src/**/*.ts", + "./test/**/*.ts" + ], + "exclude": [ + "node_modules" + ] +} \ No newline at end of file diff --git a/sdk/securityinsight/ci.mgmt.yml b/sdk/securityinsight/ci.mgmt.yml index 447cd8fb1344..54c97e7c4804 100644 --- a/sdk/securityinsight/ci.mgmt.yml +++ b/sdk/securityinsight/ci.mgmt.yml @@ -1,5 +1,5 @@ # NOTE: Please refer to https://aka.ms/azsdk/engsys/ci-yaml before editing this file. - + trigger: branches: include: @@ -10,6 +10,7 @@ trigger: include: - sdk/securityinsight/ci.mgmt.yml - sdk/securityinsight/arm-securityinsight/ + - sdk/securityinsight/arm-securityinsight pr: branches: include: @@ -23,11 +24,11 @@ pr: include: - sdk/securityinsight/ci.mgmt.yml - sdk/securityinsight/arm-securityinsight/ - + - sdk/securityinsight/arm-securityinsight extends: template: /eng/pipelines/templates/stages/archetype-sdk-client.yml parameters: ServiceDirectory: securityinsight Artifacts: - name: azure-arm-securityinsight - safeName: azurearmsecurityinsight \ No newline at end of file + safeName: azurearmsecurityinsight