diff --git a/sdk/securityinsight/arm-securityinsight/LICENSE.txt b/sdk/securityinsight/arm-securityinsight/LICENSE.txt
new file mode 100644
index 000000000000..2d3163745319
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/LICENSE.txt
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Microsoft
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/sdk/securityinsight/arm-securityinsight/README.md b/sdk/securityinsight/arm-securityinsight/README.md
new file mode 100644
index 000000000000..d04ee0c6289e
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/README.md
@@ -0,0 +1,118 @@
+## Azure SecurityInsights SDK for JavaScript
+
+This package contains an isomorphic SDK (runs both in node.js and in browsers) for SecurityInsights.
+
+### Currently supported environments
+
+- [LTS versions of Node.js](https://nodejs.org/about/releases/)
+- Latest versions of Safari, Chrome, Edge and Firefox.
+
+### Prerequisites
+
+You must have an [Azure subscription](https://azure.microsoft.com/free/).
+
+### How to install
+
+To use this SDK in your project, you will need to install two packages.
+- `@azure/arm-securityinsight` that contains the client.
+- `@azure/identity` that provides different mechanisms for the client to authenticate your requests using Azure Active Directory.
+
+Install both packages using the below command:
+```bash
+npm install --save @azure/arm-securityinsight @azure/identity
+```
+> **Note**: You may have used either `@azure/ms-rest-nodeauth` or `@azure/ms-rest-browserauth` in the past. These packages are in maintenance mode receiving critical bug fixes, but no new features.
+If you are on a [Node.js that has LTS status](https://nodejs.org/about/releases/), or are writing a client side browser application, we strongly encourage you to upgrade to `@azure/identity` which uses the latest versions of Azure Active Directory and MSAL APIs and provides more authentication options.
+
+### How to use
+
+- If you are writing a client side browser application,
+ - Follow the instructions in the section on Authenticating client side browser applications in [Azure Identity examples](https://aka.ms/azsdk/js/identity/examples) to register your application in the Microsoft identity platform and set the right permissions.
+ - Copy the client ID and tenant ID from the Overview section of your app registration in Azure portal and use it in the browser sample below.
+- If you are writing a server side application,
+ - [Select a credential from `@azure/identity` based on the authentication method of your choice](https://aka.ms/azsdk/js/identity/examples)
+ - Complete the set up steps required by the credential if any.
+ - Use the credential you picked in the place of `DefaultAzureCredential` in the Node.js sample below.
+
+In the below samples, we pass the credential and the Azure subscription id to instantiate the client.
+Once the client is created, explore the operations on it either in your favorite editor or in our [API reference documentation](https://docs.microsoft.com/javascript/api) to get started.
+#### nodejs - Authentication, client creation, and list incidents as an example written in JavaScript.
+
+##### Sample code
+
+```javascript
+const { DefaultAzureCredential } = require("@azure/identity");
+const { SecurityInsights } = require("@azure/arm-securityinsight");
+const subscriptionId = process.env["AZURE_SUBSCRIPTION_ID"];
+
+// Use `DefaultAzureCredential` or any other credential of your choice based on https://aka.ms/azsdk/js/identity/examples
+// Please note that you can also use credentials from the `@azure/ms-rest-nodeauth` package instead.
+const creds = new DefaultAzureCredential();
+const client = new SecurityInsights(creds, subscriptionId);
+const resourceGroupName = "testresourceGroupName";
+const workspaceName = "testworkspaceName";
+const filter = "testfilter";
+const orderby = "testorderby";
+const top = 1;
+const skipToken = "testskipToken";
+client.incidents.list(resourceGroupName, workspaceName, filter, orderby, top, skipToken).then((result) => {
+ console.log("The result is:");
+ console.log(result);
+}).catch((err) => {
+ console.log("An error occurred:");
+ console.error(err);
+});
+```
+
+#### browser - Authentication, client creation, and list incidents as an example written in JavaScript.
+
+In browser applications, we recommend using the `InteractiveBrowserCredential` that interactively authenticates using the default system browser.
+ - See [Single-page application: App registration guide](https://docs.microsoft.com/azure/active-directory/develop/scenario-spa-app-registration) to configure your app registration for the browser.
+ - Note down the client Id from the previous step and use it in the browser sample below.
+
+##### Sample code
+
+- index.html
+
+```html
+
+
+
+ @azure/arm-securityinsight sample
+
+
+
+
+
+
+
+```
+
+## Related projects
+
+- [Microsoft Azure SDK for Javascript](https://github.com/Azure/azure-sdk-for-js)
+
+
diff --git a/sdk/securityinsight/arm-securityinsight/package.json b/sdk/securityinsight/arm-securityinsight/package.json
new file mode 100644
index 000000000000..0477c570a3b6
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/package.json
@@ -0,0 +1,59 @@
+{
+ "name": "@azure/arm-securityinsight",
+ "author": "Microsoft Corporation",
+ "description": "SecurityInsights Library with typescript type definitions for node.js and browser.",
+ "version": "1.0.0",
+ "dependencies": {
+ "@azure/ms-rest-azure-js": "^2.1.0",
+ "@azure/ms-rest-js": "^2.2.0",
+ "@azure/core-auth": "^1.1.4",
+ "tslib": "^1.10.0"
+ },
+ "keywords": [
+ "node",
+ "azure",
+ "typescript",
+ "browser",
+ "isomorphic"
+ ],
+ "license": "MIT",
+ "main": "./dist/arm-securityinsight.js",
+ "module": "./esm/securityInsights.js",
+ "types": "./esm/securityInsights.d.ts",
+ "devDependencies": {
+ "typescript": "^3.6.0",
+ "rollup": "^1.18.0",
+ "rollup-plugin-node-resolve": "^5.2.0",
+ "rollup-plugin-sourcemaps": "^0.4.2",
+ "uglify-js": "^3.6.0"
+ },
+ "homepage": "https://github.com/Azure/azure-sdk-for-js/tree/master/sdk/securityinsight/arm-securityinsight",
+ "repository": {
+ "type": "git",
+ "url": "https://github.com/Azure/azure-sdk-for-js.git"
+ },
+ "bugs": {
+ "url": "https://github.com/Azure/azure-sdk-for-js/issues"
+ },
+ "files": [
+ "dist/**/*.js",
+ "dist/**/*.js.map",
+ "dist/**/*.d.ts",
+ "dist/**/*.d.ts.map",
+ "esm/**/*.js",
+ "esm/**/*.js.map",
+ "esm/**/*.d.ts",
+ "esm/**/*.d.ts.map",
+ "src/**/*.ts",
+ "README.md",
+ "rollup.config.js",
+ "tsconfig.json"
+ ],
+ "scripts": {
+ "build": "tsc && rollup -c rollup.config.js && npm run minify",
+ "minify": "uglifyjs -c -m --comments --source-map \"content='./dist/arm-securityinsight.js.map'\" -o ./dist/arm-securityinsight.min.js ./dist/arm-securityinsight.js",
+ "prepack": "npm install && npm run build"
+ },
+ "sideEffects": false,
+ "autoPublish": true
+}
diff --git a/sdk/securityinsight/arm-securityinsight/rollup.config.js b/sdk/securityinsight/arm-securityinsight/rollup.config.js
new file mode 100644
index 000000000000..276048058dba
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/rollup.config.js
@@ -0,0 +1,37 @@
+import rollup from "rollup";
+import nodeResolve from "rollup-plugin-node-resolve";
+import sourcemaps from "rollup-plugin-sourcemaps";
+
+/**
+ * @type {rollup.RollupFileOptions}
+ */
+const config = {
+ input: "./esm/securityInsights.js",
+ external: [
+ "@azure/ms-rest-js",
+ "@azure/ms-rest-azure-js"
+ ],
+ output: {
+ file: "./dist/arm-securityinsight.js",
+ format: "umd",
+ name: "Azure.ArmSecurityinsight",
+ sourcemap: true,
+ globals: {
+ "@azure/ms-rest-js": "msRest",
+ "@azure/ms-rest-azure-js": "msRestAzure"
+ },
+ banner: `/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */`
+ },
+ plugins: [
+ nodeResolve({ mainFields: ['module', 'main'] }),
+ sourcemaps()
+ ]
+};
+
+export default config;
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/actionsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/actionsMappers.ts
new file mode 100644
index 000000000000..4a12832566aa
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/actionsMappers.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ ActionRequest,
+ ActionResponse,
+ ActionsList,
+ AlertRule,
+ AlertRuleTemplate,
+ AlertRuleTemplateDataSource,
+ BaseResource,
+ ClientInfo,
+ CloudError,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ FusionAlertRule,
+ FusionAlertRuleTemplate,
+ Incident,
+ IncidentAdditionalData,
+ IncidentComment,
+ IncidentLabel,
+ IncidentOwnerInfo,
+ MicrosoftSecurityIncidentCreationAlertRule,
+ MicrosoftSecurityIncidentCreationAlertRuleTemplate,
+ Relation,
+ Resource,
+ ResourceWithEtag,
+ ScheduledAlertRule,
+ ScheduledAlertRuleTemplate,
+ SystemData,
+ UserInfo,
+ Watchlist,
+ WatchlistItem
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/alertRuleTemplatesMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/alertRuleTemplatesMappers.ts
new file mode 100644
index 000000000000..f40d03a627ff
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/alertRuleTemplatesMappers.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ ActionRequest,
+ ActionResponse,
+ AlertRule,
+ AlertRuleTemplate,
+ AlertRuleTemplateDataSource,
+ AlertRuleTemplatesList,
+ BaseResource,
+ ClientInfo,
+ CloudError,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ FusionAlertRule,
+ FusionAlertRuleTemplate,
+ Incident,
+ IncidentAdditionalData,
+ IncidentComment,
+ IncidentLabel,
+ IncidentOwnerInfo,
+ MicrosoftSecurityIncidentCreationAlertRule,
+ MicrosoftSecurityIncidentCreationAlertRuleTemplate,
+ Relation,
+ Resource,
+ ResourceWithEtag,
+ ScheduledAlertRule,
+ ScheduledAlertRuleTemplate,
+ SystemData,
+ UserInfo,
+ Watchlist,
+ WatchlistItem
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/alertRulesMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/alertRulesMappers.ts
new file mode 100644
index 000000000000..fea8c9bbd942
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/alertRulesMappers.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ ActionRequest,
+ ActionResponse,
+ AlertRule,
+ AlertRulesList,
+ AlertRuleTemplate,
+ AlertRuleTemplateDataSource,
+ BaseResource,
+ ClientInfo,
+ CloudError,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ FusionAlertRule,
+ FusionAlertRuleTemplate,
+ Incident,
+ IncidentAdditionalData,
+ IncidentComment,
+ IncidentLabel,
+ IncidentOwnerInfo,
+ MicrosoftSecurityIncidentCreationAlertRule,
+ MicrosoftSecurityIncidentCreationAlertRuleTemplate,
+ Relation,
+ Resource,
+ ResourceWithEtag,
+ ScheduledAlertRule,
+ ScheduledAlertRuleTemplate,
+ SystemData,
+ UserInfo,
+ Watchlist,
+ WatchlistItem
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/incidentCommentsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/incidentCommentsMappers.ts
new file mode 100644
index 000000000000..5e71a78de17d
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/incidentCommentsMappers.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ ActionRequest,
+ ActionResponse,
+ AlertRule,
+ AlertRuleTemplate,
+ AlertRuleTemplateDataSource,
+ BaseResource,
+ ClientInfo,
+ CloudError,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ FusionAlertRule,
+ FusionAlertRuleTemplate,
+ Incident,
+ IncidentAdditionalData,
+ IncidentComment,
+ IncidentCommentList,
+ IncidentLabel,
+ IncidentOwnerInfo,
+ MicrosoftSecurityIncidentCreationAlertRule,
+ MicrosoftSecurityIncidentCreationAlertRuleTemplate,
+ Relation,
+ Resource,
+ ResourceWithEtag,
+ ScheduledAlertRule,
+ ScheduledAlertRuleTemplate,
+ SystemData,
+ UserInfo,
+ Watchlist,
+ WatchlistItem
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/incidentRelationsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/incidentRelationsMappers.ts
new file mode 100644
index 000000000000..2be132d4ff48
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/incidentRelationsMappers.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ ActionRequest,
+ ActionResponse,
+ AlertRule,
+ AlertRuleTemplate,
+ AlertRuleTemplateDataSource,
+ BaseResource,
+ ClientInfo,
+ CloudError,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ FusionAlertRule,
+ FusionAlertRuleTemplate,
+ Incident,
+ IncidentAdditionalData,
+ IncidentComment,
+ IncidentLabel,
+ IncidentOwnerInfo,
+ MicrosoftSecurityIncidentCreationAlertRule,
+ MicrosoftSecurityIncidentCreationAlertRuleTemplate,
+ Relation,
+ RelationList,
+ Resource,
+ ResourceWithEtag,
+ ScheduledAlertRule,
+ ScheduledAlertRuleTemplate,
+ SystemData,
+ UserInfo,
+ Watchlist,
+ WatchlistItem
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/incidentsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/incidentsMappers.ts
new file mode 100644
index 000000000000..bf06d00c2408
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/incidentsMappers.ts
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ AccountEntity,
+ ActionRequest,
+ ActionResponse,
+ AlertRule,
+ AlertRuleTemplate,
+ AlertRuleTemplateDataSource,
+ AzureResourceEntity,
+ BaseResource,
+ ClientInfo,
+ CloudApplicationEntity,
+ CloudError,
+ DnsEntity,
+ Entity,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ FileEntity,
+ FileHashEntity,
+ FusionAlertRule,
+ FusionAlertRuleTemplate,
+ GeoLocation,
+ HostEntity,
+ HuntingBookmark,
+ Incident,
+ IncidentAdditionalData,
+ IncidentAlertList,
+ IncidentBookmarkList,
+ IncidentComment,
+ IncidentEntitiesResponse,
+ IncidentEntitiesResultsMetadata,
+ IncidentInfo,
+ IncidentLabel,
+ IncidentList,
+ IncidentOwnerInfo,
+ IoTDeviceEntity,
+ IpEntity,
+ MailboxEntity,
+ MailClusterEntity,
+ MailMessageEntity,
+ MalwareEntity,
+ MicrosoftSecurityIncidentCreationAlertRule,
+ MicrosoftSecurityIncidentCreationAlertRuleTemplate,
+ ProcessEntity,
+ RegistryKeyEntity,
+ RegistryValueEntity,
+ Relation,
+ Resource,
+ ResourceWithEtag,
+ ScheduledAlertRule,
+ ScheduledAlertRuleTemplate,
+ SecurityAlert,
+ SecurityAlertPropertiesConfidenceReasonsItem,
+ SecurityGroupEntity,
+ SubmissionMailEntity,
+ SystemData,
+ ThreatIntelligence,
+ UrlEntity,
+ UserInfo,
+ Watchlist,
+ WatchlistItem
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/index.ts b/sdk/securityinsight/arm-securityinsight/src/models/index.ts
new file mode 100644
index 000000000000..94d6fdd47ce8
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/index.ts
@@ -0,0 +1,5204 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import { BaseResource, CloudError, AzureServiceClientOptions } from "@azure/ms-rest-azure-js";
+import * as msRest from "@azure/ms-rest-js";
+
+export { BaseResource, CloudError };
+
+/**
+ * Contains the possible cases for Entity.
+ */
+export type EntityUnion = Entity | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | HuntingBookmark | SecurityAlert | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity;
+
+/**
+ * Specific entity.
+ */
+export interface Entity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Entity";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+}
+
+/**
+ * Represents an account entity.
+ */
+export interface AccountEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Account";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The Azure Active Directory tenant id.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly aadTenantId?: string;
+ /**
+ * The Azure Active Directory user id.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly aadUserId?: string;
+ /**
+ * The name of the account. This field should hold only the name without any domain added to it,
+ * i.e. administrator.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly accountName?: string;
+ /**
+ * The display name of the account.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly displayName?: string;
+ /**
+ * The Host entity id that contains the account in case it is a local account (not domain joined)
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly hostEntityId?: string;
+ /**
+ * Determines whether this is a domain account.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly isDomainJoined?: boolean;
+ /**
+ * The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT
+ * AUTHORITY.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly ntDomain?: string;
+ /**
+ * The objectGUID attribute is a single-value attribute that is the unique identifier for the
+ * object, assigned by active directory.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly objectGuid?: string;
+ /**
+ * The Azure Active Directory Passport User ID.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly puid?: string;
+ /**
+ * The account security identifier, e.g. S-1-5-18.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly sid?: string;
+ /**
+ * The user principal name suffix for the account, in some cases it is also the domain name.
+ * Examples: contoso.com.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly upnSuffix?: string;
+ /**
+ * The fully qualified domain DNS name.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly dnsDomain?: string;
+}
+
+/**
+ * Represents an azure resource entity.
+ */
+export interface AzureResourceEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "AzureResource";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The azure resource id of the resource
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly resourceId?: string;
+ /**
+ * The subscription id of the resource
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly subscriptionId?: string;
+}
+
+/**
+ * Information on the client (user or application) that made some action
+ */
+export interface ClientInfo {
+ /**
+ * The email of the client.
+ */
+ email?: string;
+ /**
+ * The name of the client.
+ */
+ name?: string;
+ /**
+ * The object id of the client.
+ */
+ objectId?: string;
+ /**
+ * The user principal name of the client.
+ */
+ userPrincipalName?: string;
+}
+
+/**
+ * Represents a cloud application entity.
+ */
+export interface CloudApplicationEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "CloudApplication";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The technical identifier of the application.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly appId?: number;
+ /**
+ * The name of the related cloud application.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly appName?: string;
+ /**
+ * The user defined instance name of the cloud application. It is often used to distinguish
+ * between several applications of the same type that a customer has.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly instanceName?: string;
+}
+
+/**
+ * The resource management error additional info.
+ */
+export interface ErrorAdditionalInfo {
+ /**
+ * The additional info type.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * The additional info.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly info?: any;
+}
+
+/**
+ * Common error response for all Azure Resource Manager APIs to return error details for failed
+ * operations. (This also follows the OData error response format.)
+ * @summary Error Response
+ */
+export interface ErrorResponse {
+ /**
+ * The error code.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly code?: string;
+ /**
+ * The error message.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly message?: string;
+ /**
+ * The error target.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly target?: string;
+ /**
+ * The error details.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly details?: ErrorResponse[];
+ /**
+ * The error additional info.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalInfo?: ErrorAdditionalInfo[];
+}
+
+/**
+ * Represents a dns entity.
+ */
+export interface DnsEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "DnsResolution";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * An ip entity id for the dns server resolving the request
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly dnsServerIpEntityId?: string;
+ /**
+ * The name of the dns record associated with the alert
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly domainName?: string;
+ /**
+ * An ip entity id for the dns request client
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly hostIpAddressEntityId?: string;
+ /**
+ * Ip entity identifiers for the resolved ip address.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly ipAddressEntityIds?: string[];
+}
+
+/**
+ * Metadata pertaining to creation and last modification of the resource.
+ */
+export interface SystemData {
+ /**
+ * The identity that created the resource.
+ */
+ createdBy?: string;
+ /**
+ * The type of identity that created the resource. Possible values include: 'User',
+ * 'Application', 'ManagedIdentity', 'Key'
+ */
+ createdByType?: CreatedByType;
+ /**
+ * The timestamp of resource creation (UTC).
+ */
+ createdAt?: Date;
+ /**
+ * The identity that last modified the resource.
+ */
+ lastModifiedBy?: string;
+ /**
+ * The type of identity that last modified the resource. Possible values include: 'User',
+ * 'Application', 'ManagedIdentity', 'Key'
+ */
+ lastModifiedByType?: CreatedByType;
+ /**
+ * The timestamp of resource last modification (UTC)
+ */
+ lastModifiedAt?: Date;
+}
+
+/**
+ * Entity common property bag.
+ */
+export interface EntityCommonProperties {
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+}
+
+/**
+ * The edge that connects the entity to the other entity.
+ */
+export interface EntityEdges {
+ /**
+ * The target entity Id.
+ */
+ targetEntityId?: string;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ */
+ additionalData?: { [propertyName: string]: any };
+}
+
+/**
+ * Describes an entity with kind.
+ */
+export interface EntityKind {
+ /**
+ * The kind of the entity. Possible values include: 'Account', 'Host', 'File', 'AzureResource',
+ * 'CloudApplication', 'DnsResolution', 'FileHash', 'Ip', 'Malware', 'Process', 'RegistryKey',
+ * 'RegistryValue', 'SecurityGroup', 'Url', 'IoTDevice', 'SecurityAlert', 'Bookmark',
+ * 'MailCluster', 'MailMessage', 'Mailbox', 'SubmissionMail'
+ */
+ kind: EntityKindEnum;
+}
+
+/**
+ * Represents a file entity.
+ */
+export interface FileEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "File";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The full path to the file.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly directory?: string;
+ /**
+ * The file hash entity identifiers associated with this file
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly fileHashEntityIds?: string[];
+ /**
+ * The file name without path (some alerts might not include path).
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly fileName?: string;
+ /**
+ * The Host entity id which the file belongs to
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly hostEntityId?: string;
+}
+
+/**
+ * Represents a file hash entity.
+ */
+export interface FileHashEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "FileHash";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256',
+ * 'SHA256AC'
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly algorithm?: FileHashAlgorithm;
+ /**
+ * The file hash value.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly hashValue?: string;
+}
+
+/**
+ * The geo-location context attached to the ip entity
+ */
+export interface GeoLocation {
+ /**
+ * Autonomous System Number
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly asn?: number;
+ /**
+ * City name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly city?: string;
+ /**
+ * The country code according to ISO 3166 format
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly countryCode?: string;
+ /**
+ * Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly countryName?: string;
+ /**
+ * The longitude of the identified location, expressed as a floating point number with range of
+ * -180 to 180, with positive numbers representing East and negative numbers representing West.
+ * Latitude and longitude are derived from the city or postal code.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly latitude?: number;
+ /**
+ * The latitude of the identified location, expressed as a floating point number with range of -
+ * 90 to 90, with positive numbers representing North and negative numbers representing South.
+ * Latitude and longitude are derived from the city or postal code.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly longitude?: number;
+ /**
+ * State name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly state?: string;
+}
+
+/**
+ * Represents a host entity.
+ */
+export interface HostEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Host";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The azure resource id of the VM.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly azureID?: string;
+ /**
+ * The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly dnsDomain?: string;
+ /**
+ * The hostname without the domain suffix.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly hostName?: string;
+ /**
+ * Determines whether this host belongs to a domain.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly isDomainJoined?: boolean;
+ /**
+ * The host name (pre-windows2000).
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly netBiosName?: string;
+ /**
+ * The NT domain that this host belongs to.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly ntDomain?: string;
+ /**
+ * The OMS agent id, if the host has OMS agent installed.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly omsAgentID?: string;
+ /**
+ * The operating system type. Possible values include: 'Linux', 'Windows', 'Android', 'IOS',
+ * 'Unknown'
+ */
+ osFamily?: OSFamily;
+ /**
+ * A free text representation of the operating system. This field is meant to hold specific
+ * versions the are more fine grained than OSFamily or future values not supported by OSFamily
+ * enumeration
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly osVersion?: string;
+}
+
+/**
+ * User information that made some action
+ */
+export interface UserInfo {
+ /**
+ * The email of the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly email?: string;
+ /**
+ * The name of the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * The object id of the user.
+ */
+ objectId?: string;
+}
+
+/**
+ * Describes related incident information for the bookmark
+ */
+export interface IncidentInfo {
+ /**
+ * Incident Id
+ */
+ incidentId?: string;
+ /**
+ * The severity of the incident. Possible values include: 'Critical', 'High', 'Medium', 'Low',
+ * 'Informational'
+ */
+ severity?: CaseSeverity;
+ /**
+ * The title of the incident
+ */
+ title?: string;
+ /**
+ * Relation Name
+ */
+ relationName?: string;
+}
+
+/**
+ * Represents a Hunting bookmark entity.
+ */
+export interface HuntingBookmark {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Bookmark";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The time the bookmark was created
+ */
+ created?: Date;
+ /**
+ * Describes a user that created the bookmark
+ */
+ createdBy?: UserInfo;
+ /**
+ * The display name of the bookmark
+ */
+ displayName: string;
+ /**
+ * The time of the event
+ */
+ eventTime?: Date;
+ /**
+ * List of labels relevant to this bookmark
+ */
+ labels?: string[];
+ /**
+ * The notes of the bookmark
+ */
+ notes?: string;
+ /**
+ * The query of the bookmark.
+ */
+ query: string;
+ /**
+ * The query result of the bookmark.
+ */
+ queryResult?: string;
+ /**
+ * The last time the bookmark was updated
+ */
+ updated?: Date;
+ /**
+ * Describes a user that updated the bookmark
+ */
+ updatedBy?: UserInfo;
+ /**
+ * Describes an incident that relates to bookmark
+ */
+ incidentInfo?: IncidentInfo;
+}
+
+/**
+ * Incident additional data property bag.
+ */
+export interface IncidentAdditionalData {
+ /**
+ * The number of alerts in the incident
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly alertsCount?: number;
+ /**
+ * The number of bookmarks in the incident
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly bookmarksCount?: number;
+ /**
+ * The number of comments in the incident
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly commentsCount?: number;
+ /**
+ * List of product names of alerts in the incident
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly alertProductNames?: string[];
+ /**
+ * The tactics associated with incident
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly tactics?: AttackTactic[];
+}
+
+/**
+ * Represents an incident label
+ */
+export interface IncidentLabel {
+ /**
+ * The name of the label
+ */
+ labelName: string;
+ /**
+ * The type of the label. Possible values include: 'User', 'System'
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly labelType?: IncidentLabelType;
+}
+
+/**
+ * Information on the user an incident is assigned to
+ */
+export interface IncidentOwnerInfo {
+ /**
+ * The email of the user the incident is assigned to.
+ */
+ email?: string;
+ /**
+ * The name of the user the incident is assigned to.
+ */
+ assignedTo?: string;
+ /**
+ * The object id of the user the incident is assigned to.
+ */
+ objectId?: string;
+ /**
+ * The user principal name of the user the incident is assigned to.
+ */
+ userPrincipalName?: string;
+}
+
+/**
+ * An azure resource object
+ */
+export interface Resource extends BaseResource {
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+}
+
+/**
+ * An azure resource object with an Etag property
+ */
+export interface ResourceWithEtag extends Resource {
+ /**
+ * Etag of the azure resource
+ */
+ etag?: string;
+}
+
+/**
+ * Represents an incident in Azure Security Insights.
+ */
+export interface Incident extends ResourceWithEtag {
+ /**
+ * Additional data on the incident
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: IncidentAdditionalData;
+ /**
+ * The reason the incident was closed. Possible values include: 'Undetermined', 'TruePositive',
+ * 'BenignPositive', 'FalsePositive'
+ */
+ classification?: IncidentClassification;
+ /**
+ * Describes the reason the incident was closed
+ */
+ classificationComment?: string;
+ /**
+ * The classification reason the incident was closed with. Possible values include:
+ * 'SuspiciousActivity', 'SuspiciousButExpected', 'IncorrectAlertLogic', 'InaccurateData'
+ */
+ classificationReason?: IncidentClassificationReason;
+ /**
+ * The time the incident was created
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly createdTimeUtc?: Date;
+ /**
+ * The description of the incident
+ */
+ description?: string;
+ /**
+ * The time of the first activity in the incident
+ */
+ firstActivityTimeUtc?: Date;
+ /**
+ * The deep-link url to the incident in Azure portal
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly incidentUrl?: string;
+ /**
+ * A sequential number
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly incidentNumber?: number;
+ /**
+ * List of labels relevant to this incident
+ */
+ labels?: IncidentLabel[];
+ /**
+ * The time of the last activity in the incident
+ */
+ lastActivityTimeUtc?: Date;
+ /**
+ * The last time the incident was updated
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly lastModifiedTimeUtc?: Date;
+ /**
+ * Describes a user that the incident is assigned to
+ */
+ owner?: IncidentOwnerInfo;
+ /**
+ * List of resource ids of Analytic rules related to the incident
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly relatedAnalyticRuleIds?: string[];
+ /**
+ * The severity of the incident. Possible values include: 'High', 'Medium', 'Low',
+ * 'Informational'
+ */
+ severity: IncidentSeverity;
+ /**
+ * The status of the incident. Possible values include: 'New', 'Active', 'Closed'
+ */
+ status: IncidentStatus;
+ /**
+ * The title of the incident
+ */
+ title: string;
+}
+
+/**
+ * confidence reason item
+ */
+export interface SecurityAlertPropertiesConfidenceReasonsItem {
+ /**
+ * The reason's description
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly reason?: string;
+ /**
+ * The type (category) of the reason
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly reasonType?: string;
+}
+
+/**
+ * Represents a security alert entity.
+ */
+export interface SecurityAlert {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "SecurityAlert";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The display name of the alert.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly alertDisplayName?: string;
+ /**
+ * The type name of the alert.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly alertType?: string;
+ /**
+ * Display name of the main entity being reported on.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly compromisedEntity?: string;
+ /**
+ * The confidence level of this alert. Possible values include: 'Unknown', 'Low', 'High'
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly confidenceLevel?: ConfidenceLevel;
+ /**
+ * The confidence reasons
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[];
+ /**
+ * The confidence score of the alert.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly confidenceScore?: number;
+ /**
+ * The confidence score calculation status, i.e. indicating if score calculation is pending for
+ * this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess',
+ * 'NotFinal', 'Final'
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly confidenceScoreStatus?: ConfidenceScoreStatus;
+ /**
+ * Alert description.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly description?: string;
+ /**
+ * The impact end time of the alert (the time of the last event contributing to the alert).
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly endTimeUtc?: Date;
+ /**
+ * Holds the alert intent stage(s) mapping for this alert. Possible values include: 'Unknown',
+ * 'Probing', 'Exploitation', 'Persistence', 'PrivilegeEscalation', 'DefenseEvasion',
+ * 'CredentialAccess', 'Discovery', 'LateralMovement', 'Execution', 'Collection', 'Exfiltration',
+ * 'CommandAndControl', 'Impact'
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly intent?: KillChainIntent;
+ /**
+ * The identifier of the alert inside the product which generated the alert.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly providerAlertId?: string;
+ /**
+ * The time the alert was made available for consumption.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly processingEndTime?: Date;
+ /**
+ * The name of a component inside the product which generated the alert.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly productComponentName?: string;
+ /**
+ * The name of the product which published this alert.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly productName?: string;
+ /**
+ * The version of the product generating the alert.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly productVersion?: string;
+ /**
+ * Manual action items to take to remediate the alert.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly remediationSteps?: string[];
+ /**
+ * The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational'
+ */
+ severity?: AlertSeverity;
+ /**
+ * The impact start time of the alert (the time of the first event contributing to the alert).
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly startTimeUtc?: Date;
+ /**
+ * The lifecycle status of the alert. Possible values include: 'Unknown', 'New', 'Resolved',
+ * 'Dismissed', 'InProgress'
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly status?: AlertStatus;
+ /**
+ * Holds the product identifier of the alert for the product.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemAlertId?: string;
+ /**
+ * The tactics of the alert
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly tactics?: AttackTactic[];
+ /**
+ * The time the alert was generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly timeGenerated?: Date;
+ /**
+ * The name of the vendor that raise the alert.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly vendorName?: string;
+ /**
+ * The uri link of the alert.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly alertLink?: string;
+ /**
+ * The list of resource identifiers of the alert.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly resourceIdentifiers?: any[];
+}
+
+/**
+ * List of incident alerts.
+ */
+export interface IncidentAlertList {
+ /**
+ * Array of incident alerts.
+ */
+ value: SecurityAlert[];
+}
+
+/**
+ * List of incident bookmarks.
+ */
+export interface IncidentBookmarkList {
+ /**
+ * Array of incident bookmarks.
+ */
+ value: HuntingBookmark[];
+}
+
+/**
+ * Represents an incident comment
+ */
+export interface IncidentComment extends ResourceWithEtag {
+ /**
+ * The time the comment was created
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly createdTimeUtc?: Date;
+ /**
+ * The time the comment was updated
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly lastModifiedTimeUtc?: Date;
+ /**
+ * The comment message
+ */
+ message: string;
+ /**
+ * Describes the client that created the comment
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly author?: ClientInfo;
+}
+
+/**
+ * Information of a specific aggregation in the incident related entities result.
+ */
+export interface IncidentEntitiesResultsMetadata {
+ /**
+ * Total number of aggregations of the given kind in the incident related entities result.
+ */
+ count: number;
+ /**
+ * The kind of the aggregated entity. Possible values include: 'Account', 'Host', 'File',
+ * 'AzureResource', 'CloudApplication', 'DnsResolution', 'FileHash', 'Ip', 'Malware', 'Process',
+ * 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'Url', 'IoTDevice', 'SecurityAlert',
+ * 'Bookmark', 'MailCluster', 'MailMessage', 'Mailbox', 'SubmissionMail'
+ */
+ entityKind: EntityKindEnum;
+}
+
+/**
+ * The incident related entities response.
+ */
+export interface IncidentEntitiesResponse {
+ /**
+ * Array of the incident related entities.
+ */
+ entities?: EntityUnion[];
+ /**
+ * The metadata from the incident related entities results.
+ */
+ metaData?: IncidentEntitiesResultsMetadata[];
+}
+
+/**
+ * ThreatIntelligence property bag.
+ */
+export interface ThreatIntelligence {
+ /**
+ * Confidence (must be between 0 and 1)
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly confidence?: number;
+ /**
+ * Name of the provider from whom this Threat Intelligence information was received
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly providerName?: string;
+ /**
+ * Report link
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly reportLink?: string;
+ /**
+ * Threat description (free text)
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly threatDescription?: string;
+ /**
+ * Threat name (e.g. "Jedobot malware")
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly threatName?: string;
+ /**
+ * Threat type (e.g. "Botnet")
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly threatType?: string;
+}
+
+/**
+ * Represents an IoT device entity.
+ */
+export interface IoTDeviceEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "IoTDevice";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The ID of the IoT Device in the IoT Hub
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly deviceId?: string;
+ /**
+ * The friendly name of the device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly deviceName?: string;
+ /**
+ * The source of the device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly source?: string;
+ /**
+ * The ID of the security agent running on the device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly iotSecurityAgentId?: string;
+ /**
+ * The type of the device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly deviceType?: string;
+ /**
+ * The vendor of the device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly vendor?: string;
+ /**
+ * The ID of the edge device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly edgeId?: string;
+ /**
+ * The MAC address of the device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly macAddress?: string;
+ /**
+ * The model of the device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly model?: string;
+ /**
+ * The serial number of the device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly serialNumber?: string;
+ /**
+ * The firmware version of the device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly firmwareVersion?: string;
+ /**
+ * The operating system of the device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly operatingSystem?: string;
+ /**
+ * The AzureResource entity id of the IoT Hub
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly iotHubEntityId?: string;
+ /**
+ * The Host entity id of this device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly hostEntityId?: string;
+ /**
+ * The IP entity if of this device
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly ipAddressEntityId?: string;
+ /**
+ * A list of TI contexts attached to the IoTDevice entity.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly threatIntelligence?: ThreatIntelligence[];
+ /**
+ * A list of protocols of the IoTDevice entity.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly protocols?: string[];
+}
+
+/**
+ * Represents an ip entity.
+ */
+export interface IpEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Ip";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly address?: string;
+ /**
+ * The geo-location context attached to the ip entity
+ */
+ location?: GeoLocation;
+ /**
+ * A list of TI contexts attached to the ip entity.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly threatIntelligence?: ThreatIntelligence[];
+}
+
+/**
+ * Represents a mailbox entity.
+ */
+export interface MailboxEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Mailbox";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The mailbox's primary address
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly mailboxPrimaryAddress?: string;
+ /**
+ * The mailbox's display name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly displayName?: string;
+ /**
+ * The mailbox's UPN
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly upn?: string;
+ /**
+ * The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is
+ * specific to mailbox object on office side
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly externalDirectoryObjectId?: string;
+}
+
+/**
+ * Represents a mail cluster entity.
+ */
+export interface MailClusterEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "MailCluster";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The mail message IDs that are part of the mail cluster
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly networkMessageIds?: string[];
+ /**
+ * Count of mail messages by DeliveryStatus string representation
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly countByDeliveryStatus?: any;
+ /**
+ * Count of mail messages by ThreatType string representation
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly countByThreatType?: any;
+ /**
+ * Count of mail messages by ProtectionStatus string representation
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly countByProtectionStatus?: any;
+ /**
+ * The threats of mail messages that are part of the mail cluster
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly threats?: string[];
+ /**
+ * The query that was used to identify the messages of the mail cluster
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly query?: string;
+ /**
+ * The query time
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly queryTime?: Date;
+ /**
+ * The number of mail messages that are part of the mail cluster
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly mailCount?: number;
+ /**
+ * Is this a volume anomaly mail cluster
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly isVolumeAnomaly?: boolean;
+ /**
+ * The source of the mail cluster (default is 'O365 ATP')
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly source?: string;
+ /**
+ * The id of the cluster source
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly clusterSourceIdentifier?: string;
+ /**
+ * The type of the cluster source
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly clusterSourceType?: string;
+ /**
+ * The cluster query start time
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly clusterQueryStartTime?: Date;
+ /**
+ * The cluster query end time
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly clusterQueryEndTime?: Date;
+ /**
+ * The cluster group
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly clusterGroup?: string;
+}
+
+/**
+ * Represents a mail message entity.
+ */
+export interface MailMessageEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "MailMessage";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The File entity ids of this mail message's attachments
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly fileEntityIds?: string[];
+ /**
+ * The recipient of this mail message. Note that in case of multiple recipients the mail message
+ * is forked and each copy has one recipient
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly recipient?: string;
+ /**
+ * The Urls contained in this mail message
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly urls?: string[];
+ /**
+ * The threats of this mail message
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly threats?: string[];
+ /**
+ * The p1 sender's email address
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly p1Sender?: string;
+ /**
+ * The p1 sender's display name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly p1SenderDisplayName?: string;
+ /**
+ * The p1 sender's domain
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly p1SenderDomain?: string;
+ /**
+ * The sender's IP address
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly senderIP?: string;
+ /**
+ * The p2 sender's email address
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly p2Sender?: string;
+ /**
+ * The p2 sender's display name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly p2SenderDisplayName?: string;
+ /**
+ * The p2 sender's domain
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly p2SenderDomain?: string;
+ /**
+ * The receive date of this message
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly receiveDate?: Date;
+ /**
+ * The network message id of this mail message
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly networkMessageId?: string;
+ /**
+ * The internet message id of this mail message
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly internetMessageId?: string;
+ /**
+ * The subject of this mail message
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly subject?: string;
+ /**
+ * The language of this mail message
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly language?: string;
+ /**
+ * The threat detection methods
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly threatDetectionMethods?: string[];
+ /**
+ * The bodyFingerprintBin1
+ */
+ bodyFingerprintBin1?: number;
+ /**
+ * The bodyFingerprintBin2
+ */
+ bodyFingerprintBin2?: number;
+ /**
+ * The bodyFingerprintBin3
+ */
+ bodyFingerprintBin3?: number;
+ /**
+ * The bodyFingerprintBin4
+ */
+ bodyFingerprintBin4?: number;
+ /**
+ * The bodyFingerprintBin5
+ */
+ bodyFingerprintBin5?: number;
+ /**
+ * The directionality of this mail message. Possible values include: 'Unknown', 'Inbound',
+ * 'Outbound', 'Intraorg'
+ */
+ antispamDirection?: AntispamMailDirection;
+ /**
+ * The delivery action of this mail message like Delivered, Blocked, Replaced etc. Possible
+ * values include: 'Unknown', 'DeliveredAsSpam', 'Delivered', 'Blocked', 'Replaced'
+ */
+ deliveryAction?: DeliveryAction;
+ /**
+ * The delivery location of this mail message like Inbox, JunkFolder etc. Possible values
+ * include: 'Unknown', 'Inbox', 'JunkFolder', 'DeletedFolder', 'Quarantine', 'External',
+ * 'Failed', 'Dropped', 'Forwarded'
+ */
+ deliveryLocation?: DeliveryLocation;
+}
+
+/**
+ * Represents a malware entity.
+ */
+export interface MalwareEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Malware";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The malware category by the vendor, e.g. Trojan
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly category?: string;
+ /**
+ * List of linked file entity identifiers on which the malware was found
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly fileEntityIds?: string[];
+ /**
+ * The malware name by the vendor, e.g. Win32/Toga!rfn
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly malwareName?: string;
+ /**
+ * List of linked process entity identifiers on which the malware was found.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly processEntityIds?: string[];
+}
+
+/**
+ * Represents a process entity.
+ */
+export interface ProcessEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Process";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The account entity id running the processes.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly accountEntityId?: string;
+ /**
+ * The command line used to create the process
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly commandLine?: string;
+ /**
+ * The time when the process started to run
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly creationTimeUtc?: Date;
+ /**
+ * The elevation token associated with the process. Possible values include: 'Default', 'Full',
+ * 'Limited'
+ */
+ elevationToken?: ElevationToken;
+ /**
+ * The host entity id on which the process was running
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly hostEntityId?: string;
+ /**
+ * The session entity id in which the process was running
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly hostLogonSessionEntityId?: string;
+ /**
+ * Image file entity id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly imageFileEntityId?: string;
+ /**
+ * The parent process entity id.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly parentProcessEntityId?: string;
+ /**
+ * The process ID
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly processId?: string;
+}
+
+/**
+ * Represents a registry key entity.
+ */
+export interface RegistryKeyEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "RegistryKey";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * the hive that holds the registry key. Possible values include: 'HKEY_LOCAL_MACHINE',
+ * 'HKEY_CLASSES_ROOT', 'HKEY_CURRENT_CONFIG', 'HKEY_USERS', 'HKEY_CURRENT_USER_LOCAL_SETTINGS',
+ * 'HKEY_PERFORMANCE_DATA', 'HKEY_PERFORMANCE_NLSTEXT', 'HKEY_PERFORMANCE_TEXT', 'HKEY_A',
+ * 'HKEY_CURRENT_USER'
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly hive?: RegistryHive;
+ /**
+ * The registry key path.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly key?: string;
+}
+
+/**
+ * Represents a registry value entity.
+ */
+export interface RegistryValueEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "RegistryValue";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The registry key entity id.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly keyEntityId?: string;
+ /**
+ * String formatted representation of the value data.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly valueData?: string;
+ /**
+ * The registry value name.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly valueName?: string;
+ /**
+ * Specifies the data types to use when storing values in the registry, or identifies the data
+ * type of a value in the registry. Possible values include: 'None', 'Unknown', 'String',
+ * 'ExpandString', 'Binary', 'DWord', 'MultiString', 'QWord'
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly valueType?: RegistryValueKind;
+}
+
+/**
+ * Represents a relation between two resources
+ */
+export interface Relation extends ResourceWithEtag {
+ /**
+ * The resource ID of the related resource
+ */
+ relatedResourceId: string;
+ /**
+ * The name of the related resource
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly relatedResourceName?: string;
+ /**
+ * The resource type of the related resource
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly relatedResourceType?: string;
+ /**
+ * The resource kind of the related resource
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly relatedResourceKind?: string;
+}
+
+/**
+ * Represents a security group entity.
+ */
+export interface SecurityGroupEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "SecurityGroup";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The group distinguished name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly distinguishedName?: string;
+ /**
+ * A single-value attribute that is the unique identifier for the object, assigned by active
+ * directory.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly objectGuid?: string;
+ /**
+ * The SID attribute is a single-value attribute that specifies the security identifier (SID) of
+ * the group
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly sid?: string;
+}
+
+/**
+ * Represents a submission mail entity.
+ */
+export interface SubmissionMailEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "SubmissionMail";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * The network message id of email to which submission belongs
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly networkMessageId?: string;
+ /**
+ * The submission id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly submissionId?: string;
+ /**
+ * The submitter
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly submitter?: string;
+ /**
+ * The submission date
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly submissionDate?: Date;
+ /**
+ * The Time stamp when the message is received (Mail)
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly timestamp?: Date;
+ /**
+ * The recipient of the mail
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly recipient?: string;
+ /**
+ * The sender of the mail
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly sender?: string;
+ /**
+ * The sender's IP
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly senderIp?: string;
+ /**
+ * The subject of submission mail
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly subject?: string;
+ /**
+ * The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly reportType?: string;
+}
+
+/**
+ * Represents a url entity.
+ */
+export interface UrlEntity {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Url";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * A full URL the entity points to
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly url?: string;
+}
+
+/**
+ * Contains the possible cases for ThreatIntelligenceInformation.
+ */
+export type ThreatIntelligenceInformationUnion = ThreatIntelligenceInformation | ThreatIntelligenceIndicatorModel;
+
+/**
+ * Threat intelligence information object.
+ */
+export interface ThreatIntelligenceInformation {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "ThreatIntelligenceInformation";
+ /**
+ * Etag of the azure resource
+ */
+ etag?: string;
+}
+
+/**
+ * Describes threat kill chain phase entity
+ */
+export interface ThreatIntelligenceKillChainPhase {
+ /**
+ * Kill chainName name
+ */
+ killChainName?: string;
+ /**
+ * Phase name
+ */
+ phaseName?: string;
+}
+
+/**
+ * Describes threat kill chain phase entity
+ */
+export interface ThreatIntelligenceParsedPatternTypeValue {
+ /**
+ * Type of the value
+ */
+ valueType?: string;
+ /**
+ * Value of parsed pattern
+ */
+ value?: string;
+}
+
+/**
+ * Describes parsed pattern entity
+ */
+export interface ThreatIntelligenceParsedPattern {
+ /**
+ * Pattern type key
+ */
+ patternTypeKey?: string;
+ /**
+ * Pattern type keys
+ */
+ patternTypeValues?: ThreatIntelligenceParsedPatternTypeValue[];
+}
+
+/**
+ * Describes external reference
+ */
+export interface ThreatIntelligenceExternalReference {
+ /**
+ * External reference description
+ */
+ description?: string;
+ /**
+ * External reference ID
+ */
+ externalId?: string;
+ /**
+ * External reference source name
+ */
+ sourceName?: string;
+ /**
+ * External reference URL
+ */
+ url?: string;
+ /**
+ * External reference hashes
+ */
+ hashes?: { [propertyName: string]: string };
+}
+
+/**
+ * Describes threat granular marking model entity
+ */
+export interface ThreatIntelligenceGranularMarkingModel {
+ /**
+ * Language granular marking model
+ */
+ language?: string;
+ /**
+ * marking reference granular marking model
+ */
+ markingRef?: number;
+ /**
+ * granular marking model selectors
+ */
+ selectors?: string[];
+}
+
+/**
+ * Threat intelligence indicator entity.
+ */
+export interface ThreatIntelligenceIndicatorModel {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "indicator";
+ /**
+ * Etag of the azure resource
+ */
+ etag?: string;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * List of tags
+ */
+ threatIntelligenceTags?: string[];
+ /**
+ * Last updated time in UTC
+ */
+ lastUpdatedTimeUtc?: string;
+ /**
+ * Source of a threat intelligence entity
+ */
+ source?: string;
+ /**
+ * Display name of a threat intelligence entity
+ */
+ displayName?: string;
+ /**
+ * Description of a threat intelligence entity
+ */
+ description?: string;
+ /**
+ * Indicator types of threat intelligence entities
+ */
+ indicatorTypes?: string[];
+ /**
+ * Pattern of a threat intelligence entity
+ */
+ pattern?: string;
+ /**
+ * Pattern type of a threat intelligence entity
+ */
+ patternType?: string;
+ /**
+ * Pattern version of a threat intelligence entity
+ */
+ patternVersion?: string;
+ /**
+ * Kill chain phases
+ */
+ killChainPhases?: ThreatIntelligenceKillChainPhase[];
+ /**
+ * Parsed patterns
+ */
+ parsedPattern?: ThreatIntelligenceParsedPattern[];
+ /**
+ * External ID of threat intelligence entity
+ */
+ externalId?: string;
+ /**
+ * Created by reference of threat intelligence entity
+ */
+ createdByRef?: string;
+ /**
+ * Is threat intelligence entity defanged
+ */
+ defanged?: boolean;
+ /**
+ * External last updated time in UTC
+ */
+ externalLastUpdatedTimeUtc?: string;
+ /**
+ * External References
+ */
+ externalReferences?: ThreatIntelligenceExternalReference[];
+ /**
+ * Granular Markings
+ */
+ granularMarkings?: ThreatIntelligenceGranularMarkingModel[];
+ /**
+ * Labels of threat intelligence entity
+ */
+ labels?: string[];
+ /**
+ * Is threat intelligence entity revoked
+ */
+ revoked?: boolean;
+ /**
+ * Confidence of threat intelligence entity
+ */
+ confidence?: number;
+ /**
+ * Threat intelligence entity object marking references
+ */
+ objectMarkingRefs?: string[];
+ /**
+ * Language of threat intelligence entity
+ */
+ language?: string;
+ /**
+ * Threat types
+ */
+ threatTypes?: string[];
+ /**
+ * Valid from
+ */
+ validFrom?: string;
+ /**
+ * Valid until
+ */
+ validUntil?: string;
+ /**
+ * Created by
+ */
+ created?: string;
+ /**
+ * Modified by
+ */
+ modified?: string;
+ /**
+ * Extensions map
+ */
+ extensions?: { [propertyName: string]: any };
+}
+
+/**
+ * Describes an entity with kind.
+ */
+export interface ThreatIntelligenceResourceKind {
+}
+
+/**
+ * Threat intelligence indicator entity used in request body.
+ */
+export interface ThreatIntelligenceIndicatorModelForRequestBody extends ThreatIntelligenceResourceKind {
+ /**
+ * Etag of the azure resource
+ */
+ etag?: string;
+ /**
+ * A bag of custom fields that should be part of the entity and will be presented to the user.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly additionalData?: { [propertyName: string]: any };
+ /**
+ * The graph item display name which is a short humanly readable description of the graph item
+ * instance. This property is optional and might be system generated.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly friendlyName?: string;
+ /**
+ * List of tags
+ */
+ threatIntelligenceTags?: string[];
+ /**
+ * Last updated time in UTC
+ */
+ lastUpdatedTimeUtc?: string;
+ /**
+ * Source of a threat intelligence entity
+ */
+ source?: string;
+ /**
+ * Display name of a threat intelligence entity
+ */
+ displayName?: string;
+ /**
+ * Description of a threat intelligence entity
+ */
+ description?: string;
+ /**
+ * Indicator types of threat intelligence entities
+ */
+ indicatorTypes?: string[];
+ /**
+ * Pattern of a threat intelligence entity
+ */
+ pattern?: string;
+ /**
+ * Pattern type of a threat intelligence entity
+ */
+ patternType?: string;
+ /**
+ * Pattern version of a threat intelligence entity
+ */
+ patternVersion?: string;
+ /**
+ * Kill chain phases
+ */
+ killChainPhases?: ThreatIntelligenceKillChainPhase[];
+ /**
+ * Parsed patterns
+ */
+ parsedPattern?: ThreatIntelligenceParsedPattern[];
+ /**
+ * External ID of threat intelligence entity
+ */
+ externalId?: string;
+ /**
+ * Created by reference of threat intelligence entity
+ */
+ createdByRef?: string;
+ /**
+ * Is threat intelligence entity defanged
+ */
+ defanged?: boolean;
+ /**
+ * External last updated time in UTC
+ */
+ externalLastUpdatedTimeUtc?: string;
+ /**
+ * External References
+ */
+ externalReferences?: ThreatIntelligenceExternalReference[];
+ /**
+ * Granular Markings
+ */
+ granularMarkings?: ThreatIntelligenceGranularMarkingModel[];
+ /**
+ * Labels of threat intelligence entity
+ */
+ labels?: string[];
+ /**
+ * Is threat intelligence entity revoked
+ */
+ revoked?: boolean;
+ /**
+ * Confidence of threat intelligence entity
+ */
+ confidence?: number;
+ /**
+ * Threat intelligence entity object marking references
+ */
+ objectMarkingRefs?: string[];
+ /**
+ * Language of threat intelligence entity
+ */
+ language?: string;
+ /**
+ * Threat types
+ */
+ threatTypes?: string[];
+ /**
+ * Valid from
+ */
+ validFrom?: string;
+ /**
+ * Valid until
+ */
+ validUntil?: string;
+ /**
+ * Created by
+ */
+ created?: string;
+ /**
+ * Modified by
+ */
+ modified?: string;
+ /**
+ * Extensions map
+ */
+ extensions?: { [propertyName: string]: any };
+}
+
+/**
+ * List of available columns for sorting
+ */
+export interface ThreatIntelligenceSortingCriteria {
+ /**
+ * Column name
+ */
+ itemKey?: string;
+ /**
+ * Sorting order (ascending/descending/unsorted). Possible values include: 'unsorted',
+ * 'ascending', 'descending'
+ */
+ sortOrder?: ThreatIntelligenceSortingOrder;
+}
+
+/**
+ * Filtering criteria for querying threat intelligence indicators.
+ */
+export interface ThreatIntelligenceFilteringCriteria {
+ /**
+ * Page size
+ */
+ pageSize?: number;
+ /**
+ * Minimum confidence.
+ */
+ minConfidence?: number;
+ /**
+ * Maximum confidence.
+ */
+ maxConfidence?: number;
+ /**
+ * Start time for ValidUntil filter.
+ */
+ minValidUntil?: string;
+ /**
+ * End time for ValidUntil filter.
+ */
+ maxValidUntil?: string;
+ /**
+ * Parameter to include/exclude disabled indicators.
+ */
+ includeDisabled?: boolean;
+ /**
+ * Columns to sort by and sorting order
+ */
+ sortBy?: ThreatIntelligenceSortingCriteria[];
+ /**
+ * Sources of threat intelligence indicators
+ */
+ sources?: string[];
+ /**
+ * Pattern types
+ */
+ patternTypes?: string[];
+ /**
+ * Threat types of threat intelligence indicators
+ */
+ threatTypes?: string[];
+ /**
+ * Ids of threat intelligence indicators
+ */
+ ids?: string[];
+ /**
+ * Keywords for searching threat intelligence indicators
+ */
+ keywords?: string[];
+ /**
+ * Skip token.
+ */
+ skipToken?: string;
+}
+
+/**
+ * Array of tags to be appended to the threat intelligence indicator.
+ */
+export interface ThreatIntelligenceAppendTags {
+ /**
+ * List of tags to be appended.
+ */
+ threatIntelligenceTags?: string[];
+}
+
+/**
+ * Describes threat intelligence metric entity
+ */
+export interface ThreatIntelligenceMetricEntity {
+ /**
+ * Metric name
+ */
+ metricName?: string;
+ /**
+ * Metric value
+ */
+ metricValue?: number;
+}
+
+/**
+ * Describes threat intelligence metric
+ */
+export interface ThreatIntelligenceMetric {
+ /**
+ * Last updated indicator metric
+ */
+ lastUpdatedTimeUtc?: string;
+ /**
+ * Threat type metrics
+ */
+ threatTypeMetrics?: ThreatIntelligenceMetricEntity[];
+ /**
+ * Pattern type metrics
+ */
+ patternTypeMetrics?: ThreatIntelligenceMetricEntity[];
+ /**
+ * Source metrics
+ */
+ sourceMetrics?: ThreatIntelligenceMetricEntity[];
+}
+
+/**
+ * Threat intelligence metrics.
+ */
+export interface ThreatIntelligenceMetrics {
+ /**
+ * Threat intelligence metrics.
+ */
+ properties?: ThreatIntelligenceMetric;
+}
+
+/**
+ * List of all the threat intelligence metric fields (type/threat type/source).
+ */
+export interface ThreatIntelligenceMetricsList {
+ /**
+ * Array of threat intelligence metric fields (type/threat type/source).
+ */
+ value: ThreatIntelligenceMetrics[];
+}
+
+/**
+ * Represents a Watchlist in Azure Security Insights.
+ */
+export interface Watchlist extends ResourceWithEtag {
+ /**
+ * The id (a Guid) of the watchlist
+ */
+ watchlistId?: string;
+ /**
+ * The display name of the watchlist
+ */
+ displayName: string;
+ /**
+ * The provider of the watchlist
+ */
+ provider: string;
+ /**
+ * The source of the watchlist. Possible values include: 'Local file', 'Remote storage'
+ */
+ source: Source;
+ /**
+ * The time the watchlist was created
+ */
+ created?: Date;
+ /**
+ * The last time the watchlist was updated
+ */
+ updated?: Date;
+ /**
+ * Describes a user that created the watchlist
+ */
+ createdBy?: UserInfo;
+ /**
+ * Describes a user that updated the watchlist
+ */
+ updatedBy?: UserInfo;
+ /**
+ * A description of the watchlist
+ */
+ description?: string;
+ /**
+ * The type of the watchlist
+ */
+ watchlistType?: string;
+ /**
+ * The alias of the watchlist
+ */
+ watchlistAlias?: string;
+ /**
+ * A flag that indicates if the watchlist is deleted or not
+ */
+ isDeleted?: boolean;
+ /**
+ * List of labels relevant to this watchlist
+ */
+ labels?: string[];
+ /**
+ * The default duration of a watchlist (in ISO 8601 duration format)
+ */
+ defaultDuration?: string;
+ /**
+ * The tenantId where the watchlist belongs to
+ */
+ tenantId?: string;
+ /**
+ * The number of lines in a csv content to skip before the header
+ */
+ numberOfLinesToSkip?: number;
+ /**
+ * The raw content that represents to watchlist items to create. Example : This line will be
+ * skipped
+ * header1,header2
+ * value1,value2
+ */
+ rawContent?: string;
+ /**
+ * The search key is used to optimize query performance when using watchlists for joins with
+ * other data. For example, enable a column with IP addresses to be the designated SearchKey
+ * field, then use this field as the key field when joining to other event data by IP address.
+ */
+ itemsSearchKey: string;
+ /**
+ * The content type of the raw content. For now, only text/csv is valid
+ */
+ contentType?: string;
+ /**
+ * The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist
+ * upload status is InProgress, the Watchlist cannot be deleted
+ */
+ uploadStatus?: string;
+}
+
+/**
+ * Represents a Watchlist Item in Azure Security Insights.
+ */
+export interface WatchlistItem extends ResourceWithEtag {
+ /**
+ * The type of the watchlist item
+ */
+ watchlistItemType?: string;
+ /**
+ * The id (a Guid) of the watchlist item
+ */
+ watchlistItemId?: string;
+ /**
+ * The tenantId to which the watchlist item belongs to
+ */
+ tenantId?: string;
+ /**
+ * A flag that indicates if the watchlist item is deleted or not
+ */
+ isDeleted?: boolean;
+ /**
+ * The time the watchlist item was created
+ */
+ created?: Date;
+ /**
+ * The last time the watchlist item was updated
+ */
+ updated?: Date;
+ /**
+ * Describes a user that created the watchlist item
+ */
+ createdBy?: UserInfo;
+ /**
+ * Describes a user that updated the watchlist item
+ */
+ updatedBy?: UserInfo;
+ /**
+ * key-value pairs for a watchlist item
+ */
+ itemsKeyValue: any;
+ /**
+ * key-value pairs for a watchlist item entity mapping
+ */
+ entityMapping?: any;
+}
+
+/**
+ * Properties of the operation
+ */
+export interface OperationDisplay {
+ /**
+ * Description of the operation
+ */
+ description?: string;
+ /**
+ * Operation name
+ */
+ operation?: string;
+ /**
+ * Provider name
+ */
+ provider?: string;
+ /**
+ * Resource name
+ */
+ resource?: string;
+}
+
+/**
+ * Operation provided by provider
+ */
+export interface Operation {
+ /**
+ * Properties of the operation
+ */
+ display?: OperationDisplay;
+ /**
+ * Name of the operation
+ */
+ name?: string;
+ /**
+ * The origin of the operation
+ */
+ origin?: string;
+}
+
+/**
+ * Action for alert rule.
+ */
+export interface ActionResponse extends Resource {
+ /**
+ * Etag of the action.
+ */
+ etag?: string;
+ /**
+ * Logic App Resource Id,
+ * /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
+ */
+ logicAppResourceId: string;
+ /**
+ * The name of the logic app's workflow.
+ */
+ workflowId?: string;
+}
+
+/**
+ * Action for alert rule.
+ */
+export interface ActionRequest extends ResourceWithEtag {
+ /**
+ * Logic App Resource Id,
+ * /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
+ */
+ logicAppResourceId: string;
+ /**
+ * Logic App Callback URL for this specific workflow.
+ */
+ triggerUri: string;
+}
+
+/**
+ * Action property bag base.
+ */
+export interface ActionPropertiesBase {
+ /**
+ * Logic App Resource Id,
+ * /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
+ */
+ logicAppResourceId: string;
+}
+
+/**
+ * Contains the possible cases for AlertRule.
+ */
+export type AlertRuleUnion = AlertRule | FusionAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule;
+
+/**
+ * Alert rule.
+ */
+export interface AlertRule {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "AlertRule";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * Etag of the azure resource
+ */
+ etag?: string;
+}
+
+/**
+ * Contains the possible cases for AlertRuleTemplate.
+ */
+export type AlertRuleTemplateUnion = AlertRuleTemplate | FusionAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate;
+
+/**
+ * Alert rule template.
+ */
+export interface AlertRuleTemplate {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "AlertRuleTemplate";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+}
+
+/**
+ * alert rule template data sources
+ */
+export interface AlertRuleTemplateDataSource {
+ /**
+ * The connector id that provides the following data types
+ */
+ connectorId?: string;
+ /**
+ * The data types used by the alert rule template
+ */
+ dataTypes?: string[];
+}
+
+/**
+ * Represents Fusion alert rule.
+ */
+export interface FusionAlertRule {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Fusion";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * Etag of the azure resource
+ */
+ etag?: string;
+ /**
+ * The Name of the alert rule template used to create this rule.
+ */
+ alertRuleTemplateName: string;
+ /**
+ * The description of the alert rule.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly description?: string;
+ /**
+ * The display name for alerts created by this alert rule.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly displayName?: string;
+ /**
+ * Determines whether this alert rule is enabled or disabled.
+ */
+ enabled: boolean;
+ /**
+ * The last time that this alert has been modified.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly lastModifiedUtc?: Date;
+ /**
+ * The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium',
+ * 'Low', 'Informational'
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly severity?: AlertSeverity;
+ /**
+ * The tactics of the alert rule
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly tactics?: AttackTactic[];
+}
+
+/**
+ * Represents Fusion alert rule template.
+ */
+export interface FusionAlertRuleTemplate {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Fusion";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * the number of alert rules that were created by this template
+ */
+ alertRulesCreatedByTemplateCount?: number;
+ /**
+ * The time that this alert rule template has been added.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly createdDateUTC?: Date;
+ /**
+ * The description of the alert rule template.
+ */
+ description?: string;
+ /**
+ * The display name for alert rule template.
+ */
+ displayName?: string;
+ /**
+ * The required data connectors for this template
+ */
+ requiredDataConnectors?: AlertRuleTemplateDataSource[];
+ /**
+ * The alert rule template status. Possible values include: 'Installed', 'Available',
+ * 'NotAvailable'
+ */
+ status?: TemplateStatus;
+ /**
+ * The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium',
+ * 'Low', 'Informational'
+ */
+ severity?: AlertSeverity;
+ /**
+ * The tactics of the alert rule template
+ */
+ tactics?: AttackTactic[];
+}
+
+/**
+ * Represents MicrosoftSecurityIncidentCreation rule.
+ */
+export interface MicrosoftSecurityIncidentCreationAlertRule {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "MicrosoftSecurityIncidentCreation";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * Etag of the azure resource
+ */
+ etag?: string;
+ /**
+ * the alerts' displayNames on which the cases will be generated
+ */
+ displayNamesFilter?: string[];
+ /**
+ * the alerts' displayNames on which the cases will not be generated
+ */
+ displayNamesExcludeFilter?: string[];
+ /**
+ * The alerts' productName on which the cases will be generated. Possible values include:
+ * 'Microsoft Cloud App Security', 'Azure Security Center', 'Azure Advanced Threat Protection',
+ * 'Azure Active Directory Identity Protection', 'Azure Security Center for IoT'
+ */
+ productFilter: MicrosoftSecurityProductName;
+ /**
+ * the alerts' severities on which the cases will be generated
+ */
+ severitiesFilter?: AlertSeverity[];
+ /**
+ * The Name of the alert rule template used to create this rule.
+ */
+ alertRuleTemplateName?: string;
+ /**
+ * The description of the alert rule.
+ */
+ description?: string;
+ /**
+ * The display name for alerts created by this alert rule.
+ */
+ displayName: string;
+ /**
+ * Determines whether this alert rule is enabled or disabled.
+ */
+ enabled: boolean;
+ /**
+ * The last time that this alert has been modified.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly lastModifiedUtc?: Date;
+}
+
+/**
+ * MicrosoftSecurityIncidentCreation rule common property bag.
+ */
+export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties {
+ /**
+ * the alerts' displayNames on which the cases will be generated
+ */
+ displayNamesFilter?: string[];
+ /**
+ * the alerts' displayNames on which the cases will not be generated
+ */
+ displayNamesExcludeFilter?: string[];
+ /**
+ * The alerts' productName on which the cases will be generated. Possible values include:
+ * 'Microsoft Cloud App Security', 'Azure Security Center', 'Azure Advanced Threat Protection',
+ * 'Azure Active Directory Identity Protection', 'Azure Security Center for IoT'
+ */
+ productFilter: MicrosoftSecurityProductName;
+ /**
+ * the alerts' severities on which the cases will be generated
+ */
+ severitiesFilter?: AlertSeverity[];
+}
+
+/**
+ * Represents MicrosoftSecurityIncidentCreation rule template.
+ */
+export interface MicrosoftSecurityIncidentCreationAlertRuleTemplate {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "MicrosoftSecurityIncidentCreation";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * the number of alert rules that were created by this template
+ */
+ alertRulesCreatedByTemplateCount?: number;
+ /**
+ * The time that this alert rule template has been added.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly createdDateUTC?: Date;
+ /**
+ * The description of the alert rule template.
+ */
+ description?: string;
+ /**
+ * The display name for alert rule template.
+ */
+ displayName?: string;
+ /**
+ * The required data connectors for this template
+ */
+ requiredDataConnectors?: AlertRuleTemplateDataSource[];
+ /**
+ * The alert rule template status. Possible values include: 'Installed', 'Available',
+ * 'NotAvailable'
+ */
+ status?: TemplateStatus;
+ /**
+ * the alerts' displayNames on which the cases will be generated
+ */
+ displayNamesFilter?: string[];
+ /**
+ * the alerts' displayNames on which the cases will not be generated
+ */
+ displayNamesExcludeFilter?: string[];
+ /**
+ * The alerts' productName on which the cases will be generated. Possible values include:
+ * 'Microsoft Cloud App Security', 'Azure Security Center', 'Azure Advanced Threat Protection',
+ * 'Azure Active Directory Identity Protection', 'Azure Security Center for IoT'
+ */
+ productFilter: MicrosoftSecurityProductName;
+ /**
+ * the alerts' severities on which the cases will be generated
+ */
+ severitiesFilter?: AlertSeverity[];
+}
+
+/**
+ * Represents scheduled alert rule.
+ */
+export interface ScheduledAlertRule {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Scheduled";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * Etag of the azure resource
+ */
+ etag?: string;
+ /**
+ * The query that creates alerts for this rule.
+ */
+ query?: string;
+ /**
+ * The frequency (in ISO 8601 duration format) for this alert rule to run.
+ */
+ queryFrequency?: string;
+ /**
+ * The period (in ISO 8601 duration format) that this alert rule looks at.
+ */
+ queryPeriod?: string;
+ /**
+ * The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium',
+ * 'Low', 'Informational'
+ */
+ severity?: AlertSeverity;
+ /**
+ * The operation against the threshold that triggers alert rule. Possible values include:
+ * 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
+ */
+ triggerOperator?: TriggerOperator;
+ /**
+ * The threshold triggers this alert rule.
+ */
+ triggerThreshold?: number;
+ /**
+ * The Name of the alert rule template used to create this rule.
+ */
+ alertRuleTemplateName?: string;
+ /**
+ * The description of the alert rule.
+ */
+ description?: string;
+ /**
+ * The display name for alerts created by this alert rule.
+ */
+ displayName: string;
+ /**
+ * Determines whether this alert rule is enabled or disabled.
+ */
+ enabled: boolean;
+ /**
+ * The last time that this alert rule has been modified.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly lastModifiedUtc?: Date;
+ /**
+ * The suppression (in ISO 8601 duration format) to wait since last time this alert rule been
+ * triggered.
+ */
+ suppressionDuration: string;
+ /**
+ * Determines whether the suppression for this alert rule is enabled or disabled.
+ */
+ suppressionEnabled: boolean;
+ /**
+ * The tactics of the alert rule
+ */
+ tactics?: AttackTactic[];
+}
+
+/**
+ * Schedule alert rule template property bag.
+ */
+export interface ScheduledAlertRuleCommonProperties {
+ /**
+ * The query that creates alerts for this rule.
+ */
+ query?: string;
+ /**
+ * The frequency (in ISO 8601 duration format) for this alert rule to run.
+ */
+ queryFrequency?: string;
+ /**
+ * The period (in ISO 8601 duration format) that this alert rule looks at.
+ */
+ queryPeriod?: string;
+ /**
+ * The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium',
+ * 'Low', 'Informational'
+ */
+ severity?: AlertSeverity;
+ /**
+ * The operation against the threshold that triggers alert rule. Possible values include:
+ * 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
+ */
+ triggerOperator?: TriggerOperator;
+ /**
+ * The threshold triggers this alert rule.
+ */
+ triggerThreshold?: number;
+}
+
+/**
+ * Represents scheduled alert rule template.
+ */
+export interface ScheduledAlertRuleTemplate {
+ /**
+ * Polymorphic Discriminator
+ */
+ kind: "Scheduled";
+ /**
+ * Azure resource Id
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly id?: string;
+ /**
+ * Azure resource name
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly name?: string;
+ /**
+ * Azure resource type
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly type?: string;
+ /**
+ * Azure Resource Manager metadata containing createdBy and modifiedBy information.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly systemData?: SystemData;
+ /**
+ * the number of alert rules that were created by this template
+ */
+ alertRulesCreatedByTemplateCount?: number;
+ /**
+ * The time that this alert rule template has been added.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly createdDateUTC?: Date;
+ /**
+ * The description of the alert rule template.
+ */
+ description?: string;
+ /**
+ * The display name for alert rule template.
+ */
+ displayName?: string;
+ /**
+ * The required data connectors for this template
+ */
+ requiredDataConnectors?: AlertRuleTemplateDataSource[];
+ /**
+ * The alert rule template status. Possible values include: 'Installed', 'Available',
+ * 'NotAvailable'
+ */
+ status?: TemplateStatus;
+ /**
+ * The query that creates alerts for this rule.
+ */
+ query?: string;
+ /**
+ * The frequency (in ISO 8601 duration format) for this alert rule to run.
+ */
+ queryFrequency?: string;
+ /**
+ * The period (in ISO 8601 duration format) that this alert rule looks at.
+ */
+ queryPeriod?: string;
+ /**
+ * The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium',
+ * 'Low', 'Informational'
+ */
+ severity?: AlertSeverity;
+ /**
+ * The operation against the threshold that triggers alert rule. Possible values include:
+ * 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
+ */
+ triggerOperator?: TriggerOperator;
+ /**
+ * The threshold triggers this alert rule.
+ */
+ triggerThreshold?: number;
+ /**
+ * The tactics of the alert rule template
+ */
+ tactics?: AttackTactic[];
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface IncidentsListOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Filters the results, based on a Boolean condition. Optional.
+ */
+ filter?: string;
+ /**
+ * Sorts the results. Optional.
+ */
+ orderby?: string;
+ /**
+ * Returns only the first n results. Optional.
+ */
+ top?: number;
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface IncidentsListNextOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Filters the results, based on a Boolean condition. Optional.
+ */
+ filter?: string;
+ /**
+ * Sorts the results. Optional.
+ */
+ orderby?: string;
+ /**
+ * Returns only the first n results. Optional.
+ */
+ top?: number;
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface IncidentCommentsListByIncidentOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Filters the results, based on a Boolean condition. Optional.
+ */
+ filter?: string;
+ /**
+ * Sorts the results. Optional.
+ */
+ orderby?: string;
+ /**
+ * Returns only the first n results. Optional.
+ */
+ top?: number;
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface IncidentCommentsListByIncidentNextOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Filters the results, based on a Boolean condition. Optional.
+ */
+ filter?: string;
+ /**
+ * Sorts the results. Optional.
+ */
+ orderby?: string;
+ /**
+ * Returns only the first n results. Optional.
+ */
+ top?: number;
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface IncidentRelationsListOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Filters the results, based on a Boolean condition. Optional.
+ */
+ filter?: string;
+ /**
+ * Sorts the results. Optional.
+ */
+ orderby?: string;
+ /**
+ * Returns only the first n results. Optional.
+ */
+ top?: number;
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface IncidentRelationsListNextOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Filters the results, based on a Boolean condition. Optional.
+ */
+ filter?: string;
+ /**
+ * Sorts the results. Optional.
+ */
+ orderby?: string;
+ /**
+ * Returns only the first n results. Optional.
+ */
+ top?: number;
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface ThreatIntelligenceIndicatorsListOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Filters the results, based on a Boolean condition. Optional.
+ */
+ filter?: string;
+ /**
+ * Returns only the first n results. Optional.
+ */
+ top?: number;
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+ /**
+ * Sorts the results. Optional.
+ */
+ orderby?: string;
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface ThreatIntelligenceIndicatorsListNextOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Filters the results, based on a Boolean condition. Optional.
+ */
+ filter?: string;
+ /**
+ * Returns only the first n results. Optional.
+ */
+ top?: number;
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+ /**
+ * Sorts the results. Optional.
+ */
+ orderby?: string;
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface WatchlistsListOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface WatchlistsListNextOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface WatchlistItemsListOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+}
+
+/**
+ * Optional Parameters.
+ */
+export interface WatchlistItemsListNextOptionalParams extends msRest.RequestOptionsBase {
+ /**
+ * Skiptoken is only used if a previous operation returned a partial result. If a previous
+ * response contains a nextLink element, the value of the nextLink element will include a
+ * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
+ */
+ skipToken?: string;
+}
+
+/**
+ * An interface representing SecurityInsightsOptions.
+ */
+export interface SecurityInsightsOptions extends AzureServiceClientOptions {
+ baseUri?: string;
+}
+
+/**
+ * @interface
+ * List all the incidents.
+ * @extends Array
+ */
+export interface IncidentList extends Array {
+ /**
+ * URL to fetch the next set of incidents.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly nextLink?: string;
+}
+
+/**
+ * @interface
+ * List of incident comments.
+ * @extends Array
+ */
+export interface IncidentCommentList extends Array {
+ /**
+ * URL to fetch the next set of comments.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly nextLink?: string;
+}
+
+/**
+ * @interface
+ * List of relations.
+ * @extends Array
+ */
+export interface RelationList extends Array {
+ /**
+ * URL to fetch the next set of relations.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly nextLink?: string;
+}
+
+/**
+ * @interface
+ * List of all the threat intelligence information objects.
+ * @extends Array
+ */
+export interface ThreatIntelligenceInformationList extends Array {
+ /**
+ * URL to fetch the next set of information objects.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly nextLink?: string;
+}
+
+/**
+ * @interface
+ * List all the watchlists.
+ * @extends Array
+ */
+export interface WatchlistList extends Array {
+ /**
+ * URL to fetch the next set of watchlists.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly nextLink?: string;
+}
+
+/**
+ * @interface
+ * List all the watchlist items.
+ * @extends Array
+ */
+export interface WatchlistItemList extends Array {
+ /**
+ * URL to fetch the next set of watchlist items.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly nextLink?: string;
+}
+
+/**
+ * @interface
+ * Lists the operations available in the SecurityInsights RP.
+ * @extends Array
+ */
+export interface OperationsList extends Array {
+ /**
+ * URL to fetch the next set of operations.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly nextLink?: string;
+}
+
+/**
+ * @interface
+ * List all the alert rules.
+ * @extends Array
+ */
+export interface AlertRulesList extends Array {
+ /**
+ * URL to fetch the next set of alert rules.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly nextLink?: string;
+}
+
+/**
+ * @interface
+ * List all the actions.
+ * @extends Array
+ */
+export interface ActionsList extends Array {
+ /**
+ * URL to fetch the next set of actions.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly nextLink?: string;
+}
+
+/**
+ * @interface
+ * List all the alert rule templates.
+ * @extends Array
+ */
+export interface AlertRuleTemplatesList extends Array {
+ /**
+ * URL to fetch the next set of alert rule templates.
+ * **NOTE: This property will not be serialized. It can only be populated by the server.**
+ */
+ readonly nextLink?: string;
+}
+
+/**
+ * Defines values for AlertSeverity.
+ * Possible values include: 'High', 'Medium', 'Low', 'Informational'
+ * @readonly
+ * @enum {string}
+ */
+export type AlertSeverity = 'High' | 'Medium' | 'Low' | 'Informational';
+
+/**
+ * Defines values for AttackTactic.
+ * Possible values include: 'InitialAccess', 'Execution', 'Persistence', 'PrivilegeEscalation',
+ * 'DefenseEvasion', 'CredentialAccess', 'Discovery', 'LateralMovement', 'Collection',
+ * 'Exfiltration', 'CommandAndControl', 'Impact'
+ * @readonly
+ * @enum {string}
+ */
+export type AttackTactic = 'InitialAccess' | 'Execution' | 'Persistence' | 'PrivilegeEscalation' | 'DefenseEvasion' | 'CredentialAccess' | 'Discovery' | 'LateralMovement' | 'Collection' | 'Exfiltration' | 'CommandAndControl' | 'Impact';
+
+/**
+ * Defines values for CreatedByType.
+ * Possible values include: 'User', 'Application', 'ManagedIdentity', 'Key'
+ * @readonly
+ * @enum {string}
+ */
+export type CreatedByType = 'User' | 'Application' | 'ManagedIdentity' | 'Key';
+
+/**
+ * Defines values for EntityKindEnum.
+ * Possible values include: 'Account', 'Host', 'File', 'AzureResource', 'CloudApplication',
+ * 'DnsResolution', 'FileHash', 'Ip', 'Malware', 'Process', 'RegistryKey', 'RegistryValue',
+ * 'SecurityGroup', 'Url', 'IoTDevice', 'SecurityAlert', 'Bookmark', 'MailCluster', 'MailMessage',
+ * 'Mailbox', 'SubmissionMail'
+ * @readonly
+ * @enum {string}
+ */
+export type EntityKindEnum = 'Account' | 'Host' | 'File' | 'AzureResource' | 'CloudApplication' | 'DnsResolution' | 'FileHash' | 'Ip' | 'Malware' | 'Process' | 'RegistryKey' | 'RegistryValue' | 'SecurityGroup' | 'Url' | 'IoTDevice' | 'SecurityAlert' | 'Bookmark' | 'MailCluster' | 'MailMessage' | 'Mailbox' | 'SubmissionMail';
+
+/**
+ * Defines values for FileHashAlgorithm.
+ * Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC'
+ * @readonly
+ * @enum {string}
+ */
+export type FileHashAlgorithm = 'Unknown' | 'MD5' | 'SHA1' | 'SHA256' | 'SHA256AC';
+
+/**
+ * Defines values for OSFamily.
+ * Possible values include: 'Linux', 'Windows', 'Android', 'IOS', 'Unknown'
+ * @readonly
+ * @enum {string}
+ */
+export type OSFamily = 'Linux' | 'Windows' | 'Android' | 'IOS' | 'Unknown';
+
+/**
+ * Defines values for CaseSeverity.
+ * Possible values include: 'Critical', 'High', 'Medium', 'Low', 'Informational'
+ * @readonly
+ * @enum {string}
+ */
+export type CaseSeverity = 'Critical' | 'High' | 'Medium' | 'Low' | 'Informational';
+
+/**
+ * Defines values for IncidentClassification.
+ * Possible values include: 'Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive'
+ * @readonly
+ * @enum {string}
+ */
+export type IncidentClassification = 'Undetermined' | 'TruePositive' | 'BenignPositive' | 'FalsePositive';
+
+/**
+ * Defines values for IncidentClassificationReason.
+ * Possible values include: 'SuspiciousActivity', 'SuspiciousButExpected', 'IncorrectAlertLogic',
+ * 'InaccurateData'
+ * @readonly
+ * @enum {string}
+ */
+export type IncidentClassificationReason = 'SuspiciousActivity' | 'SuspiciousButExpected' | 'IncorrectAlertLogic' | 'InaccurateData';
+
+/**
+ * Defines values for IncidentLabelType.
+ * Possible values include: 'User', 'System'
+ * @readonly
+ * @enum {string}
+ */
+export type IncidentLabelType = 'User' | 'System';
+
+/**
+ * Defines values for IncidentSeverity.
+ * Possible values include: 'High', 'Medium', 'Low', 'Informational'
+ * @readonly
+ * @enum {string}
+ */
+export type IncidentSeverity = 'High' | 'Medium' | 'Low' | 'Informational';
+
+/**
+ * Defines values for IncidentStatus.
+ * Possible values include: 'New', 'Active', 'Closed'
+ * @readonly
+ * @enum {string}
+ */
+export type IncidentStatus = 'New' | 'Active' | 'Closed';
+
+/**
+ * Defines values for ConfidenceLevel.
+ * Possible values include: 'Unknown', 'Low', 'High'
+ * @readonly
+ * @enum {string}
+ */
+export type ConfidenceLevel = 'Unknown' | 'Low' | 'High';
+
+/**
+ * Defines values for ConfidenceScoreStatus.
+ * Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final'
+ * @readonly
+ * @enum {string}
+ */
+export type ConfidenceScoreStatus = 'NotApplicable' | 'InProcess' | 'NotFinal' | 'Final';
+
+/**
+ * Defines values for KillChainIntent.
+ * Possible values include: 'Unknown', 'Probing', 'Exploitation', 'Persistence',
+ * 'PrivilegeEscalation', 'DefenseEvasion', 'CredentialAccess', 'Discovery', 'LateralMovement',
+ * 'Execution', 'Collection', 'Exfiltration', 'CommandAndControl', 'Impact'
+ * @readonly
+ * @enum {string}
+ */
+export type KillChainIntent = 'Unknown' | 'Probing' | 'Exploitation' | 'Persistence' | 'PrivilegeEscalation' | 'DefenseEvasion' | 'CredentialAccess' | 'Discovery' | 'LateralMovement' | 'Execution' | 'Collection' | 'Exfiltration' | 'CommandAndControl' | 'Impact';
+
+/**
+ * Defines values for AlertStatus.
+ * Possible values include: 'Unknown', 'New', 'Resolved', 'Dismissed', 'InProgress'
+ * @readonly
+ * @enum {string}
+ */
+export type AlertStatus = 'Unknown' | 'New' | 'Resolved' | 'Dismissed' | 'InProgress';
+
+/**
+ * Defines values for AntispamMailDirection.
+ * Possible values include: 'Unknown', 'Inbound', 'Outbound', 'Intraorg'
+ * @readonly
+ * @enum {string}
+ */
+export type AntispamMailDirection = 'Unknown' | 'Inbound' | 'Outbound' | 'Intraorg';
+
+/**
+ * Defines values for DeliveryAction.
+ * Possible values include: 'Unknown', 'DeliveredAsSpam', 'Delivered', 'Blocked', 'Replaced'
+ * @readonly
+ * @enum {string}
+ */
+export type DeliveryAction = 'Unknown' | 'DeliveredAsSpam' | 'Delivered' | 'Blocked' | 'Replaced';
+
+/**
+ * Defines values for DeliveryLocation.
+ * Possible values include: 'Unknown', 'Inbox', 'JunkFolder', 'DeletedFolder', 'Quarantine',
+ * 'External', 'Failed', 'Dropped', 'Forwarded'
+ * @readonly
+ * @enum {string}
+ */
+export type DeliveryLocation = 'Unknown' | 'Inbox' | 'JunkFolder' | 'DeletedFolder' | 'Quarantine' | 'External' | 'Failed' | 'Dropped' | 'Forwarded';
+
+/**
+ * Defines values for ElevationToken.
+ * Possible values include: 'Default', 'Full', 'Limited'
+ * @readonly
+ * @enum {string}
+ */
+export type ElevationToken = 'Default' | 'Full' | 'Limited';
+
+/**
+ * Defines values for RegistryHive.
+ * Possible values include: 'HKEY_LOCAL_MACHINE', 'HKEY_CLASSES_ROOT', 'HKEY_CURRENT_CONFIG',
+ * 'HKEY_USERS', 'HKEY_CURRENT_USER_LOCAL_SETTINGS', 'HKEY_PERFORMANCE_DATA',
+ * 'HKEY_PERFORMANCE_NLSTEXT', 'HKEY_PERFORMANCE_TEXT', 'HKEY_A', 'HKEY_CURRENT_USER'
+ * @readonly
+ * @enum {string}
+ */
+export type RegistryHive = 'HKEY_LOCAL_MACHINE' | 'HKEY_CLASSES_ROOT' | 'HKEY_CURRENT_CONFIG' | 'HKEY_USERS' | 'HKEY_CURRENT_USER_LOCAL_SETTINGS' | 'HKEY_PERFORMANCE_DATA' | 'HKEY_PERFORMANCE_NLSTEXT' | 'HKEY_PERFORMANCE_TEXT' | 'HKEY_A' | 'HKEY_CURRENT_USER';
+
+/**
+ * Defines values for RegistryValueKind.
+ * Possible values include: 'None', 'Unknown', 'String', 'ExpandString', 'Binary', 'DWord',
+ * 'MultiString', 'QWord'
+ * @readonly
+ * @enum {string}
+ */
+export type RegistryValueKind = 'None' | 'Unknown' | 'String' | 'ExpandString' | 'Binary' | 'DWord' | 'MultiString' | 'QWord';
+
+/**
+ * Defines values for ThreatIntelligenceResourceInnerKind.
+ * Possible values include: 'indicator'
+ * @readonly
+ * @enum {string}
+ */
+export type ThreatIntelligenceResourceInnerKind = 'indicator';
+
+/**
+ * Defines values for ThreatIntelligenceSortingOrder.
+ * Possible values include: 'unsorted', 'ascending', 'descending'
+ * @readonly
+ * @enum {string}
+ */
+export type ThreatIntelligenceSortingOrder = 'unsorted' | 'ascending' | 'descending';
+
+/**
+ * Defines values for Source.
+ * Possible values include: 'Local file', 'Remote storage'
+ * @readonly
+ * @enum {string}
+ */
+export type Source = 'Local file' | 'Remote storage';
+
+/**
+ * Defines values for AlertRuleKind.
+ * Possible values include: 'Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion'
+ * @readonly
+ * @enum {string}
+ */
+export type AlertRuleKind = 'Scheduled' | 'MicrosoftSecurityIncidentCreation' | 'Fusion';
+
+/**
+ * Defines values for TemplateStatus.
+ * Possible values include: 'Installed', 'Available', 'NotAvailable'
+ * @readonly
+ * @enum {string}
+ */
+export type TemplateStatus = 'Installed' | 'Available' | 'NotAvailable';
+
+/**
+ * Defines values for TriggerOperator.
+ * Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
+ * @readonly
+ * @enum {string}
+ */
+export type TriggerOperator = 'GreaterThan' | 'LessThan' | 'Equal' | 'NotEqual';
+
+/**
+ * Defines values for MicrosoftSecurityProductName.
+ * Possible values include: 'Microsoft Cloud App Security', 'Azure Security Center', 'Azure
+ * Advanced Threat Protection', 'Azure Active Directory Identity Protection', 'Azure Security
+ * Center for IoT'
+ * @readonly
+ * @enum {string}
+ */
+export type MicrosoftSecurityProductName = 'Microsoft Cloud App Security' | 'Azure Security Center' | 'Azure Advanced Threat Protection' | 'Azure Active Directory Identity Protection' | 'Azure Security Center for IoT';
+
+/**
+ * Contains response data for the list operation.
+ */
+export type IncidentsListResponse = IncidentList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: IncidentList;
+ };
+};
+
+/**
+ * Contains response data for the get operation.
+ */
+export type IncidentsGetResponse = Incident & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: Incident;
+ };
+};
+
+/**
+ * Contains response data for the createOrUpdate operation.
+ */
+export type IncidentsCreateOrUpdateResponse = Incident & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: Incident;
+ };
+};
+
+/**
+ * Contains response data for the listOfAlerts operation.
+ */
+export type IncidentsListOfAlertsResponse = IncidentAlertList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: IncidentAlertList;
+ };
+};
+
+/**
+ * Contains response data for the listOfBookmarks operation.
+ */
+export type IncidentsListOfBookmarksResponse = IncidentBookmarkList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: IncidentBookmarkList;
+ };
+};
+
+/**
+ * Contains response data for the listOfEntities operation.
+ */
+export type IncidentsListOfEntitiesResponse = IncidentEntitiesResponse & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: IncidentEntitiesResponse;
+ };
+};
+
+/**
+ * Contains response data for the listNext operation.
+ */
+export type IncidentsListNextResponse = IncidentList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: IncidentList;
+ };
+};
+
+/**
+ * Contains response data for the listByIncident operation.
+ */
+export type IncidentCommentsListByIncidentResponse = IncidentCommentList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: IncidentCommentList;
+ };
+};
+
+/**
+ * Contains response data for the get operation.
+ */
+export type IncidentCommentsGetResponse = IncidentComment & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: IncidentComment;
+ };
+};
+
+/**
+ * Contains response data for the createComment operation.
+ */
+export type IncidentCommentsCreateCommentResponse = IncidentComment & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: IncidentComment;
+ };
+};
+
+/**
+ * Contains response data for the listByIncidentNext operation.
+ */
+export type IncidentCommentsListByIncidentNextResponse = IncidentCommentList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: IncidentCommentList;
+ };
+};
+
+/**
+ * Contains response data for the list operation.
+ */
+export type IncidentRelationsListResponse = RelationList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: RelationList;
+ };
+};
+
+/**
+ * Contains response data for the getRelation operation.
+ */
+export type IncidentRelationsGetRelationResponse = Relation & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: Relation;
+ };
+};
+
+/**
+ * Contains response data for the createOrUpdateRelation operation.
+ */
+export type IncidentRelationsCreateOrUpdateRelationResponse = Relation & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: Relation;
+ };
+};
+
+/**
+ * Contains response data for the listNext operation.
+ */
+export type IncidentRelationsListNextResponse = RelationList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: RelationList;
+ };
+};
+
+/**
+ * Contains response data for the createIndicator operation.
+ */
+export type ThreatIntelligenceIndicatorCreateIndicatorResponse = ThreatIntelligenceInformationUnion & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ThreatIntelligenceInformationUnion;
+ };
+};
+
+/**
+ * Contains response data for the get operation.
+ */
+export type ThreatIntelligenceIndicatorGetResponse = ThreatIntelligenceInformationUnion & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ThreatIntelligenceInformationUnion;
+ };
+};
+
+/**
+ * Contains response data for the create operation.
+ */
+export type ThreatIntelligenceIndicatorCreateResponse = ThreatIntelligenceInformationUnion & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ThreatIntelligenceInformationUnion;
+ };
+};
+
+/**
+ * Contains response data for the queryIndicators operation.
+ */
+export type ThreatIntelligenceIndicatorQueryIndicatorsResponse = ThreatIntelligenceInformationList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ThreatIntelligenceInformationList;
+ };
+};
+
+/**
+ * Contains response data for the replaceTags operation.
+ */
+export type ThreatIntelligenceIndicatorReplaceTagsResponse = ThreatIntelligenceInformationUnion & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ThreatIntelligenceInformationUnion;
+ };
+};
+
+/**
+ * Contains response data for the queryIndicatorsNext operation.
+ */
+export type ThreatIntelligenceIndicatorQueryIndicatorsNextResponse = ThreatIntelligenceInformationList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ThreatIntelligenceInformationList;
+ };
+};
+
+/**
+ * Contains response data for the list operation.
+ */
+export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ThreatIntelligenceInformationList;
+ };
+};
+
+/**
+ * Contains response data for the listNext operation.
+ */
+export type ThreatIntelligenceIndicatorsListNextResponse = ThreatIntelligenceInformationList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ThreatIntelligenceInformationList;
+ };
+};
+
+/**
+ * Contains response data for the list operation.
+ */
+export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ThreatIntelligenceMetricsList;
+ };
+};
+
+/**
+ * Contains response data for the list operation.
+ */
+export type WatchlistsListResponse = WatchlistList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: WatchlistList;
+ };
+};
+
+/**
+ * Contains response data for the get operation.
+ */
+export type WatchlistsGetResponse = Watchlist & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: Watchlist;
+ };
+};
+
+/**
+ * Contains response data for the createOrUpdate operation.
+ */
+export type WatchlistsCreateOrUpdateResponse = Watchlist & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: Watchlist;
+ };
+};
+
+/**
+ * Contains response data for the listNext operation.
+ */
+export type WatchlistsListNextResponse = WatchlistList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: WatchlistList;
+ };
+};
+
+/**
+ * Contains response data for the list operation.
+ */
+export type WatchlistItemsListResponse = WatchlistItemList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: WatchlistItemList;
+ };
+};
+
+/**
+ * Contains response data for the get operation.
+ */
+export type WatchlistItemsGetResponse = WatchlistItem & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: WatchlistItem;
+ };
+};
+
+/**
+ * Contains response data for the createOrUpdate operation.
+ */
+export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: WatchlistItem;
+ };
+};
+
+/**
+ * Contains response data for the listNext operation.
+ */
+export type WatchlistItemsListNextResponse = WatchlistItemList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: WatchlistItemList;
+ };
+};
+
+/**
+ * Contains response data for the list operation.
+ */
+export type OperationsListResponse = OperationsList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: OperationsList;
+ };
+};
+
+/**
+ * Contains response data for the listNext operation.
+ */
+export type OperationsListNextResponse = OperationsList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: OperationsList;
+ };
+};
+
+/**
+ * Contains response data for the list operation.
+ */
+export type AlertRulesListResponse = AlertRulesList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: AlertRulesList;
+ };
+};
+
+/**
+ * Contains response data for the get operation.
+ */
+export type AlertRulesGetResponse = AlertRuleUnion & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: AlertRuleUnion;
+ };
+};
+
+/**
+ * Contains response data for the createOrUpdate operation.
+ */
+export type AlertRulesCreateOrUpdateResponse = AlertRuleUnion & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: AlertRuleUnion;
+ };
+};
+
+/**
+ * Contains response data for the listNext operation.
+ */
+export type AlertRulesListNextResponse = AlertRulesList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: AlertRulesList;
+ };
+};
+
+/**
+ * Contains response data for the listByAlertRule operation.
+ */
+export type ActionsListByAlertRuleResponse = ActionsList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ActionsList;
+ };
+};
+
+/**
+ * Contains response data for the get operation.
+ */
+export type ActionsGetResponse = ActionResponse & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ActionResponse;
+ };
+};
+
+/**
+ * Contains response data for the createOrUpdate operation.
+ */
+export type ActionsCreateOrUpdateResponse = ActionResponse & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ActionResponse;
+ };
+};
+
+/**
+ * Contains response data for the listByAlertRuleNext operation.
+ */
+export type ActionsListByAlertRuleNextResponse = ActionsList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: ActionsList;
+ };
+};
+
+/**
+ * Contains response data for the list operation.
+ */
+export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: AlertRuleTemplatesList;
+ };
+};
+
+/**
+ * Contains response data for the get operation.
+ */
+export type AlertRuleTemplatesGetResponse = AlertRuleTemplateUnion & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: AlertRuleTemplateUnion;
+ };
+};
+
+/**
+ * Contains response data for the listNext operation.
+ */
+export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList & {
+ /**
+ * The underlying HTTP response.
+ */
+ _response: msRest.HttpResponse & {
+ /**
+ * The response body as text (string format)
+ */
+ bodyAsText: string;
+
+ /**
+ * The response body as parsed JSON or XML
+ */
+ parsedBody: AlertRuleTemplatesList;
+ };
+};
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts
new file mode 100644
index 000000000000..248839c53942
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts
@@ -0,0 +1,5337 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import { CloudErrorMapper, BaseResourceMapper } from "@azure/ms-rest-azure-js";
+import * as msRest from "@azure/ms-rest-js";
+
+export const CloudError = CloudErrorMapper;
+export const BaseResource = BaseResourceMapper;
+
+export const Entity: msRest.CompositeMapper = {
+ serializedName: "Entity",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: {
+ serializedName: "kind",
+ clientName: "kind"
+ },
+ uberParent: "Entity",
+ className: "Entity",
+ modelProperties: {
+ id: {
+ readOnly: true,
+ serializedName: "id",
+ type: {
+ name: "String"
+ }
+ },
+ name: {
+ readOnly: true,
+ serializedName: "name",
+ type: {
+ name: "String"
+ }
+ },
+ type: {
+ readOnly: true,
+ serializedName: "type",
+ type: {
+ name: "String"
+ }
+ },
+ systemData: {
+ readOnly: true,
+ serializedName: "systemData",
+ type: {
+ name: "Composite",
+ className: "SystemData"
+ }
+ },
+ kind: {
+ required: true,
+ serializedName: "kind",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const AccountEntity: msRest.CompositeMapper = {
+ serializedName: "Account",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "AccountEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ aadTenantId: {
+ readOnly: true,
+ serializedName: "properties.aadTenantId",
+ type: {
+ name: "String"
+ }
+ },
+ aadUserId: {
+ readOnly: true,
+ serializedName: "properties.aadUserId",
+ type: {
+ name: "String"
+ }
+ },
+ accountName: {
+ readOnly: true,
+ serializedName: "properties.accountName",
+ type: {
+ name: "String"
+ }
+ },
+ displayName: {
+ readOnly: true,
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ hostEntityId: {
+ readOnly: true,
+ serializedName: "properties.hostEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ isDomainJoined: {
+ readOnly: true,
+ serializedName: "properties.isDomainJoined",
+ type: {
+ name: "Boolean"
+ }
+ },
+ ntDomain: {
+ readOnly: true,
+ serializedName: "properties.ntDomain",
+ type: {
+ name: "String"
+ }
+ },
+ objectGuid: {
+ readOnly: true,
+ serializedName: "properties.objectGuid",
+ type: {
+ name: "Uuid"
+ }
+ },
+ puid: {
+ readOnly: true,
+ serializedName: "properties.puid",
+ type: {
+ name: "String"
+ }
+ },
+ sid: {
+ readOnly: true,
+ serializedName: "properties.sid",
+ type: {
+ name: "String"
+ }
+ },
+ upnSuffix: {
+ readOnly: true,
+ serializedName: "properties.upnSuffix",
+ type: {
+ name: "String"
+ }
+ },
+ dnsDomain: {
+ readOnly: true,
+ serializedName: "properties.dnsDomain",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const AzureResourceEntity: msRest.CompositeMapper = {
+ serializedName: "AzureResource",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "AzureResourceEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ resourceId: {
+ readOnly: true,
+ serializedName: "properties.resourceId",
+ type: {
+ name: "String"
+ }
+ },
+ subscriptionId: {
+ readOnly: true,
+ serializedName: "properties.subscriptionId",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ClientInfo: msRest.CompositeMapper = {
+ serializedName: "ClientInfo",
+ type: {
+ name: "Composite",
+ className: "ClientInfo",
+ modelProperties: {
+ email: {
+ serializedName: "email",
+ type: {
+ name: "String"
+ }
+ },
+ name: {
+ serializedName: "name",
+ type: {
+ name: "String"
+ }
+ },
+ objectId: {
+ serializedName: "objectId",
+ type: {
+ name: "Uuid"
+ }
+ },
+ userPrincipalName: {
+ serializedName: "userPrincipalName",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const CloudApplicationEntity: msRest.CompositeMapper = {
+ serializedName: "CloudApplication",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "CloudApplicationEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ appId: {
+ readOnly: true,
+ serializedName: "properties.appId",
+ type: {
+ name: "Number"
+ }
+ },
+ appName: {
+ readOnly: true,
+ serializedName: "properties.appName",
+ type: {
+ name: "String"
+ }
+ },
+ instanceName: {
+ readOnly: true,
+ serializedName: "properties.instanceName",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ErrorAdditionalInfo: msRest.CompositeMapper = {
+ serializedName: "ErrorAdditionalInfo",
+ type: {
+ name: "Composite",
+ className: "ErrorAdditionalInfo",
+ modelProperties: {
+ type: {
+ readOnly: true,
+ serializedName: "type",
+ type: {
+ name: "String"
+ }
+ },
+ info: {
+ readOnly: true,
+ serializedName: "info",
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ }
+};
+
+export const ErrorResponse: msRest.CompositeMapper = {
+ serializedName: "ErrorResponse",
+ type: {
+ name: "Composite",
+ className: "ErrorResponse",
+ modelProperties: {
+ code: {
+ readOnly: true,
+ serializedName: "code",
+ type: {
+ name: "String"
+ }
+ },
+ message: {
+ readOnly: true,
+ serializedName: "message",
+ type: {
+ name: "String"
+ }
+ },
+ target: {
+ readOnly: true,
+ serializedName: "target",
+ type: {
+ name: "String"
+ }
+ },
+ details: {
+ readOnly: true,
+ serializedName: "details",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ErrorResponse"
+ }
+ }
+ }
+ },
+ additionalInfo: {
+ readOnly: true,
+ serializedName: "additionalInfo",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ErrorAdditionalInfo"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const DnsEntity: msRest.CompositeMapper = {
+ serializedName: "DnsResolution",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "DnsEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ dnsServerIpEntityId: {
+ readOnly: true,
+ serializedName: "properties.dnsServerIpEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ domainName: {
+ readOnly: true,
+ serializedName: "properties.domainName",
+ type: {
+ name: "String"
+ }
+ },
+ hostIpAddressEntityId: {
+ readOnly: true,
+ serializedName: "properties.hostIpAddressEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ ipAddressEntityIds: {
+ readOnly: true,
+ serializedName: "properties.ipAddressEntityIds",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const SystemData: msRest.CompositeMapper = {
+ serializedName: "systemData",
+ type: {
+ name: "Composite",
+ className: "SystemData",
+ modelProperties: {
+ createdBy: {
+ serializedName: "createdBy",
+ type: {
+ name: "String"
+ }
+ },
+ createdByType: {
+ serializedName: "createdByType",
+ type: {
+ name: "String"
+ }
+ },
+ createdAt: {
+ serializedName: "createdAt",
+ type: {
+ name: "DateTime"
+ }
+ },
+ lastModifiedBy: {
+ serializedName: "lastModifiedBy",
+ type: {
+ name: "String"
+ }
+ },
+ lastModifiedByType: {
+ serializedName: "lastModifiedByType",
+ type: {
+ name: "String"
+ }
+ },
+ lastModifiedAt: {
+ serializedName: "lastModifiedAt",
+ type: {
+ name: "DateTime"
+ }
+ }
+ }
+ }
+};
+
+export const EntityCommonProperties: msRest.CompositeMapper = {
+ serializedName: "EntityCommonProperties",
+ type: {
+ name: "Composite",
+ className: "EntityCommonProperties",
+ modelProperties: {
+ additionalData: {
+ readOnly: true,
+ serializedName: "additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "friendlyName",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const EntityEdges: msRest.CompositeMapper = {
+ serializedName: "EntityEdges",
+ type: {
+ name: "Composite",
+ className: "EntityEdges",
+ modelProperties: {
+ targetEntityId: {
+ serializedName: "targetEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ additionalData: {
+ serializedName: "additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const EntityKind: msRest.CompositeMapper = {
+ serializedName: "EntityKind",
+ type: {
+ name: "Composite",
+ className: "EntityKind",
+ modelProperties: {
+ kind: {
+ required: true,
+ serializedName: "kind",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const FileEntity: msRest.CompositeMapper = {
+ serializedName: "File",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "FileEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ directory: {
+ readOnly: true,
+ serializedName: "properties.directory",
+ type: {
+ name: "String"
+ }
+ },
+ fileHashEntityIds: {
+ readOnly: true,
+ serializedName: "properties.fileHashEntityIds",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ fileName: {
+ readOnly: true,
+ serializedName: "properties.fileName",
+ type: {
+ name: "String"
+ }
+ },
+ hostEntityId: {
+ readOnly: true,
+ serializedName: "properties.hostEntityId",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const FileHashEntity: msRest.CompositeMapper = {
+ serializedName: "FileHash",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "FileHashEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ algorithm: {
+ readOnly: true,
+ serializedName: "properties.algorithm",
+ type: {
+ name: "String"
+ }
+ },
+ hashValue: {
+ readOnly: true,
+ serializedName: "properties.hashValue",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const GeoLocation: msRest.CompositeMapper = {
+ serializedName: "GeoLocation",
+ type: {
+ name: "Composite",
+ className: "GeoLocation",
+ modelProperties: {
+ asn: {
+ readOnly: true,
+ serializedName: "asn",
+ type: {
+ name: "Number"
+ }
+ },
+ city: {
+ readOnly: true,
+ serializedName: "city",
+ type: {
+ name: "String"
+ }
+ },
+ countryCode: {
+ readOnly: true,
+ serializedName: "countryCode",
+ type: {
+ name: "String"
+ }
+ },
+ countryName: {
+ readOnly: true,
+ serializedName: "countryName",
+ type: {
+ name: "String"
+ }
+ },
+ latitude: {
+ readOnly: true,
+ serializedName: "latitude",
+ type: {
+ name: "Number"
+ }
+ },
+ longitude: {
+ readOnly: true,
+ serializedName: "longitude",
+ type: {
+ name: "Number"
+ }
+ },
+ state: {
+ readOnly: true,
+ serializedName: "state",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const HostEntity: msRest.CompositeMapper = {
+ serializedName: "Host",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "HostEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ azureID: {
+ readOnly: true,
+ serializedName: "properties.azureID",
+ type: {
+ name: "String"
+ }
+ },
+ dnsDomain: {
+ readOnly: true,
+ serializedName: "properties.dnsDomain",
+ type: {
+ name: "String"
+ }
+ },
+ hostName: {
+ readOnly: true,
+ serializedName: "properties.hostName",
+ type: {
+ name: "String"
+ }
+ },
+ isDomainJoined: {
+ readOnly: true,
+ serializedName: "properties.isDomainJoined",
+ type: {
+ name: "Boolean"
+ }
+ },
+ netBiosName: {
+ readOnly: true,
+ serializedName: "properties.netBiosName",
+ type: {
+ name: "String"
+ }
+ },
+ ntDomain: {
+ readOnly: true,
+ serializedName: "properties.ntDomain",
+ type: {
+ name: "String"
+ }
+ },
+ omsAgentID: {
+ readOnly: true,
+ serializedName: "properties.omsAgentID",
+ type: {
+ name: "String"
+ }
+ },
+ osFamily: {
+ serializedName: "properties.osFamily",
+ type: {
+ name: "Enum",
+ allowedValues: [
+ "Linux",
+ "Windows",
+ "Android",
+ "IOS",
+ "Unknown"
+ ]
+ }
+ },
+ osVersion: {
+ readOnly: true,
+ serializedName: "properties.osVersion",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const UserInfo: msRest.CompositeMapper = {
+ serializedName: "UserInfo",
+ type: {
+ name: "Composite",
+ className: "UserInfo",
+ modelProperties: {
+ email: {
+ readOnly: true,
+ serializedName: "email",
+ type: {
+ name: "String"
+ }
+ },
+ name: {
+ readOnly: true,
+ serializedName: "name",
+ type: {
+ name: "String"
+ }
+ },
+ objectId: {
+ nullable: true,
+ serializedName: "objectId",
+ type: {
+ name: "Uuid"
+ }
+ }
+ }
+ }
+};
+
+export const IncidentInfo: msRest.CompositeMapper = {
+ serializedName: "IncidentInfo",
+ type: {
+ name: "Composite",
+ className: "IncidentInfo",
+ modelProperties: {
+ incidentId: {
+ serializedName: "incidentId",
+ type: {
+ name: "String"
+ }
+ },
+ severity: {
+ serializedName: "severity",
+ type: {
+ name: "String"
+ }
+ },
+ title: {
+ serializedName: "title",
+ type: {
+ name: "String"
+ }
+ },
+ relationName: {
+ serializedName: "relationName",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const HuntingBookmark: msRest.CompositeMapper = {
+ serializedName: "Bookmark",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "HuntingBookmark",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ created: {
+ serializedName: "properties.created",
+ type: {
+ name: "DateTime"
+ }
+ },
+ createdBy: {
+ serializedName: "properties.createdBy",
+ type: {
+ name: "Composite",
+ className: "UserInfo"
+ }
+ },
+ displayName: {
+ required: true,
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ eventTime: {
+ serializedName: "properties.eventTime",
+ type: {
+ name: "DateTime"
+ }
+ },
+ labels: {
+ serializedName: "properties.labels",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ notes: {
+ serializedName: "properties.notes",
+ type: {
+ name: "String"
+ }
+ },
+ query: {
+ required: true,
+ serializedName: "properties.query",
+ type: {
+ name: "String"
+ }
+ },
+ queryResult: {
+ serializedName: "properties.queryResult",
+ type: {
+ name: "String"
+ }
+ },
+ updated: {
+ serializedName: "properties.updated",
+ type: {
+ name: "DateTime"
+ }
+ },
+ updatedBy: {
+ serializedName: "properties.updatedBy",
+ type: {
+ name: "Composite",
+ className: "UserInfo"
+ }
+ },
+ incidentInfo: {
+ serializedName: "properties.incidentInfo",
+ type: {
+ name: "Composite",
+ className: "IncidentInfo"
+ }
+ }
+ }
+ }
+};
+
+export const IncidentAdditionalData: msRest.CompositeMapper = {
+ serializedName: "IncidentAdditionalData",
+ type: {
+ name: "Composite",
+ className: "IncidentAdditionalData",
+ modelProperties: {
+ alertsCount: {
+ readOnly: true,
+ serializedName: "alertsCount",
+ type: {
+ name: "Number"
+ }
+ },
+ bookmarksCount: {
+ readOnly: true,
+ serializedName: "bookmarksCount",
+ type: {
+ name: "Number"
+ }
+ },
+ commentsCount: {
+ readOnly: true,
+ serializedName: "commentsCount",
+ type: {
+ name: "Number"
+ }
+ },
+ alertProductNames: {
+ readOnly: true,
+ serializedName: "alertProductNames",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ tactics: {
+ readOnly: true,
+ serializedName: "tactics",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const IncidentLabel: msRest.CompositeMapper = {
+ serializedName: "IncidentLabel",
+ type: {
+ name: "Composite",
+ className: "IncidentLabel",
+ modelProperties: {
+ labelName: {
+ required: true,
+ serializedName: "labelName",
+ type: {
+ name: "String"
+ }
+ },
+ labelType: {
+ readOnly: true,
+ serializedName: "labelType",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const IncidentOwnerInfo: msRest.CompositeMapper = {
+ serializedName: "IncidentOwnerInfo",
+ type: {
+ name: "Composite",
+ className: "IncidentOwnerInfo",
+ modelProperties: {
+ email: {
+ serializedName: "email",
+ type: {
+ name: "String"
+ }
+ },
+ assignedTo: {
+ serializedName: "assignedTo",
+ type: {
+ name: "String"
+ }
+ },
+ objectId: {
+ serializedName: "objectId",
+ type: {
+ name: "Uuid"
+ }
+ },
+ userPrincipalName: {
+ serializedName: "userPrincipalName",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const Resource: msRest.CompositeMapper = {
+ serializedName: "Resource",
+ type: {
+ name: "Composite",
+ className: "Resource",
+ modelProperties: {
+ id: {
+ readOnly: true,
+ serializedName: "id",
+ type: {
+ name: "String"
+ }
+ },
+ name: {
+ readOnly: true,
+ serializedName: "name",
+ type: {
+ name: "String"
+ }
+ },
+ type: {
+ readOnly: true,
+ serializedName: "type",
+ type: {
+ name: "String"
+ }
+ },
+ systemData: {
+ readOnly: true,
+ serializedName: "systemData",
+ type: {
+ name: "Composite",
+ className: "SystemData"
+ }
+ }
+ }
+ }
+};
+
+export const ResourceWithEtag: msRest.CompositeMapper = {
+ serializedName: "ResourceWithEtag",
+ type: {
+ name: "Composite",
+ className: "ResourceWithEtag",
+ modelProperties: {
+ ...Resource.type.modelProperties,
+ etag: {
+ serializedName: "etag",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const Incident: msRest.CompositeMapper = {
+ serializedName: "Incident",
+ type: {
+ name: "Composite",
+ className: "Incident",
+ modelProperties: {
+ ...ResourceWithEtag.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Composite",
+ className: "IncidentAdditionalData"
+ }
+ },
+ classification: {
+ serializedName: "properties.classification",
+ type: {
+ name: "String"
+ }
+ },
+ classificationComment: {
+ serializedName: "properties.classificationComment",
+ type: {
+ name: "String"
+ }
+ },
+ classificationReason: {
+ serializedName: "properties.classificationReason",
+ type: {
+ name: "String"
+ }
+ },
+ createdTimeUtc: {
+ readOnly: true,
+ serializedName: "properties.createdTimeUtc",
+ type: {
+ name: "DateTime"
+ }
+ },
+ description: {
+ serializedName: "properties.description",
+ type: {
+ name: "String"
+ }
+ },
+ firstActivityTimeUtc: {
+ serializedName: "properties.firstActivityTimeUtc",
+ type: {
+ name: "DateTime"
+ }
+ },
+ incidentUrl: {
+ readOnly: true,
+ serializedName: "properties.incidentUrl",
+ type: {
+ name: "String"
+ }
+ },
+ incidentNumber: {
+ readOnly: true,
+ serializedName: "properties.incidentNumber",
+ type: {
+ name: "Number"
+ }
+ },
+ labels: {
+ serializedName: "properties.labels",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "IncidentLabel"
+ }
+ }
+ }
+ },
+ lastActivityTimeUtc: {
+ serializedName: "properties.lastActivityTimeUtc",
+ type: {
+ name: "DateTime"
+ }
+ },
+ lastModifiedTimeUtc: {
+ readOnly: true,
+ serializedName: "properties.lastModifiedTimeUtc",
+ type: {
+ name: "DateTime"
+ }
+ },
+ owner: {
+ serializedName: "properties.owner",
+ type: {
+ name: "Composite",
+ className: "IncidentOwnerInfo"
+ }
+ },
+ relatedAnalyticRuleIds: {
+ readOnly: true,
+ serializedName: "properties.relatedAnalyticRuleIds",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ severity: {
+ required: true,
+ serializedName: "properties.severity",
+ type: {
+ name: "String"
+ }
+ },
+ status: {
+ required: true,
+ serializedName: "properties.status",
+ type: {
+ name: "String"
+ }
+ },
+ title: {
+ required: true,
+ serializedName: "properties.title",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const SecurityAlertPropertiesConfidenceReasonsItem: msRest.CompositeMapper = {
+ serializedName: "SecurityAlertProperties_confidenceReasonsItem",
+ type: {
+ name: "Composite",
+ className: "SecurityAlertPropertiesConfidenceReasonsItem",
+ modelProperties: {
+ reason: {
+ readOnly: true,
+ serializedName: "reason",
+ type: {
+ name: "String"
+ }
+ },
+ reasonType: {
+ readOnly: true,
+ serializedName: "reasonType",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const SecurityAlert: msRest.CompositeMapper = {
+ serializedName: "SecurityAlert",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "SecurityAlert",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ alertDisplayName: {
+ readOnly: true,
+ serializedName: "properties.alertDisplayName",
+ type: {
+ name: "String"
+ }
+ },
+ alertType: {
+ readOnly: true,
+ serializedName: "properties.alertType",
+ type: {
+ name: "String"
+ }
+ },
+ compromisedEntity: {
+ readOnly: true,
+ serializedName: "properties.compromisedEntity",
+ type: {
+ name: "String"
+ }
+ },
+ confidenceLevel: {
+ readOnly: true,
+ serializedName: "properties.confidenceLevel",
+ type: {
+ name: "String"
+ }
+ },
+ confidenceReasons: {
+ readOnly: true,
+ serializedName: "properties.confidenceReasons",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "SecurityAlertPropertiesConfidenceReasonsItem"
+ }
+ }
+ }
+ },
+ confidenceScore: {
+ readOnly: true,
+ serializedName: "properties.confidenceScore",
+ type: {
+ name: "Number"
+ }
+ },
+ confidenceScoreStatus: {
+ readOnly: true,
+ serializedName: "properties.confidenceScoreStatus",
+ type: {
+ name: "String"
+ }
+ },
+ description: {
+ readOnly: true,
+ serializedName: "properties.description",
+ type: {
+ name: "String"
+ }
+ },
+ endTimeUtc: {
+ readOnly: true,
+ serializedName: "properties.endTimeUtc",
+ type: {
+ name: "DateTime"
+ }
+ },
+ intent: {
+ readOnly: true,
+ serializedName: "properties.intent",
+ type: {
+ name: "String"
+ }
+ },
+ providerAlertId: {
+ readOnly: true,
+ serializedName: "properties.providerAlertId",
+ type: {
+ name: "String"
+ }
+ },
+ processingEndTime: {
+ readOnly: true,
+ serializedName: "properties.processingEndTime",
+ type: {
+ name: "DateTime"
+ }
+ },
+ productComponentName: {
+ readOnly: true,
+ serializedName: "properties.productComponentName",
+ type: {
+ name: "String"
+ }
+ },
+ productName: {
+ readOnly: true,
+ serializedName: "properties.productName",
+ type: {
+ name: "String"
+ }
+ },
+ productVersion: {
+ readOnly: true,
+ serializedName: "properties.productVersion",
+ type: {
+ name: "String"
+ }
+ },
+ remediationSteps: {
+ readOnly: true,
+ serializedName: "properties.remediationSteps",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ severity: {
+ serializedName: "properties.severity",
+ type: {
+ name: "String"
+ }
+ },
+ startTimeUtc: {
+ readOnly: true,
+ serializedName: "properties.startTimeUtc",
+ type: {
+ name: "DateTime"
+ }
+ },
+ status: {
+ readOnly: true,
+ serializedName: "properties.status",
+ type: {
+ name: "String"
+ }
+ },
+ systemAlertId: {
+ readOnly: true,
+ serializedName: "properties.systemAlertId",
+ type: {
+ name: "String"
+ }
+ },
+ tactics: {
+ readOnly: true,
+ serializedName: "properties.tactics",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ timeGenerated: {
+ readOnly: true,
+ serializedName: "properties.timeGenerated",
+ type: {
+ name: "DateTime"
+ }
+ },
+ vendorName: {
+ readOnly: true,
+ serializedName: "properties.vendorName",
+ type: {
+ name: "String"
+ }
+ },
+ alertLink: {
+ readOnly: true,
+ serializedName: "properties.alertLink",
+ type: {
+ name: "String"
+ }
+ },
+ resourceIdentifiers: {
+ readOnly: true,
+ serializedName: "properties.resourceIdentifiers",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const IncidentAlertList: msRest.CompositeMapper = {
+ serializedName: "IncidentAlertList",
+ type: {
+ name: "Composite",
+ className: "IncidentAlertList",
+ modelProperties: {
+ value: {
+ required: true,
+ serializedName: "value",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "SecurityAlert"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const IncidentBookmarkList: msRest.CompositeMapper = {
+ serializedName: "IncidentBookmarkList",
+ type: {
+ name: "Composite",
+ className: "IncidentBookmarkList",
+ modelProperties: {
+ value: {
+ required: true,
+ serializedName: "value",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "HuntingBookmark"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const IncidentComment: msRest.CompositeMapper = {
+ serializedName: "IncidentComment",
+ type: {
+ name: "Composite",
+ className: "IncidentComment",
+ modelProperties: {
+ ...ResourceWithEtag.type.modelProperties,
+ createdTimeUtc: {
+ readOnly: true,
+ serializedName: "properties.createdTimeUtc",
+ type: {
+ name: "DateTime"
+ }
+ },
+ lastModifiedTimeUtc: {
+ readOnly: true,
+ serializedName: "properties.lastModifiedTimeUtc",
+ type: {
+ name: "DateTime"
+ }
+ },
+ message: {
+ required: true,
+ serializedName: "properties.message",
+ type: {
+ name: "String"
+ }
+ },
+ author: {
+ readOnly: true,
+ serializedName: "properties.author",
+ type: {
+ name: "Composite",
+ className: "ClientInfo"
+ }
+ }
+ }
+ }
+};
+
+export const IncidentEntitiesResultsMetadata: msRest.CompositeMapper = {
+ serializedName: "IncidentEntitiesResultsMetadata",
+ type: {
+ name: "Composite",
+ className: "IncidentEntitiesResultsMetadata",
+ modelProperties: {
+ count: {
+ required: true,
+ serializedName: "count",
+ type: {
+ name: "Number"
+ }
+ },
+ entityKind: {
+ required: true,
+ serializedName: "entityKind",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const IncidentEntitiesResponse: msRest.CompositeMapper = {
+ serializedName: "IncidentEntitiesResponse",
+ type: {
+ name: "Composite",
+ className: "IncidentEntitiesResponse",
+ modelProperties: {
+ entities: {
+ serializedName: "entities",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "Entity"
+ }
+ }
+ }
+ },
+ metaData: {
+ serializedName: "metaData",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "IncidentEntitiesResultsMetadata"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligence: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligence",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligence",
+ modelProperties: {
+ confidence: {
+ readOnly: true,
+ serializedName: "confidence",
+ type: {
+ name: "Number"
+ }
+ },
+ providerName: {
+ readOnly: true,
+ serializedName: "providerName",
+ type: {
+ name: "String"
+ }
+ },
+ reportLink: {
+ readOnly: true,
+ serializedName: "reportLink",
+ type: {
+ name: "String"
+ }
+ },
+ threatDescription: {
+ readOnly: true,
+ serializedName: "threatDescription",
+ type: {
+ name: "String"
+ }
+ },
+ threatName: {
+ readOnly: true,
+ serializedName: "threatName",
+ type: {
+ name: "String"
+ }
+ },
+ threatType: {
+ readOnly: true,
+ serializedName: "threatType",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const IoTDeviceEntity: msRest.CompositeMapper = {
+ serializedName: "IoTDevice",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "IoTDeviceEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ deviceId: {
+ readOnly: true,
+ serializedName: "properties.deviceId",
+ type: {
+ name: "String"
+ }
+ },
+ deviceName: {
+ readOnly: true,
+ serializedName: "properties.deviceName",
+ type: {
+ name: "String"
+ }
+ },
+ source: {
+ readOnly: true,
+ serializedName: "properties.source",
+ type: {
+ name: "String"
+ }
+ },
+ iotSecurityAgentId: {
+ readOnly: true,
+ serializedName: "properties.iotSecurityAgentId",
+ type: {
+ name: "Uuid"
+ }
+ },
+ deviceType: {
+ readOnly: true,
+ serializedName: "properties.deviceType",
+ type: {
+ name: "String"
+ }
+ },
+ vendor: {
+ readOnly: true,
+ serializedName: "properties.vendor",
+ type: {
+ name: "String"
+ }
+ },
+ edgeId: {
+ readOnly: true,
+ serializedName: "properties.edgeId",
+ type: {
+ name: "String"
+ }
+ },
+ macAddress: {
+ readOnly: true,
+ serializedName: "properties.macAddress",
+ type: {
+ name: "String"
+ }
+ },
+ model: {
+ readOnly: true,
+ serializedName: "properties.model",
+ type: {
+ name: "String"
+ }
+ },
+ serialNumber: {
+ readOnly: true,
+ serializedName: "properties.serialNumber",
+ type: {
+ name: "String"
+ }
+ },
+ firmwareVersion: {
+ readOnly: true,
+ serializedName: "properties.firmwareVersion",
+ type: {
+ name: "String"
+ }
+ },
+ operatingSystem: {
+ readOnly: true,
+ serializedName: "properties.operatingSystem",
+ type: {
+ name: "String"
+ }
+ },
+ iotHubEntityId: {
+ readOnly: true,
+ serializedName: "properties.iotHubEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ hostEntityId: {
+ readOnly: true,
+ serializedName: "properties.hostEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ ipAddressEntityId: {
+ readOnly: true,
+ serializedName: "properties.ipAddressEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ threatIntelligence: {
+ readOnly: true,
+ serializedName: "properties.threatIntelligence",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligence"
+ }
+ }
+ }
+ },
+ protocols: {
+ readOnly: true,
+ serializedName: "properties.protocols",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const IpEntity: msRest.CompositeMapper = {
+ serializedName: "Ip",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "IpEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ address: {
+ readOnly: true,
+ serializedName: "properties.address",
+ type: {
+ name: "String"
+ }
+ },
+ location: {
+ serializedName: "properties.location",
+ type: {
+ name: "Composite",
+ className: "GeoLocation"
+ }
+ },
+ threatIntelligence: {
+ readOnly: true,
+ serializedName: "properties.threatIntelligence",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligence"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const MailboxEntity: msRest.CompositeMapper = {
+ serializedName: "Mailbox",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "MailboxEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ mailboxPrimaryAddress: {
+ readOnly: true,
+ serializedName: "properties.mailboxPrimaryAddress",
+ type: {
+ name: "String"
+ }
+ },
+ displayName: {
+ readOnly: true,
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ upn: {
+ readOnly: true,
+ serializedName: "properties.upn",
+ type: {
+ name: "String"
+ }
+ },
+ externalDirectoryObjectId: {
+ readOnly: true,
+ serializedName: "properties.externalDirectoryObjectId",
+ type: {
+ name: "Uuid"
+ }
+ }
+ }
+ }
+};
+
+export const MailClusterEntity: msRest.CompositeMapper = {
+ serializedName: "MailCluster",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "MailClusterEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ networkMessageIds: {
+ readOnly: true,
+ serializedName: "properties.networkMessageIds",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ countByDeliveryStatus: {
+ readOnly: true,
+ serializedName: "properties.countByDeliveryStatus",
+ type: {
+ name: "Object"
+ }
+ },
+ countByThreatType: {
+ readOnly: true,
+ serializedName: "properties.countByThreatType",
+ type: {
+ name: "Object"
+ }
+ },
+ countByProtectionStatus: {
+ readOnly: true,
+ serializedName: "properties.countByProtectionStatus",
+ type: {
+ name: "Object"
+ }
+ },
+ threats: {
+ readOnly: true,
+ serializedName: "properties.threats",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ query: {
+ readOnly: true,
+ serializedName: "properties.query",
+ type: {
+ name: "String"
+ }
+ },
+ queryTime: {
+ readOnly: true,
+ serializedName: "properties.queryTime",
+ type: {
+ name: "DateTime"
+ }
+ },
+ mailCount: {
+ readOnly: true,
+ serializedName: "properties.mailCount",
+ type: {
+ name: "Number"
+ }
+ },
+ isVolumeAnomaly: {
+ readOnly: true,
+ serializedName: "properties.isVolumeAnomaly",
+ type: {
+ name: "Boolean"
+ }
+ },
+ source: {
+ readOnly: true,
+ serializedName: "properties.source",
+ type: {
+ name: "String"
+ }
+ },
+ clusterSourceIdentifier: {
+ readOnly: true,
+ serializedName: "properties.clusterSourceIdentifier",
+ type: {
+ name: "String"
+ }
+ },
+ clusterSourceType: {
+ readOnly: true,
+ serializedName: "properties.clusterSourceType",
+ type: {
+ name: "String"
+ }
+ },
+ clusterQueryStartTime: {
+ readOnly: true,
+ serializedName: "properties.clusterQueryStartTime",
+ type: {
+ name: "DateTime"
+ }
+ },
+ clusterQueryEndTime: {
+ readOnly: true,
+ serializedName: "properties.clusterQueryEndTime",
+ type: {
+ name: "DateTime"
+ }
+ },
+ clusterGroup: {
+ readOnly: true,
+ serializedName: "properties.clusterGroup",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const MailMessageEntity: msRest.CompositeMapper = {
+ serializedName: "MailMessage",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "MailMessageEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ fileEntityIds: {
+ readOnly: true,
+ serializedName: "properties.fileEntityIds",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ recipient: {
+ readOnly: true,
+ serializedName: "properties.recipient",
+ type: {
+ name: "String"
+ }
+ },
+ urls: {
+ readOnly: true,
+ serializedName: "properties.urls",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ threats: {
+ readOnly: true,
+ serializedName: "properties.threats",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ p1Sender: {
+ readOnly: true,
+ serializedName: "properties.p1Sender",
+ type: {
+ name: "String"
+ }
+ },
+ p1SenderDisplayName: {
+ readOnly: true,
+ serializedName: "properties.p1SenderDisplayName",
+ type: {
+ name: "String"
+ }
+ },
+ p1SenderDomain: {
+ readOnly: true,
+ serializedName: "properties.p1SenderDomain",
+ type: {
+ name: "String"
+ }
+ },
+ senderIP: {
+ readOnly: true,
+ serializedName: "properties.senderIP",
+ type: {
+ name: "String"
+ }
+ },
+ p2Sender: {
+ readOnly: true,
+ serializedName: "properties.p2Sender",
+ type: {
+ name: "String"
+ }
+ },
+ p2SenderDisplayName: {
+ readOnly: true,
+ serializedName: "properties.p2SenderDisplayName",
+ type: {
+ name: "String"
+ }
+ },
+ p2SenderDomain: {
+ readOnly: true,
+ serializedName: "properties.p2SenderDomain",
+ type: {
+ name: "String"
+ }
+ },
+ receiveDate: {
+ readOnly: true,
+ serializedName: "properties.receiveDate",
+ type: {
+ name: "DateTime"
+ }
+ },
+ networkMessageId: {
+ readOnly: true,
+ serializedName: "properties.networkMessageId",
+ type: {
+ name: "Uuid"
+ }
+ },
+ internetMessageId: {
+ readOnly: true,
+ serializedName: "properties.internetMessageId",
+ type: {
+ name: "String"
+ }
+ },
+ subject: {
+ readOnly: true,
+ serializedName: "properties.subject",
+ type: {
+ name: "String"
+ }
+ },
+ language: {
+ readOnly: true,
+ serializedName: "properties.language",
+ type: {
+ name: "String"
+ }
+ },
+ threatDetectionMethods: {
+ readOnly: true,
+ serializedName: "properties.threatDetectionMethods",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ bodyFingerprintBin1: {
+ serializedName: "properties.bodyFingerprintBin1",
+ type: {
+ name: "Number"
+ }
+ },
+ bodyFingerprintBin2: {
+ serializedName: "properties.bodyFingerprintBin2",
+ type: {
+ name: "Number"
+ }
+ },
+ bodyFingerprintBin3: {
+ serializedName: "properties.bodyFingerprintBin3",
+ type: {
+ name: "Number"
+ }
+ },
+ bodyFingerprintBin4: {
+ serializedName: "properties.bodyFingerprintBin4",
+ type: {
+ name: "Number"
+ }
+ },
+ bodyFingerprintBin5: {
+ serializedName: "properties.bodyFingerprintBin5",
+ type: {
+ name: "Number"
+ }
+ },
+ antispamDirection: {
+ serializedName: "properties.antispamDirection",
+ type: {
+ name: "String"
+ }
+ },
+ deliveryAction: {
+ serializedName: "properties.deliveryAction",
+ type: {
+ name: "Enum",
+ allowedValues: [
+ "Unknown",
+ "DeliveredAsSpam",
+ "Delivered",
+ "Blocked",
+ "Replaced"
+ ]
+ }
+ },
+ deliveryLocation: {
+ serializedName: "properties.deliveryLocation",
+ type: {
+ name: "Enum",
+ allowedValues: [
+ "Unknown",
+ "Inbox",
+ "JunkFolder",
+ "DeletedFolder",
+ "Quarantine",
+ "External",
+ "Failed",
+ "Dropped",
+ "Forwarded"
+ ]
+ }
+ }
+ }
+ }
+};
+
+export const MalwareEntity: msRest.CompositeMapper = {
+ serializedName: "Malware",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "MalwareEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ category: {
+ readOnly: true,
+ serializedName: "properties.category",
+ type: {
+ name: "String"
+ }
+ },
+ fileEntityIds: {
+ readOnly: true,
+ serializedName: "properties.fileEntityIds",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ malwareName: {
+ readOnly: true,
+ serializedName: "properties.malwareName",
+ type: {
+ name: "String"
+ }
+ },
+ processEntityIds: {
+ readOnly: true,
+ serializedName: "properties.processEntityIds",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ProcessEntity: msRest.CompositeMapper = {
+ serializedName: "Process",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "ProcessEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ accountEntityId: {
+ readOnly: true,
+ serializedName: "properties.accountEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ commandLine: {
+ readOnly: true,
+ serializedName: "properties.commandLine",
+ type: {
+ name: "String"
+ }
+ },
+ creationTimeUtc: {
+ readOnly: true,
+ serializedName: "properties.creationTimeUtc",
+ type: {
+ name: "DateTime"
+ }
+ },
+ elevationToken: {
+ serializedName: "properties.elevationToken",
+ type: {
+ name: "Enum",
+ allowedValues: [
+ "Default",
+ "Full",
+ "Limited"
+ ]
+ }
+ },
+ hostEntityId: {
+ readOnly: true,
+ serializedName: "properties.hostEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ hostLogonSessionEntityId: {
+ readOnly: true,
+ serializedName: "properties.hostLogonSessionEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ imageFileEntityId: {
+ readOnly: true,
+ serializedName: "properties.imageFileEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ parentProcessEntityId: {
+ readOnly: true,
+ serializedName: "properties.parentProcessEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ processId: {
+ readOnly: true,
+ serializedName: "properties.processId",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const RegistryKeyEntity: msRest.CompositeMapper = {
+ serializedName: "RegistryKey",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "RegistryKeyEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ hive: {
+ readOnly: true,
+ serializedName: "properties.hive",
+ type: {
+ name: "String"
+ }
+ },
+ key: {
+ readOnly: true,
+ serializedName: "properties.key",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const RegistryValueEntity: msRest.CompositeMapper = {
+ serializedName: "RegistryValue",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "RegistryValueEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ keyEntityId: {
+ readOnly: true,
+ serializedName: "properties.keyEntityId",
+ type: {
+ name: "String"
+ }
+ },
+ valueData: {
+ readOnly: true,
+ serializedName: "properties.valueData",
+ type: {
+ name: "String"
+ }
+ },
+ valueName: {
+ readOnly: true,
+ serializedName: "properties.valueName",
+ type: {
+ name: "String"
+ }
+ },
+ valueType: {
+ readOnly: true,
+ serializedName: "properties.valueType",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const Relation: msRest.CompositeMapper = {
+ serializedName: "Relation",
+ type: {
+ name: "Composite",
+ className: "Relation",
+ modelProperties: {
+ ...ResourceWithEtag.type.modelProperties,
+ relatedResourceId: {
+ required: true,
+ serializedName: "properties.relatedResourceId",
+ type: {
+ name: "String"
+ }
+ },
+ relatedResourceName: {
+ readOnly: true,
+ serializedName: "properties.relatedResourceName",
+ type: {
+ name: "String"
+ }
+ },
+ relatedResourceType: {
+ readOnly: true,
+ serializedName: "properties.relatedResourceType",
+ type: {
+ name: "String"
+ }
+ },
+ relatedResourceKind: {
+ readOnly: true,
+ serializedName: "properties.relatedResourceKind",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const SecurityGroupEntity: msRest.CompositeMapper = {
+ serializedName: "SecurityGroup",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "SecurityGroupEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ distinguishedName: {
+ readOnly: true,
+ serializedName: "properties.distinguishedName",
+ type: {
+ name: "String"
+ }
+ },
+ objectGuid: {
+ readOnly: true,
+ serializedName: "properties.objectGuid",
+ type: {
+ name: "Uuid"
+ }
+ },
+ sid: {
+ readOnly: true,
+ serializedName: "properties.sid",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const SubmissionMailEntity: msRest.CompositeMapper = {
+ serializedName: "SubmissionMail",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "SubmissionMailEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ networkMessageId: {
+ readOnly: true,
+ serializedName: "properties.networkMessageId",
+ type: {
+ name: "Uuid"
+ }
+ },
+ submissionId: {
+ readOnly: true,
+ serializedName: "properties.submissionId",
+ type: {
+ name: "Uuid"
+ }
+ },
+ submitter: {
+ readOnly: true,
+ serializedName: "properties.submitter",
+ type: {
+ name: "String"
+ }
+ },
+ submissionDate: {
+ readOnly: true,
+ serializedName: "properties.submissionDate",
+ type: {
+ name: "DateTime"
+ }
+ },
+ timestamp: {
+ readOnly: true,
+ serializedName: "properties.timestamp",
+ type: {
+ name: "DateTime"
+ }
+ },
+ recipient: {
+ readOnly: true,
+ serializedName: "properties.recipient",
+ type: {
+ name: "String"
+ }
+ },
+ sender: {
+ readOnly: true,
+ serializedName: "properties.sender",
+ type: {
+ name: "String"
+ }
+ },
+ senderIp: {
+ readOnly: true,
+ serializedName: "properties.senderIp",
+ type: {
+ name: "String"
+ }
+ },
+ subject: {
+ readOnly: true,
+ serializedName: "properties.subject",
+ type: {
+ name: "String"
+ }
+ },
+ reportType: {
+ readOnly: true,
+ serializedName: "properties.reportType",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const UrlEntity: msRest.CompositeMapper = {
+ serializedName: "Url",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: Entity.type.polymorphicDiscriminator,
+ uberParent: "Entity",
+ className: "UrlEntity",
+ modelProperties: {
+ ...Entity.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ url: {
+ readOnly: true,
+ serializedName: "properties.url",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceInformation: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceInformation",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: {
+ serializedName: "kind",
+ clientName: "kind"
+ },
+ uberParent: "ThreatIntelligenceInformation",
+ className: "ThreatIntelligenceInformation",
+ modelProperties: {
+ etag: {
+ serializedName: "etag",
+ type: {
+ name: "String"
+ }
+ },
+ kind: {
+ required: true,
+ serializedName: "kind",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceKillChainPhase: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceKillChainPhase",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceKillChainPhase",
+ modelProperties: {
+ killChainName: {
+ serializedName: "killChainName",
+ type: {
+ name: "String"
+ }
+ },
+ phaseName: {
+ serializedName: "phaseName",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceParsedPatternTypeValue: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceParsedPatternTypeValue",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceParsedPatternTypeValue",
+ modelProperties: {
+ valueType: {
+ serializedName: "valueType",
+ type: {
+ name: "String"
+ }
+ },
+ value: {
+ serializedName: "value",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceParsedPattern: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceParsedPattern",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceParsedPattern",
+ modelProperties: {
+ patternTypeKey: {
+ serializedName: "patternTypeKey",
+ type: {
+ name: "String"
+ }
+ },
+ patternTypeValues: {
+ serializedName: "patternTypeValues",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceParsedPatternTypeValue"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceExternalReference: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceExternalReference",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceExternalReference",
+ modelProperties: {
+ description: {
+ serializedName: "description",
+ type: {
+ name: "String"
+ }
+ },
+ externalId: {
+ serializedName: "externalId",
+ type: {
+ name: "String"
+ }
+ },
+ sourceName: {
+ serializedName: "sourceName",
+ type: {
+ name: "String"
+ }
+ },
+ url: {
+ serializedName: "url",
+ type: {
+ name: "String"
+ }
+ },
+ hashes: {
+ serializedName: "hashes",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceGranularMarkingModel: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceGranularMarkingModel",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceGranularMarkingModel",
+ modelProperties: {
+ language: {
+ serializedName: "language",
+ type: {
+ name: "String"
+ }
+ },
+ markingRef: {
+ serializedName: "markingRef",
+ type: {
+ name: "Number"
+ }
+ },
+ selectors: {
+ serializedName: "selectors",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceIndicatorModel: msRest.CompositeMapper = {
+ serializedName: "indicator",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: ThreatIntelligenceInformation.type.polymorphicDiscriminator,
+ uberParent: "ThreatIntelligenceInformation",
+ className: "ThreatIntelligenceIndicatorModel",
+ modelProperties: {
+ ...ThreatIntelligenceInformation.type.modelProperties,
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ threatIntelligenceTags: {
+ serializedName: "properties.threatIntelligenceTags",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ lastUpdatedTimeUtc: {
+ serializedName: "properties.lastUpdatedTimeUtc",
+ type: {
+ name: "String"
+ }
+ },
+ source: {
+ serializedName: "properties.source",
+ type: {
+ name: "String"
+ }
+ },
+ displayName: {
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ description: {
+ serializedName: "properties.description",
+ type: {
+ name: "String"
+ }
+ },
+ indicatorTypes: {
+ serializedName: "properties.indicatorTypes",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ pattern: {
+ serializedName: "properties.pattern",
+ type: {
+ name: "String"
+ }
+ },
+ patternType: {
+ serializedName: "properties.patternType",
+ type: {
+ name: "String"
+ }
+ },
+ patternVersion: {
+ serializedName: "properties.patternVersion",
+ type: {
+ name: "String"
+ }
+ },
+ killChainPhases: {
+ serializedName: "properties.killChainPhases",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceKillChainPhase"
+ }
+ }
+ }
+ },
+ parsedPattern: {
+ serializedName: "properties.parsedPattern",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceParsedPattern"
+ }
+ }
+ }
+ },
+ externalId: {
+ serializedName: "properties.externalId",
+ type: {
+ name: "String"
+ }
+ },
+ createdByRef: {
+ serializedName: "properties.createdByRef",
+ type: {
+ name: "String"
+ }
+ },
+ defanged: {
+ serializedName: "properties.defanged",
+ type: {
+ name: "Boolean"
+ }
+ },
+ externalLastUpdatedTimeUtc: {
+ serializedName: "properties.externalLastUpdatedTimeUtc",
+ type: {
+ name: "String"
+ }
+ },
+ externalReferences: {
+ serializedName: "properties.externalReferences",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceExternalReference"
+ }
+ }
+ }
+ },
+ granularMarkings: {
+ serializedName: "properties.granularMarkings",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceGranularMarkingModel"
+ }
+ }
+ }
+ },
+ labels: {
+ serializedName: "properties.labels",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ revoked: {
+ serializedName: "properties.revoked",
+ type: {
+ name: "Boolean"
+ }
+ },
+ confidence: {
+ serializedName: "properties.confidence",
+ type: {
+ name: "Number"
+ }
+ },
+ objectMarkingRefs: {
+ serializedName: "properties.objectMarkingRefs",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ language: {
+ serializedName: "properties.language",
+ type: {
+ name: "String"
+ }
+ },
+ threatTypes: {
+ serializedName: "properties.threatTypes",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ validFrom: {
+ serializedName: "properties.validFrom",
+ type: {
+ name: "String"
+ }
+ },
+ validUntil: {
+ serializedName: "properties.validUntil",
+ type: {
+ name: "String"
+ }
+ },
+ created: {
+ serializedName: "properties.created",
+ type: {
+ name: "String"
+ }
+ },
+ modified: {
+ serializedName: "properties.modified",
+ type: {
+ name: "String"
+ }
+ },
+ extensions: {
+ serializedName: "properties.extensions",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceResourceKind: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceResourceKind",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceResourceKind",
+ modelProperties: {
+ kind: {
+ required: true,
+ isConstant: true,
+ serializedName: "kind",
+ defaultValue: 'indicator',
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceIndicatorModelForRequestBody: msRest.CompositeMapper = {
+ serializedName: "indicator",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceIndicatorModelForRequestBody",
+ modelProperties: {
+ ...ThreatIntelligenceResourceKind.type.modelProperties,
+ etag: {
+ serializedName: "etag",
+ type: {
+ name: "String"
+ }
+ },
+ additionalData: {
+ readOnly: true,
+ serializedName: "properties.additionalData",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ },
+ friendlyName: {
+ readOnly: true,
+ serializedName: "properties.friendlyName",
+ type: {
+ name: "String"
+ }
+ },
+ threatIntelligenceTags: {
+ serializedName: "properties.threatIntelligenceTags",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ lastUpdatedTimeUtc: {
+ serializedName: "properties.lastUpdatedTimeUtc",
+ type: {
+ name: "String"
+ }
+ },
+ source: {
+ serializedName: "properties.source",
+ type: {
+ name: "String"
+ }
+ },
+ displayName: {
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ description: {
+ serializedName: "properties.description",
+ type: {
+ name: "String"
+ }
+ },
+ indicatorTypes: {
+ serializedName: "properties.indicatorTypes",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ pattern: {
+ serializedName: "properties.pattern",
+ type: {
+ name: "String"
+ }
+ },
+ patternType: {
+ serializedName: "properties.patternType",
+ type: {
+ name: "String"
+ }
+ },
+ patternVersion: {
+ serializedName: "properties.patternVersion",
+ type: {
+ name: "String"
+ }
+ },
+ killChainPhases: {
+ serializedName: "properties.killChainPhases",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceKillChainPhase"
+ }
+ }
+ }
+ },
+ parsedPattern: {
+ serializedName: "properties.parsedPattern",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceParsedPattern"
+ }
+ }
+ }
+ },
+ externalId: {
+ serializedName: "properties.externalId",
+ type: {
+ name: "String"
+ }
+ },
+ createdByRef: {
+ serializedName: "properties.createdByRef",
+ type: {
+ name: "String"
+ }
+ },
+ defanged: {
+ serializedName: "properties.defanged",
+ type: {
+ name: "Boolean"
+ }
+ },
+ externalLastUpdatedTimeUtc: {
+ serializedName: "properties.externalLastUpdatedTimeUtc",
+ type: {
+ name: "String"
+ }
+ },
+ externalReferences: {
+ serializedName: "properties.externalReferences",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceExternalReference"
+ }
+ }
+ }
+ },
+ granularMarkings: {
+ serializedName: "properties.granularMarkings",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceGranularMarkingModel"
+ }
+ }
+ }
+ },
+ labels: {
+ serializedName: "properties.labels",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ revoked: {
+ serializedName: "properties.revoked",
+ type: {
+ name: "Boolean"
+ }
+ },
+ confidence: {
+ serializedName: "properties.confidence",
+ type: {
+ name: "Number"
+ }
+ },
+ objectMarkingRefs: {
+ serializedName: "properties.objectMarkingRefs",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ language: {
+ serializedName: "properties.language",
+ type: {
+ name: "String"
+ }
+ },
+ threatTypes: {
+ serializedName: "properties.threatTypes",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ validFrom: {
+ serializedName: "properties.validFrom",
+ type: {
+ name: "String"
+ }
+ },
+ validUntil: {
+ serializedName: "properties.validUntil",
+ type: {
+ name: "String"
+ }
+ },
+ created: {
+ serializedName: "properties.created",
+ type: {
+ name: "String"
+ }
+ },
+ modified: {
+ serializedName: "properties.modified",
+ type: {
+ name: "String"
+ }
+ },
+ extensions: {
+ serializedName: "properties.extensions",
+ type: {
+ name: "Dictionary",
+ value: {
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceSortingCriteria: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceSortingCriteria",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceSortingCriteria",
+ modelProperties: {
+ itemKey: {
+ serializedName: "itemKey",
+ type: {
+ name: "String"
+ }
+ },
+ sortOrder: {
+ serializedName: "sortOrder",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceFilteringCriteria: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceFilteringCriteria",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceFilteringCriteria",
+ modelProperties: {
+ pageSize: {
+ serializedName: "pageSize",
+ type: {
+ name: "Number"
+ }
+ },
+ minConfidence: {
+ serializedName: "minConfidence",
+ type: {
+ name: "Number"
+ }
+ },
+ maxConfidence: {
+ serializedName: "maxConfidence",
+ type: {
+ name: "Number"
+ }
+ },
+ minValidUntil: {
+ serializedName: "minValidUntil",
+ type: {
+ name: "String"
+ }
+ },
+ maxValidUntil: {
+ serializedName: "maxValidUntil",
+ type: {
+ name: "String"
+ }
+ },
+ includeDisabled: {
+ serializedName: "includeDisabled",
+ type: {
+ name: "Boolean"
+ }
+ },
+ sortBy: {
+ serializedName: "sortBy",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceSortingCriteria"
+ }
+ }
+ }
+ },
+ sources: {
+ serializedName: "sources",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ patternTypes: {
+ serializedName: "patternTypes",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ threatTypes: {
+ serializedName: "threatTypes",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ ids: {
+ serializedName: "ids",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ keywords: {
+ serializedName: "keywords",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ skipToken: {
+ serializedName: "skipToken",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceAppendTags: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceAppendTags",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceAppendTags",
+ modelProperties: {
+ threatIntelligenceTags: {
+ serializedName: "threatIntelligenceTags",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceMetricEntity: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceMetricEntity",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceMetricEntity",
+ modelProperties: {
+ metricName: {
+ serializedName: "metricName",
+ type: {
+ name: "String"
+ }
+ },
+ metricValue: {
+ serializedName: "metricValue",
+ type: {
+ name: "Number"
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceMetric: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceMetric",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceMetric",
+ modelProperties: {
+ lastUpdatedTimeUtc: {
+ serializedName: "lastUpdatedTimeUtc",
+ type: {
+ name: "String"
+ }
+ },
+ threatTypeMetrics: {
+ serializedName: "threatTypeMetrics",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceMetricEntity"
+ }
+ }
+ }
+ },
+ patternTypeMetrics: {
+ serializedName: "patternTypeMetrics",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceMetricEntity"
+ }
+ }
+ }
+ },
+ sourceMetrics: {
+ serializedName: "sourceMetrics",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceMetricEntity"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceMetrics: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceMetrics",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceMetrics",
+ modelProperties: {
+ properties: {
+ serializedName: "properties",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceMetric"
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceMetricsList: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceMetricsList",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceMetricsList",
+ modelProperties: {
+ value: {
+ required: true,
+ serializedName: "value",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceMetrics"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const Watchlist: msRest.CompositeMapper = {
+ serializedName: "Watchlist",
+ type: {
+ name: "Composite",
+ className: "Watchlist",
+ modelProperties: {
+ ...ResourceWithEtag.type.modelProperties,
+ watchlistId: {
+ serializedName: "properties.watchlistId",
+ type: {
+ name: "String"
+ }
+ },
+ displayName: {
+ required: true,
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ provider: {
+ required: true,
+ serializedName: "properties.provider",
+ type: {
+ name: "String"
+ }
+ },
+ source: {
+ required: true,
+ serializedName: "properties.source",
+ type: {
+ name: "String"
+ }
+ },
+ created: {
+ serializedName: "properties.created",
+ type: {
+ name: "DateTime"
+ }
+ },
+ updated: {
+ serializedName: "properties.updated",
+ type: {
+ name: "DateTime"
+ }
+ },
+ createdBy: {
+ serializedName: "properties.createdBy",
+ type: {
+ name: "Composite",
+ className: "UserInfo"
+ }
+ },
+ updatedBy: {
+ serializedName: "properties.updatedBy",
+ type: {
+ name: "Composite",
+ className: "UserInfo"
+ }
+ },
+ description: {
+ serializedName: "properties.description",
+ type: {
+ name: "String"
+ }
+ },
+ watchlistType: {
+ serializedName: "properties.watchlistType",
+ type: {
+ name: "String"
+ }
+ },
+ watchlistAlias: {
+ serializedName: "properties.watchlistAlias",
+ type: {
+ name: "String"
+ }
+ },
+ isDeleted: {
+ serializedName: "properties.isDeleted",
+ type: {
+ name: "Boolean"
+ }
+ },
+ labels: {
+ serializedName: "properties.labels",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ defaultDuration: {
+ serializedName: "properties.defaultDuration",
+ type: {
+ name: "TimeSpan"
+ }
+ },
+ tenantId: {
+ serializedName: "properties.tenantId",
+ type: {
+ name: "String"
+ }
+ },
+ numberOfLinesToSkip: {
+ serializedName: "properties.numberOfLinesToSkip",
+ type: {
+ name: "Number"
+ }
+ },
+ rawContent: {
+ serializedName: "properties.rawContent",
+ type: {
+ name: "String"
+ }
+ },
+ itemsSearchKey: {
+ required: true,
+ serializedName: "properties.itemsSearchKey",
+ type: {
+ name: "String"
+ }
+ },
+ contentType: {
+ serializedName: "properties.contentType",
+ type: {
+ name: "String"
+ }
+ },
+ uploadStatus: {
+ serializedName: "properties.uploadStatus",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const WatchlistItem: msRest.CompositeMapper = {
+ serializedName: "WatchlistItem",
+ type: {
+ name: "Composite",
+ className: "WatchlistItem",
+ modelProperties: {
+ ...ResourceWithEtag.type.modelProperties,
+ watchlistItemType: {
+ serializedName: "properties.watchlistItemType",
+ type: {
+ name: "String"
+ }
+ },
+ watchlistItemId: {
+ serializedName: "properties.watchlistItemId",
+ type: {
+ name: "String"
+ }
+ },
+ tenantId: {
+ serializedName: "properties.tenantId",
+ type: {
+ name: "String"
+ }
+ },
+ isDeleted: {
+ serializedName: "properties.isDeleted",
+ type: {
+ name: "Boolean"
+ }
+ },
+ created: {
+ serializedName: "properties.created",
+ type: {
+ name: "DateTime"
+ }
+ },
+ updated: {
+ serializedName: "properties.updated",
+ type: {
+ name: "DateTime"
+ }
+ },
+ createdBy: {
+ serializedName: "properties.createdBy",
+ type: {
+ name: "Composite",
+ className: "UserInfo"
+ }
+ },
+ updatedBy: {
+ serializedName: "properties.updatedBy",
+ type: {
+ name: "Composite",
+ className: "UserInfo"
+ }
+ },
+ itemsKeyValue: {
+ required: true,
+ serializedName: "properties.itemsKeyValue",
+ type: {
+ name: "Object"
+ }
+ },
+ entityMapping: {
+ serializedName: "properties.entityMapping",
+ type: {
+ name: "Object"
+ }
+ }
+ }
+ }
+};
+
+export const OperationDisplay: msRest.CompositeMapper = {
+ serializedName: "Operation_display",
+ type: {
+ name: "Composite",
+ className: "OperationDisplay",
+ modelProperties: {
+ description: {
+ serializedName: "description",
+ type: {
+ name: "String"
+ }
+ },
+ operation: {
+ serializedName: "operation",
+ type: {
+ name: "String"
+ }
+ },
+ provider: {
+ serializedName: "provider",
+ type: {
+ name: "String"
+ }
+ },
+ resource: {
+ serializedName: "resource",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const Operation: msRest.CompositeMapper = {
+ serializedName: "Operation",
+ type: {
+ name: "Composite",
+ className: "Operation",
+ modelProperties: {
+ display: {
+ serializedName: "display",
+ type: {
+ name: "Composite",
+ className: "OperationDisplay"
+ }
+ },
+ name: {
+ serializedName: "name",
+ type: {
+ name: "String"
+ }
+ },
+ origin: {
+ serializedName: "origin",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ActionResponse: msRest.CompositeMapper = {
+ serializedName: "ActionResponse",
+ type: {
+ name: "Composite",
+ className: "ActionResponse",
+ modelProperties: {
+ ...Resource.type.modelProperties,
+ etag: {
+ serializedName: "etag",
+ type: {
+ name: "String"
+ }
+ },
+ logicAppResourceId: {
+ required: true,
+ serializedName: "properties.logicAppResourceId",
+ type: {
+ name: "String"
+ }
+ },
+ workflowId: {
+ serializedName: "properties.workflowId",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ActionRequest: msRest.CompositeMapper = {
+ serializedName: "ActionRequest",
+ type: {
+ name: "Composite",
+ className: "ActionRequest",
+ modelProperties: {
+ ...ResourceWithEtag.type.modelProperties,
+ logicAppResourceId: {
+ required: true,
+ serializedName: "properties.logicAppResourceId",
+ type: {
+ name: "String"
+ }
+ },
+ triggerUri: {
+ required: true,
+ serializedName: "properties.triggerUri",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const ActionPropertiesBase: msRest.CompositeMapper = {
+ serializedName: "ActionPropertiesBase",
+ type: {
+ name: "Composite",
+ className: "ActionPropertiesBase",
+ modelProperties: {
+ logicAppResourceId: {
+ required: true,
+ serializedName: "logicAppResourceId",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const AlertRule: msRest.CompositeMapper = {
+ serializedName: "AlertRule",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: {
+ serializedName: "kind",
+ clientName: "kind"
+ },
+ uberParent: "AlertRule",
+ className: "AlertRule",
+ modelProperties: {
+ ...ResourceWithEtag.type.modelProperties,
+ kind: {
+ required: true,
+ serializedName: "kind",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const AlertRuleTemplate: msRest.CompositeMapper = {
+ serializedName: "AlertRuleTemplate",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: {
+ serializedName: "kind",
+ clientName: "kind"
+ },
+ uberParent: "AlertRuleTemplate",
+ className: "AlertRuleTemplate",
+ modelProperties: {
+ ...Resource.type.modelProperties,
+ kind: {
+ required: true,
+ serializedName: "kind",
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+};
+
+export const AlertRuleTemplateDataSource: msRest.CompositeMapper = {
+ serializedName: "AlertRuleTemplateDataSource",
+ type: {
+ name: "Composite",
+ className: "AlertRuleTemplateDataSource",
+ modelProperties: {
+ connectorId: {
+ serializedName: "connectorId",
+ type: {
+ name: "String"
+ }
+ },
+ dataTypes: {
+ serializedName: "dataTypes",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const FusionAlertRule: msRest.CompositeMapper = {
+ serializedName: "Fusion",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: AlertRule.type.polymorphicDiscriminator,
+ uberParent: "AlertRule",
+ className: "FusionAlertRule",
+ modelProperties: {
+ ...AlertRule.type.modelProperties,
+ alertRuleTemplateName: {
+ required: true,
+ serializedName: "properties.alertRuleTemplateName",
+ type: {
+ name: "String"
+ }
+ },
+ description: {
+ readOnly: true,
+ serializedName: "properties.description",
+ type: {
+ name: "String"
+ }
+ },
+ displayName: {
+ readOnly: true,
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ enabled: {
+ required: true,
+ serializedName: "properties.enabled",
+ type: {
+ name: "Boolean"
+ }
+ },
+ lastModifiedUtc: {
+ readOnly: true,
+ serializedName: "properties.lastModifiedUtc",
+ type: {
+ name: "DateTime"
+ }
+ },
+ severity: {
+ readOnly: true,
+ serializedName: "properties.severity",
+ type: {
+ name: "String"
+ }
+ },
+ tactics: {
+ readOnly: true,
+ serializedName: "properties.tactics",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const FusionAlertRuleTemplate: msRest.CompositeMapper = {
+ serializedName: "Fusion",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: AlertRuleTemplate.type.polymorphicDiscriminator,
+ uberParent: "AlertRuleTemplate",
+ className: "FusionAlertRuleTemplate",
+ modelProperties: {
+ ...AlertRuleTemplate.type.modelProperties,
+ alertRulesCreatedByTemplateCount: {
+ serializedName: "properties.alertRulesCreatedByTemplateCount",
+ type: {
+ name: "Number"
+ }
+ },
+ createdDateUTC: {
+ readOnly: true,
+ serializedName: "properties.createdDateUTC",
+ type: {
+ name: "DateTime"
+ }
+ },
+ description: {
+ serializedName: "properties.description",
+ type: {
+ name: "String"
+ }
+ },
+ displayName: {
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ requiredDataConnectors: {
+ serializedName: "properties.requiredDataConnectors",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "AlertRuleTemplateDataSource"
+ }
+ }
+ }
+ },
+ status: {
+ serializedName: "properties.status",
+ type: {
+ name: "String"
+ }
+ },
+ severity: {
+ serializedName: "properties.severity",
+ type: {
+ name: "String"
+ }
+ },
+ tactics: {
+ serializedName: "properties.tactics",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const MicrosoftSecurityIncidentCreationAlertRule: msRest.CompositeMapper = {
+ serializedName: "MicrosoftSecurityIncidentCreation",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: AlertRule.type.polymorphicDiscriminator,
+ uberParent: "AlertRule",
+ className: "MicrosoftSecurityIncidentCreationAlertRule",
+ modelProperties: {
+ ...AlertRule.type.modelProperties,
+ displayNamesFilter: {
+ serializedName: "properties.displayNamesFilter",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ displayNamesExcludeFilter: {
+ serializedName: "properties.displayNamesExcludeFilter",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ productFilter: {
+ required: true,
+ serializedName: "properties.productFilter",
+ type: {
+ name: "String"
+ }
+ },
+ severitiesFilter: {
+ serializedName: "properties.severitiesFilter",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ alertRuleTemplateName: {
+ serializedName: "properties.alertRuleTemplateName",
+ type: {
+ name: "String"
+ }
+ },
+ description: {
+ serializedName: "properties.description",
+ type: {
+ name: "String"
+ }
+ },
+ displayName: {
+ required: true,
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ enabled: {
+ required: true,
+ serializedName: "properties.enabled",
+ type: {
+ name: "Boolean"
+ }
+ },
+ lastModifiedUtc: {
+ readOnly: true,
+ serializedName: "properties.lastModifiedUtc",
+ type: {
+ name: "DateTime"
+ }
+ }
+ }
+ }
+};
+
+export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: msRest.CompositeMapper = {
+ serializedName: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties",
+ type: {
+ name: "Composite",
+ className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties",
+ modelProperties: {
+ displayNamesFilter: {
+ serializedName: "displayNamesFilter",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ displayNamesExcludeFilter: {
+ serializedName: "displayNamesExcludeFilter",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ productFilter: {
+ required: true,
+ serializedName: "productFilter",
+ type: {
+ name: "String"
+ }
+ },
+ severitiesFilter: {
+ serializedName: "severitiesFilter",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const MicrosoftSecurityIncidentCreationAlertRuleTemplate: msRest.CompositeMapper = {
+ serializedName: "MicrosoftSecurityIncidentCreation",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: AlertRuleTemplate.type.polymorphicDiscriminator,
+ uberParent: "AlertRuleTemplate",
+ className: "MicrosoftSecurityIncidentCreationAlertRuleTemplate",
+ modelProperties: {
+ ...AlertRuleTemplate.type.modelProperties,
+ alertRulesCreatedByTemplateCount: {
+ serializedName: "properties.alertRulesCreatedByTemplateCount",
+ type: {
+ name: "Number"
+ }
+ },
+ createdDateUTC: {
+ readOnly: true,
+ serializedName: "properties.createdDateUTC",
+ type: {
+ name: "DateTime"
+ }
+ },
+ description: {
+ serializedName: "properties.description",
+ type: {
+ name: "String"
+ }
+ },
+ displayName: {
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ requiredDataConnectors: {
+ serializedName: "properties.requiredDataConnectors",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "AlertRuleTemplateDataSource"
+ }
+ }
+ }
+ },
+ status: {
+ serializedName: "properties.status",
+ type: {
+ name: "String"
+ }
+ },
+ displayNamesFilter: {
+ serializedName: "properties.displayNamesFilter",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ displayNamesExcludeFilter: {
+ serializedName: "properties.displayNamesExcludeFilter",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ },
+ productFilter: {
+ required: true,
+ serializedName: "properties.productFilter",
+ type: {
+ name: "String"
+ }
+ },
+ severitiesFilter: {
+ serializedName: "properties.severitiesFilter",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ScheduledAlertRule: msRest.CompositeMapper = {
+ serializedName: "Scheduled",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: AlertRule.type.polymorphicDiscriminator,
+ uberParent: "AlertRule",
+ className: "ScheduledAlertRule",
+ modelProperties: {
+ ...AlertRule.type.modelProperties,
+ query: {
+ serializedName: "properties.query",
+ type: {
+ name: "String"
+ }
+ },
+ queryFrequency: {
+ serializedName: "properties.queryFrequency",
+ type: {
+ name: "TimeSpan"
+ }
+ },
+ queryPeriod: {
+ serializedName: "properties.queryPeriod",
+ type: {
+ name: "TimeSpan"
+ }
+ },
+ severity: {
+ serializedName: "properties.severity",
+ type: {
+ name: "String"
+ }
+ },
+ triggerOperator: {
+ serializedName: "properties.triggerOperator",
+ type: {
+ name: "Enum",
+ allowedValues: [
+ "GreaterThan",
+ "LessThan",
+ "Equal",
+ "NotEqual"
+ ]
+ }
+ },
+ triggerThreshold: {
+ serializedName: "properties.triggerThreshold",
+ type: {
+ name: "Number"
+ }
+ },
+ alertRuleTemplateName: {
+ serializedName: "properties.alertRuleTemplateName",
+ type: {
+ name: "String"
+ }
+ },
+ description: {
+ serializedName: "properties.description",
+ type: {
+ name: "String"
+ }
+ },
+ displayName: {
+ required: true,
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ enabled: {
+ required: true,
+ serializedName: "properties.enabled",
+ type: {
+ name: "Boolean"
+ }
+ },
+ lastModifiedUtc: {
+ readOnly: true,
+ serializedName: "properties.lastModifiedUtc",
+ type: {
+ name: "DateTime"
+ }
+ },
+ suppressionDuration: {
+ required: true,
+ serializedName: "properties.suppressionDuration",
+ type: {
+ name: "TimeSpan"
+ }
+ },
+ suppressionEnabled: {
+ required: true,
+ serializedName: "properties.suppressionEnabled",
+ type: {
+ name: "Boolean"
+ }
+ },
+ tactics: {
+ serializedName: "properties.tactics",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ScheduledAlertRuleCommonProperties: msRest.CompositeMapper = {
+ serializedName: "ScheduledAlertRuleCommonProperties",
+ type: {
+ name: "Composite",
+ className: "ScheduledAlertRuleCommonProperties",
+ modelProperties: {
+ query: {
+ serializedName: "query",
+ type: {
+ name: "String"
+ }
+ },
+ queryFrequency: {
+ serializedName: "queryFrequency",
+ type: {
+ name: "TimeSpan"
+ }
+ },
+ queryPeriod: {
+ serializedName: "queryPeriod",
+ type: {
+ name: "TimeSpan"
+ }
+ },
+ severity: {
+ serializedName: "severity",
+ type: {
+ name: "String"
+ }
+ },
+ triggerOperator: {
+ serializedName: "triggerOperator",
+ type: {
+ name: "Enum",
+ allowedValues: [
+ "GreaterThan",
+ "LessThan",
+ "Equal",
+ "NotEqual"
+ ]
+ }
+ },
+ triggerThreshold: {
+ serializedName: "triggerThreshold",
+ type: {
+ name: "Number"
+ }
+ }
+ }
+ }
+};
+
+export const ScheduledAlertRuleTemplate: msRest.CompositeMapper = {
+ serializedName: "Scheduled",
+ type: {
+ name: "Composite",
+ polymorphicDiscriminator: AlertRuleTemplate.type.polymorphicDiscriminator,
+ uberParent: "AlertRuleTemplate",
+ className: "ScheduledAlertRuleTemplate",
+ modelProperties: {
+ ...AlertRuleTemplate.type.modelProperties,
+ alertRulesCreatedByTemplateCount: {
+ serializedName: "properties.alertRulesCreatedByTemplateCount",
+ type: {
+ name: "Number"
+ }
+ },
+ createdDateUTC: {
+ readOnly: true,
+ serializedName: "properties.createdDateUTC",
+ type: {
+ name: "DateTime"
+ }
+ },
+ description: {
+ serializedName: "properties.description",
+ type: {
+ name: "String"
+ }
+ },
+ displayName: {
+ serializedName: "properties.displayName",
+ type: {
+ name: "String"
+ }
+ },
+ requiredDataConnectors: {
+ serializedName: "properties.requiredDataConnectors",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "AlertRuleTemplateDataSource"
+ }
+ }
+ }
+ },
+ status: {
+ serializedName: "properties.status",
+ type: {
+ name: "String"
+ }
+ },
+ query: {
+ serializedName: "properties.query",
+ type: {
+ name: "String"
+ }
+ },
+ queryFrequency: {
+ serializedName: "properties.queryFrequency",
+ type: {
+ name: "TimeSpan"
+ }
+ },
+ queryPeriod: {
+ serializedName: "properties.queryPeriod",
+ type: {
+ name: "TimeSpan"
+ }
+ },
+ severity: {
+ serializedName: "properties.severity",
+ type: {
+ name: "String"
+ }
+ },
+ triggerOperator: {
+ serializedName: "properties.triggerOperator",
+ type: {
+ name: "Enum",
+ allowedValues: [
+ "GreaterThan",
+ "LessThan",
+ "Equal",
+ "NotEqual"
+ ]
+ }
+ },
+ triggerThreshold: {
+ serializedName: "properties.triggerThreshold",
+ type: {
+ name: "Number"
+ }
+ },
+ tactics: {
+ serializedName: "properties.tactics",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "String"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const IncidentList: msRest.CompositeMapper = {
+ serializedName: "IncidentList",
+ type: {
+ name: "Composite",
+ className: "IncidentList",
+ modelProperties: {
+ nextLink: {
+ readOnly: true,
+ serializedName: "nextLink",
+ type: {
+ name: "String"
+ }
+ },
+ value: {
+ required: true,
+ serializedName: "",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "Incident"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const IncidentCommentList: msRest.CompositeMapper = {
+ serializedName: "IncidentCommentList",
+ type: {
+ name: "Composite",
+ className: "IncidentCommentList",
+ modelProperties: {
+ nextLink: {
+ readOnly: true,
+ serializedName: "nextLink",
+ type: {
+ name: "String"
+ }
+ },
+ value: {
+ required: true,
+ serializedName: "",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "IncidentComment"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const RelationList: msRest.CompositeMapper = {
+ serializedName: "RelationList",
+ type: {
+ name: "Composite",
+ className: "RelationList",
+ modelProperties: {
+ nextLink: {
+ readOnly: true,
+ serializedName: "nextLink",
+ type: {
+ name: "String"
+ }
+ },
+ value: {
+ required: true,
+ serializedName: "",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "Relation"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ThreatIntelligenceInformationList: msRest.CompositeMapper = {
+ serializedName: "ThreatIntelligenceInformationList",
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceInformationList",
+ modelProperties: {
+ nextLink: {
+ readOnly: true,
+ serializedName: "nextLink",
+ type: {
+ name: "String"
+ }
+ },
+ value: {
+ required: true,
+ serializedName: "",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ThreatIntelligenceInformation"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const WatchlistList: msRest.CompositeMapper = {
+ serializedName: "WatchlistList",
+ type: {
+ name: "Composite",
+ className: "WatchlistList",
+ modelProperties: {
+ nextLink: {
+ readOnly: true,
+ serializedName: "nextLink",
+ type: {
+ name: "String"
+ }
+ },
+ value: {
+ required: true,
+ serializedName: "",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "Watchlist"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const WatchlistItemList: msRest.CompositeMapper = {
+ serializedName: "WatchlistItemList",
+ type: {
+ name: "Composite",
+ className: "WatchlistItemList",
+ modelProperties: {
+ nextLink: {
+ readOnly: true,
+ serializedName: "nextLink",
+ type: {
+ name: "String"
+ }
+ },
+ value: {
+ required: true,
+ serializedName: "",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "WatchlistItem"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const OperationsList: msRest.CompositeMapper = {
+ serializedName: "OperationsList",
+ type: {
+ name: "Composite",
+ className: "OperationsList",
+ modelProperties: {
+ nextLink: {
+ readOnly: true,
+ serializedName: "nextLink",
+ type: {
+ name: "String"
+ }
+ },
+ value: {
+ required: true,
+ serializedName: "",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "Operation"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const AlertRulesList: msRest.CompositeMapper = {
+ serializedName: "AlertRulesList",
+ type: {
+ name: "Composite",
+ className: "AlertRulesList",
+ modelProperties: {
+ nextLink: {
+ readOnly: true,
+ serializedName: "nextLink",
+ type: {
+ name: "String"
+ }
+ },
+ value: {
+ required: true,
+ serializedName: "",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "AlertRule"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const ActionsList: msRest.CompositeMapper = {
+ serializedName: "ActionsList",
+ type: {
+ name: "Composite",
+ className: "ActionsList",
+ modelProperties: {
+ nextLink: {
+ readOnly: true,
+ serializedName: "nextLink",
+ type: {
+ name: "String"
+ }
+ },
+ value: {
+ required: true,
+ serializedName: "",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "ActionResponse"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const AlertRuleTemplatesList: msRest.CompositeMapper = {
+ serializedName: "AlertRuleTemplatesList",
+ type: {
+ name: "Composite",
+ className: "AlertRuleTemplatesList",
+ modelProperties: {
+ nextLink: {
+ readOnly: true,
+ serializedName: "nextLink",
+ type: {
+ name: "String"
+ }
+ },
+ value: {
+ required: true,
+ serializedName: "",
+ type: {
+ name: "Sequence",
+ element: {
+ type: {
+ name: "Composite",
+ className: "AlertRuleTemplate"
+ }
+ }
+ }
+ }
+ }
+ }
+};
+
+export const discriminators = {
+ 'Entity.Account' : AccountEntity,
+ 'Entity.AzureResource' : AzureResourceEntity,
+ 'Entity.CloudApplication' : CloudApplicationEntity,
+ 'Entity.DnsResolution' : DnsEntity,
+ 'Entity' : Entity,
+ 'Entity.File' : FileEntity,
+ 'Entity.FileHash' : FileHashEntity,
+ 'Entity.Host' : HostEntity,
+ 'Entity.Bookmark' : HuntingBookmark,
+ 'Entity.SecurityAlert' : SecurityAlert,
+ 'Entity.IoTDevice' : IoTDeviceEntity,
+ 'Entity.Ip' : IpEntity,
+ 'Entity.Mailbox' : MailboxEntity,
+ 'Entity.MailCluster' : MailClusterEntity,
+ 'Entity.MailMessage' : MailMessageEntity,
+ 'Entity.Malware' : MalwareEntity,
+ 'Entity.Process' : ProcessEntity,
+ 'Entity.RegistryKey' : RegistryKeyEntity,
+ 'Entity.RegistryValue' : RegistryValueEntity,
+ 'Entity.SecurityGroup' : SecurityGroupEntity,
+ 'Entity.SubmissionMail' : SubmissionMailEntity,
+ 'Entity.Url' : UrlEntity,
+ 'ThreatIntelligenceInformation' : ThreatIntelligenceInformation,
+ 'ThreatIntelligenceInformation.indicator' : ThreatIntelligenceIndicatorModel,
+ 'AlertRule' : AlertRule,
+ 'AlertRuleTemplate' : AlertRuleTemplate,
+ 'AlertRule.Fusion' : FusionAlertRule,
+ 'AlertRuleTemplate.Fusion' : FusionAlertRuleTemplate,
+ 'AlertRule.MicrosoftSecurityIncidentCreation' : MicrosoftSecurityIncidentCreationAlertRule,
+ 'AlertRuleTemplate.MicrosoftSecurityIncidentCreation' : MicrosoftSecurityIncidentCreationAlertRuleTemplate,
+ 'AlertRule.Scheduled' : ScheduledAlertRule,
+ 'AlertRuleTemplate.Scheduled' : ScheduledAlertRuleTemplate
+
+};
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/operationsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/operationsMappers.ts
new file mode 100644
index 000000000000..500c0fc2dfe3
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/operationsMappers.ts
@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ CloudError,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ Operation,
+ OperationDisplay,
+ OperationsList
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts
new file mode 100644
index 000000000000..bd8a758070e1
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts
@@ -0,0 +1,262 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is
+ * regenerated.
+ */
+
+import * as msRest from "@azure/ms-rest-js";
+
+export const acceptLanguage: msRest.OperationParameter = {
+ parameterPath: "acceptLanguage",
+ mapper: {
+ serializedName: "accept-language",
+ defaultValue: 'en-US',
+ type: {
+ name: "String"
+ }
+ }
+};
+export const actionId: msRest.OperationURLParameter = {
+ parameterPath: "actionId",
+ mapper: {
+ required: true,
+ serializedName: "actionId",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const alertRuleTemplateId: msRest.OperationURLParameter = {
+ parameterPath: "alertRuleTemplateId",
+ mapper: {
+ required: true,
+ serializedName: "alertRuleTemplateId",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const apiVersion: msRest.OperationQueryParameter = {
+ parameterPath: "apiVersion",
+ mapper: {
+ required: true,
+ serializedName: "api-version",
+ constraints: {
+ MinLength: 1
+ },
+ type: {
+ name: "String"
+ }
+ }
+};
+export const filter: msRest.OperationQueryParameter = {
+ parameterPath: [
+ "options",
+ "filter"
+ ],
+ mapper: {
+ serializedName: "$filter",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const incidentCommentId: msRest.OperationURLParameter = {
+ parameterPath: "incidentCommentId",
+ mapper: {
+ required: true,
+ serializedName: "incidentCommentId",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const incidentId: msRest.OperationURLParameter = {
+ parameterPath: "incidentId",
+ mapper: {
+ required: true,
+ serializedName: "incidentId",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const name: msRest.OperationURLParameter = {
+ parameterPath: "name",
+ mapper: {
+ required: true,
+ serializedName: "name",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const nextPageLink: msRest.OperationURLParameter = {
+ parameterPath: "nextPageLink",
+ mapper: {
+ required: true,
+ serializedName: "nextLink",
+ type: {
+ name: "String"
+ }
+ },
+ skipEncoding: true
+};
+export const operationalInsightsResourceProvider: msRest.OperationURLParameter = {
+ parameterPath: "operationalInsightsResourceProvider",
+ mapper: {
+ required: true,
+ serializedName: "operationalInsightsResourceProvider",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const orderby: msRest.OperationQueryParameter = {
+ parameterPath: [
+ "options",
+ "orderby"
+ ],
+ mapper: {
+ serializedName: "$orderby",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const relationName: msRest.OperationURLParameter = {
+ parameterPath: "relationName",
+ mapper: {
+ required: true,
+ serializedName: "relationName",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const resourceGroupName0: msRest.OperationURLParameter = {
+ parameterPath: "resourceGroupName",
+ mapper: {
+ required: true,
+ serializedName: "resourceGroupName",
+ constraints: {
+ MaxLength: 90,
+ MinLength: 1,
+ Pattern: /^[-\w\._\(\)]+$/
+ },
+ type: {
+ name: "String"
+ }
+ }
+};
+export const resourceGroupName1: msRest.OperationURLParameter = {
+ parameterPath: "resourceGroupName",
+ mapper: {
+ required: true,
+ serializedName: "resourceGroupName",
+ constraints: {
+ MaxLength: 90,
+ MinLength: 1
+ },
+ type: {
+ name: "String"
+ }
+ }
+};
+export const ruleId: msRest.OperationURLParameter = {
+ parameterPath: "ruleId",
+ mapper: {
+ required: true,
+ serializedName: "ruleId",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const skipToken: msRest.OperationQueryParameter = {
+ parameterPath: [
+ "options",
+ "skipToken"
+ ],
+ mapper: {
+ serializedName: "$skipToken",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const subscriptionId0: msRest.OperationURLParameter = {
+ parameterPath: "subscriptionId",
+ mapper: {
+ required: true,
+ serializedName: "subscriptionId",
+ constraints: {
+ Pattern: /^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$/
+ },
+ type: {
+ name: "String"
+ }
+ }
+};
+export const subscriptionId1: msRest.OperationURLParameter = {
+ parameterPath: "subscriptionId",
+ mapper: {
+ required: true,
+ serializedName: "subscriptionId",
+ constraints: {
+ MinLength: 1
+ },
+ type: {
+ name: "String"
+ }
+ }
+};
+export const top: msRest.OperationQueryParameter = {
+ parameterPath: [
+ "options",
+ "top"
+ ],
+ mapper: {
+ serializedName: "$top",
+ type: {
+ name: "Number"
+ }
+ }
+};
+export const watchlistAlias: msRest.OperationURLParameter = {
+ parameterPath: "watchlistAlias",
+ mapper: {
+ required: true,
+ serializedName: "watchlistAlias",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const watchlistItemId: msRest.OperationURLParameter = {
+ parameterPath: "watchlistItemId",
+ mapper: {
+ required: true,
+ serializedName: "watchlistItemId",
+ type: {
+ name: "String"
+ }
+ }
+};
+export const workspaceName: msRest.OperationURLParameter = {
+ parameterPath: "workspaceName",
+ mapper: {
+ required: true,
+ serializedName: "workspaceName",
+ constraints: {
+ MaxLength: 90,
+ MinLength: 1
+ },
+ type: {
+ name: "String"
+ }
+ }
+};
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMappers.ts
new file mode 100644
index 000000000000..6d624d6542df
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMappers.ts
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ CloudError,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ ThreatIntelligenceAppendTags,
+ ThreatIntelligenceExternalReference,
+ ThreatIntelligenceFilteringCriteria,
+ ThreatIntelligenceGranularMarkingModel,
+ ThreatIntelligenceIndicatorModel,
+ ThreatIntelligenceIndicatorModelForRequestBody,
+ ThreatIntelligenceInformation,
+ ThreatIntelligenceInformationList,
+ ThreatIntelligenceKillChainPhase,
+ ThreatIntelligenceParsedPattern,
+ ThreatIntelligenceParsedPatternTypeValue,
+ ThreatIntelligenceResourceKind,
+ ThreatIntelligenceSortingCriteria
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMetricsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMetricsMappers.ts
new file mode 100644
index 000000000000..8ebf817d54f6
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMetricsMappers.ts
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ CloudError,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ ThreatIntelligenceMetric,
+ ThreatIntelligenceMetricEntity,
+ ThreatIntelligenceMetrics,
+ ThreatIntelligenceMetricsList
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorsMappers.ts
new file mode 100644
index 000000000000..a90bb740a27d
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorsMappers.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ CloudError,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ ThreatIntelligenceExternalReference,
+ ThreatIntelligenceGranularMarkingModel,
+ ThreatIntelligenceIndicatorModel,
+ ThreatIntelligenceInformation,
+ ThreatIntelligenceInformationList,
+ ThreatIntelligenceKillChainPhase,
+ ThreatIntelligenceParsedPattern,
+ ThreatIntelligenceParsedPatternTypeValue
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/watchlistItemsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/watchlistItemsMappers.ts
new file mode 100644
index 000000000000..24f4dd99eed9
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/watchlistItemsMappers.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ ActionRequest,
+ ActionResponse,
+ AlertRule,
+ AlertRuleTemplate,
+ AlertRuleTemplateDataSource,
+ BaseResource,
+ ClientInfo,
+ CloudError,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ FusionAlertRule,
+ FusionAlertRuleTemplate,
+ Incident,
+ IncidentAdditionalData,
+ IncidentComment,
+ IncidentLabel,
+ IncidentOwnerInfo,
+ MicrosoftSecurityIncidentCreationAlertRule,
+ MicrosoftSecurityIncidentCreationAlertRuleTemplate,
+ Relation,
+ Resource,
+ ResourceWithEtag,
+ ScheduledAlertRule,
+ ScheduledAlertRuleTemplate,
+ SystemData,
+ UserInfo,
+ Watchlist,
+ WatchlistItem,
+ WatchlistItemList
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/models/watchlistsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/watchlistsMappers.ts
new file mode 100644
index 000000000000..9025b70ccfa4
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/models/watchlistsMappers.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export {
+ discriminators,
+ ActionRequest,
+ ActionResponse,
+ AlertRule,
+ AlertRuleTemplate,
+ AlertRuleTemplateDataSource,
+ BaseResource,
+ ClientInfo,
+ CloudError,
+ ErrorAdditionalInfo,
+ ErrorResponse,
+ FusionAlertRule,
+ FusionAlertRuleTemplate,
+ Incident,
+ IncidentAdditionalData,
+ IncidentComment,
+ IncidentLabel,
+ IncidentOwnerInfo,
+ MicrosoftSecurityIncidentCreationAlertRule,
+ MicrosoftSecurityIncidentCreationAlertRuleTemplate,
+ Relation,
+ Resource,
+ ResourceWithEtag,
+ ScheduledAlertRule,
+ ScheduledAlertRuleTemplate,
+ SystemData,
+ UserInfo,
+ Watchlist,
+ WatchlistItem,
+ WatchlistList
+} from "../models/mappers";
diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts b/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts
new file mode 100644
index 000000000000..327511d4fc8e
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts
@@ -0,0 +1,357 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is
+ * regenerated.
+ */
+
+import * as msRest from "@azure/ms-rest-js";
+import * as Models from "../models";
+import * as Mappers from "../models/actionsMappers";
+import * as Parameters from "../models/parameters";
+import { SecurityInsightsContext } from "../securityInsightsContext";
+
+/** Class representing a Actions. */
+export class Actions {
+ private readonly client: SecurityInsightsContext;
+
+ /**
+ * Create a Actions.
+ * @param {SecurityInsightsContext} client Reference to the service client.
+ */
+ constructor(client: SecurityInsightsContext) {
+ this.client = client;
+ }
+
+ /**
+ * Gets all actions of alert rule.
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ listByAlertRule(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param callback The callback
+ */
+ listByAlertRule(resourceGroupName: string, workspaceName: string, ruleId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ listByAlertRule(resourceGroupName: string, workspaceName: string, ruleId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ listByAlertRule(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ ruleId,
+ options
+ },
+ listByAlertRuleOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Gets the action of alert rule.
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param actionId Action ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ get(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param actionId Action ID
+ * @param callback The callback
+ */
+ get(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param actionId Action ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ get(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ get(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ ruleId,
+ actionId,
+ options
+ },
+ getOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Creates or updates the action of alert rule.
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param actionId Action ID
+ * @param action The action
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, action: Models.ActionRequest, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param actionId Action ID
+ * @param action The action
+ * @param callback The callback
+ */
+ createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, action: Models.ActionRequest, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param actionId Action ID
+ * @param action The action
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, action: Models.ActionRequest, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, action: Models.ActionRequest, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ ruleId,
+ actionId,
+ action,
+ options
+ },
+ createOrUpdateOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Delete the action of alert rule.
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param actionId Action ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param actionId Action ID
+ * @param callback The callback
+ */
+ deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param actionId Action ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ ruleId,
+ actionId,
+ options
+ },
+ deleteMethodOperationSpec,
+ callback);
+ }
+
+ /**
+ * Gets all actions of alert rule.
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ listByAlertRuleNext(nextPageLink: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param callback The callback
+ */
+ listByAlertRuleNext(nextPageLink: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ listByAlertRuleNext(nextPageLink: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ listByAlertRuleNext(nextPageLink: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ nextPageLink,
+ options
+ },
+ listByAlertRuleNextOperationSpec,
+ callback) as Promise;
+ }
+}
+
+// Operation Specifications
+const serializer = new msRest.Serializer(Mappers);
+const listByAlertRuleOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions",
+ urlParameters: [
+ Parameters.subscriptionId1,
+ Parameters.resourceGroupName1,
+ Parameters.workspaceName,
+ Parameters.ruleId
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.ActionsList
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const getOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}",
+ urlParameters: [
+ Parameters.subscriptionId1,
+ Parameters.resourceGroupName1,
+ Parameters.workspaceName,
+ Parameters.ruleId,
+ Parameters.actionId
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.ActionResponse
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const createOrUpdateOperationSpec: msRest.OperationSpec = {
+ httpMethod: "PUT",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}",
+ urlParameters: [
+ Parameters.subscriptionId1,
+ Parameters.resourceGroupName1,
+ Parameters.workspaceName,
+ Parameters.ruleId,
+ Parameters.actionId
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ requestBody: {
+ parameterPath: "action",
+ mapper: {
+ ...Mappers.ActionRequest,
+ required: true
+ }
+ },
+ responses: {
+ 200: {
+ bodyMapper: Mappers.ActionResponse
+ },
+ 201: {
+ bodyMapper: Mappers.ActionResponse
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const deleteMethodOperationSpec: msRest.OperationSpec = {
+ httpMethod: "DELETE",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}",
+ urlParameters: [
+ Parameters.subscriptionId1,
+ Parameters.resourceGroupName1,
+ Parameters.workspaceName,
+ Parameters.ruleId,
+ Parameters.actionId
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {},
+ 204: {},
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const listByAlertRuleNextOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ baseUrl: "https://management.azure.com",
+ path: "{nextLink}",
+ urlParameters: [
+ Parameters.nextPageLink
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.ActionsList
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts
new file mode 100644
index 000000000000..381647e43f24
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts
@@ -0,0 +1,200 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is
+ * regenerated.
+ */
+
+import * as msRest from "@azure/ms-rest-js";
+import * as Models from "../models";
+import * as Mappers from "../models/alertRuleTemplatesMappers";
+import * as Parameters from "../models/parameters";
+import { SecurityInsightsContext } from "../securityInsightsContext";
+
+/** Class representing a AlertRuleTemplates. */
+export class AlertRuleTemplates {
+ private readonly client: SecurityInsightsContext;
+
+ /**
+ * Create a AlertRuleTemplates.
+ * @param {SecurityInsightsContext} client Reference to the service client.
+ */
+ constructor(client: SecurityInsightsContext) {
+ this.client = client;
+ }
+
+ /**
+ * Gets all alert rule templates.
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ list(resourceGroupName: string, workspaceName: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param callback The callback
+ */
+ list(resourceGroupName: string, workspaceName: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ list(resourceGroupName: string, workspaceName: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ list(resourceGroupName: string, workspaceName: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ options
+ },
+ listOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Gets the alert rule template.
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param alertRuleTemplateId Alert rule template ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param alertRuleTemplateId Alert rule template ID
+ * @param callback The callback
+ */
+ get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param alertRuleTemplateId Alert rule template ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ alertRuleTemplateId,
+ options
+ },
+ getOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Gets all alert rule templates.
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ listNext(nextPageLink: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param callback The callback
+ */
+ listNext(nextPageLink: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ listNext(nextPageLink: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ listNext(nextPageLink: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ nextPageLink,
+ options
+ },
+ listNextOperationSpec,
+ callback) as Promise;
+ }
+}
+
+// Operation Specifications
+const serializer = new msRest.Serializer(Mappers);
+const listOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates",
+ urlParameters: [
+ Parameters.subscriptionId1,
+ Parameters.resourceGroupName1,
+ Parameters.workspaceName
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.AlertRuleTemplatesList
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const getOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}",
+ urlParameters: [
+ Parameters.subscriptionId1,
+ Parameters.resourceGroupName1,
+ Parameters.workspaceName,
+ Parameters.alertRuleTemplateId
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.AlertRuleTemplate
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const listNextOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ baseUrl: "https://management.azure.com",
+ path: "{nextLink}",
+ urlParameters: [
+ Parameters.nextPageLink
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.AlertRuleTemplatesList
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts b/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts
new file mode 100644
index 000000000000..861882ccb486
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts
@@ -0,0 +1,337 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is
+ * regenerated.
+ */
+
+import * as msRest from "@azure/ms-rest-js";
+import * as Models from "../models";
+import * as Mappers from "../models/alertRulesMappers";
+import * as Parameters from "../models/parameters";
+import { SecurityInsightsContext } from "../securityInsightsContext";
+
+/** Class representing a AlertRules. */
+export class AlertRules {
+ private readonly client: SecurityInsightsContext;
+
+ /**
+ * Create a AlertRules.
+ * @param {SecurityInsightsContext} client Reference to the service client.
+ */
+ constructor(client: SecurityInsightsContext) {
+ this.client = client;
+ }
+
+ /**
+ * Gets all alert rules.
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ list(resourceGroupName: string, workspaceName: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param callback The callback
+ */
+ list(resourceGroupName: string, workspaceName: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ list(resourceGroupName: string, workspaceName: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ list(resourceGroupName: string, workspaceName: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ options
+ },
+ listOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Gets the alert rule.
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ get(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param callback The callback
+ */
+ get(resourceGroupName: string, workspaceName: string, ruleId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ get(resourceGroupName: string, workspaceName: string, ruleId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ get(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ ruleId,
+ options
+ },
+ getOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Creates or updates the alert rule.
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param alertRule The alert rule
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, alertRule: Models.AlertRuleUnion, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param alertRule The alert rule
+ * @param callback The callback
+ */
+ createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, alertRule: Models.AlertRuleUnion, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param alertRule The alert rule
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, alertRule: Models.AlertRuleUnion, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, alertRule: Models.AlertRuleUnion, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ ruleId,
+ alertRule,
+ options
+ },
+ createOrUpdateOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Delete the alert rule.
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param callback The callback
+ */
+ deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group. The name is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param ruleId Alert rule ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ ruleId,
+ options
+ },
+ deleteMethodOperationSpec,
+ callback);
+ }
+
+ /**
+ * Gets all alert rules.
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ listNext(nextPageLink: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param callback The callback
+ */
+ listNext(nextPageLink: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ listNext(nextPageLink: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ listNext(nextPageLink: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ nextPageLink,
+ options
+ },
+ listNextOperationSpec,
+ callback) as Promise;
+ }
+}
+
+// Operation Specifications
+const serializer = new msRest.Serializer(Mappers);
+const listOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules",
+ urlParameters: [
+ Parameters.subscriptionId1,
+ Parameters.resourceGroupName1,
+ Parameters.workspaceName
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.AlertRulesList
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const getOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}",
+ urlParameters: [
+ Parameters.subscriptionId1,
+ Parameters.resourceGroupName1,
+ Parameters.workspaceName,
+ Parameters.ruleId
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.AlertRule
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const createOrUpdateOperationSpec: msRest.OperationSpec = {
+ httpMethod: "PUT",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}",
+ urlParameters: [
+ Parameters.subscriptionId1,
+ Parameters.resourceGroupName1,
+ Parameters.workspaceName,
+ Parameters.ruleId
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ requestBody: {
+ parameterPath: "alertRule",
+ mapper: {
+ ...Mappers.AlertRule,
+ required: true
+ }
+ },
+ responses: {
+ 200: {
+ bodyMapper: Mappers.AlertRule
+ },
+ 201: {
+ bodyMapper: Mappers.AlertRule
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const deleteMethodOperationSpec: msRest.OperationSpec = {
+ httpMethod: "DELETE",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}",
+ urlParameters: [
+ Parameters.subscriptionId1,
+ Parameters.resourceGroupName1,
+ Parameters.workspaceName,
+ Parameters.ruleId
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {},
+ 204: {},
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const listNextOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ baseUrl: "https://management.azure.com",
+ path: "{nextLink}",
+ urlParameters: [
+ Parameters.nextPageLink
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.AlertRulesList
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts
new file mode 100644
index 000000000000..1cd213fb5a3d
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts
@@ -0,0 +1,377 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is
+ * regenerated.
+ */
+
+import * as msRest from "@azure/ms-rest-js";
+import * as Models from "../models";
+import * as Mappers from "../models/incidentCommentsMappers";
+import * as Parameters from "../models/parameters";
+import { SecurityInsightsContext } from "../securityInsightsContext";
+
+/** Class representing a IncidentComments. */
+export class IncidentComments {
+ private readonly client: SecurityInsightsContext;
+
+ /**
+ * Create a IncidentComments.
+ * @param {SecurityInsightsContext} client Reference to the service client.
+ */
+ constructor(client: SecurityInsightsContext) {
+ this.client = client;
+ }
+
+ /**
+ * Gets all comments for a given incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ listByIncident(resourceGroupName: string, workspaceName: string, incidentId: string, options?: Models.IncidentCommentsListByIncidentOptionalParams): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param callback The callback
+ */
+ listByIncident(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ listByIncident(resourceGroupName: string, workspaceName: string, incidentId: string, options: Models.IncidentCommentsListByIncidentOptionalParams, callback: msRest.ServiceCallback): void;
+ listByIncident(resourceGroupName: string, workspaceName: string, incidentId: string, options?: Models.IncidentCommentsListByIncidentOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ options
+ },
+ listByIncidentOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Gets a comment for a given incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incidentCommentId Incident comment ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incidentCommentId Incident comment ID
+ * @param callback The callback
+ */
+ get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incidentCommentId Incident comment ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ incidentCommentId,
+ options
+ },
+ getOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Creates or updates a comment for a given incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incidentCommentId Incident comment ID
+ * @param incidentComment The incident comment
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ createComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: Models.IncidentComment, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incidentCommentId Incident comment ID
+ * @param incidentComment The incident comment
+ * @param callback The callback
+ */
+ createComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: Models.IncidentComment, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incidentCommentId Incident comment ID
+ * @param incidentComment The incident comment
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ createComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: Models.IncidentComment, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ createComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: Models.IncidentComment, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ incidentCommentId,
+ incidentComment,
+ options
+ },
+ createCommentOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Deletes a comment for a given incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incidentCommentId Incident comment ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ deleteComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incidentCommentId Incident comment ID
+ * @param callback The callback
+ */
+ deleteComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incidentCommentId Incident comment ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ deleteComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ deleteComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ incidentCommentId,
+ options
+ },
+ deleteCommentOperationSpec,
+ callback);
+ }
+
+ /**
+ * Gets all comments for a given incident.
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ listByIncidentNext(nextPageLink: string, options?: Models.IncidentCommentsListByIncidentNextOptionalParams): Promise;
+ /**
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param callback The callback
+ */
+ listByIncidentNext(nextPageLink: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ listByIncidentNext(nextPageLink: string, options: Models.IncidentCommentsListByIncidentNextOptionalParams, callback: msRest.ServiceCallback): void;
+ listByIncidentNext(nextPageLink: string, options?: Models.IncidentCommentsListByIncidentNextOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ nextPageLink,
+ options
+ },
+ listByIncidentNextOperationSpec,
+ callback) as Promise;
+ }
+}
+
+// Operation Specifications
+const serializer = new msRest.Serializer(Mappers);
+const listByIncidentOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments",
+ urlParameters: [
+ Parameters.subscriptionId0,
+ Parameters.resourceGroupName0,
+ Parameters.workspaceName,
+ Parameters.incidentId
+ ],
+ queryParameters: [
+ Parameters.apiVersion,
+ Parameters.filter,
+ Parameters.orderby,
+ Parameters.top,
+ Parameters.skipToken
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.IncidentCommentList
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const getOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}",
+ urlParameters: [
+ Parameters.subscriptionId0,
+ Parameters.resourceGroupName0,
+ Parameters.workspaceName,
+ Parameters.incidentId,
+ Parameters.incidentCommentId
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.IncidentComment
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const createCommentOperationSpec: msRest.OperationSpec = {
+ httpMethod: "PUT",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}",
+ urlParameters: [
+ Parameters.subscriptionId0,
+ Parameters.resourceGroupName0,
+ Parameters.workspaceName,
+ Parameters.incidentId,
+ Parameters.incidentCommentId
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ requestBody: {
+ parameterPath: "incidentComment",
+ mapper: {
+ ...Mappers.IncidentComment,
+ required: true
+ }
+ },
+ responses: {
+ 200: {
+ bodyMapper: Mappers.IncidentComment
+ },
+ 201: {
+ bodyMapper: Mappers.IncidentComment
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const deleteCommentOperationSpec: msRest.OperationSpec = {
+ httpMethod: "DELETE",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}",
+ urlParameters: [
+ Parameters.subscriptionId0,
+ Parameters.resourceGroupName0,
+ Parameters.workspaceName,
+ Parameters.incidentId,
+ Parameters.incidentCommentId
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {},
+ 204: {},
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const listByIncidentNextOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ baseUrl: "https://management.azure.com",
+ path: "{nextLink}",
+ urlParameters: [
+ Parameters.nextPageLink
+ ],
+ queryParameters: [
+ Parameters.apiVersion,
+ Parameters.filter,
+ Parameters.orderby,
+ Parameters.top,
+ Parameters.skipToken
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.IncidentCommentList
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts
new file mode 100644
index 000000000000..c512f3e0890e
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts
@@ -0,0 +1,377 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is
+ * regenerated.
+ */
+
+import * as msRest from "@azure/ms-rest-js";
+import * as Models from "../models";
+import * as Mappers from "../models/incidentRelationsMappers";
+import * as Parameters from "../models/parameters";
+import { SecurityInsightsContext } from "../securityInsightsContext";
+
+/** Class representing a IncidentRelations. */
+export class IncidentRelations {
+ private readonly client: SecurityInsightsContext;
+
+ /**
+ * Create a IncidentRelations.
+ * @param {SecurityInsightsContext} client Reference to the service client.
+ */
+ constructor(client: SecurityInsightsContext) {
+ this.client = client;
+ }
+
+ /**
+ * Gets all relations for a given incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: Models.IncidentRelationsListOptionalParams): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param callback The callback
+ */
+ list(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ list(resourceGroupName: string, workspaceName: string, incidentId: string, options: Models.IncidentRelationsListOptionalParams, callback: msRest.ServiceCallback): void;
+ list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: Models.IncidentRelationsListOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ options
+ },
+ listOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Gets a relation for a given incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param relationName Relation Name
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ getRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param relationName Relation Name
+ * @param callback The callback
+ */
+ getRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param relationName Relation Name
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ getRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ getRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ relationName,
+ options
+ },
+ getRelationOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Creates or updates a relation for a given incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param relationName Relation Name
+ * @param relation The relation model
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ createOrUpdateRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Models.Relation, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param relationName Relation Name
+ * @param relation The relation model
+ * @param callback The callback
+ */
+ createOrUpdateRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Models.Relation, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param relationName Relation Name
+ * @param relation The relation model
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ createOrUpdateRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Models.Relation, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ createOrUpdateRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Models.Relation, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ relationName,
+ relation,
+ options
+ },
+ createOrUpdateRelationOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Deletes a relation for a given incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param relationName Relation Name
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ deleteRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param relationName Relation Name
+ * @param callback The callback
+ */
+ deleteRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param relationName Relation Name
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ deleteRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ deleteRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ relationName,
+ options
+ },
+ deleteRelationOperationSpec,
+ callback);
+ }
+
+ /**
+ * Gets all relations for a given incident.
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ listNext(nextPageLink: string, options?: Models.IncidentRelationsListNextOptionalParams): Promise;
+ /**
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param callback The callback
+ */
+ listNext(nextPageLink: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param nextPageLink The NextLink from the previous successful call to List operation.
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ listNext(nextPageLink: string, options: Models.IncidentRelationsListNextOptionalParams, callback: msRest.ServiceCallback): void;
+ listNext(nextPageLink: string, options?: Models.IncidentRelationsListNextOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ nextPageLink,
+ options
+ },
+ listNextOperationSpec,
+ callback) as Promise;
+ }
+}
+
+// Operation Specifications
+const serializer = new msRest.Serializer(Mappers);
+const listOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations",
+ urlParameters: [
+ Parameters.subscriptionId0,
+ Parameters.resourceGroupName0,
+ Parameters.workspaceName,
+ Parameters.incidentId
+ ],
+ queryParameters: [
+ Parameters.apiVersion,
+ Parameters.filter,
+ Parameters.orderby,
+ Parameters.top,
+ Parameters.skipToken
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.RelationList
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const getRelationOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}",
+ urlParameters: [
+ Parameters.subscriptionId0,
+ Parameters.resourceGroupName0,
+ Parameters.workspaceName,
+ Parameters.incidentId,
+ Parameters.relationName
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.Relation
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const createOrUpdateRelationOperationSpec: msRest.OperationSpec = {
+ httpMethod: "PUT",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}",
+ urlParameters: [
+ Parameters.subscriptionId0,
+ Parameters.resourceGroupName0,
+ Parameters.workspaceName,
+ Parameters.incidentId,
+ Parameters.relationName
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ requestBody: {
+ parameterPath: "relation",
+ mapper: {
+ ...Mappers.Relation,
+ required: true
+ }
+ },
+ responses: {
+ 200: {
+ bodyMapper: Mappers.Relation
+ },
+ 201: {
+ bodyMapper: Mappers.Relation
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const deleteRelationOperationSpec: msRest.OperationSpec = {
+ httpMethod: "DELETE",
+ path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}",
+ urlParameters: [
+ Parameters.subscriptionId0,
+ Parameters.resourceGroupName0,
+ Parameters.workspaceName,
+ Parameters.incidentId,
+ Parameters.relationName
+ ],
+ queryParameters: [
+ Parameters.apiVersion
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {},
+ 204: {},
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
+
+const listNextOperationSpec: msRest.OperationSpec = {
+ httpMethod: "GET",
+ baseUrl: "https://management.azure.com",
+ path: "{nextLink}",
+ urlParameters: [
+ Parameters.nextPageLink
+ ],
+ queryParameters: [
+ Parameters.apiVersion,
+ Parameters.filter,
+ Parameters.orderby,
+ Parameters.top,
+ Parameters.skipToken
+ ],
+ headerParameters: [
+ Parameters.acceptLanguage
+ ],
+ responses: {
+ 200: {
+ bodyMapper: Mappers.RelationList
+ },
+ default: {
+ bodyMapper: Mappers.CloudError
+ }
+ },
+ serializer
+};
diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts
new file mode 100644
index 000000000000..cd4fa7492cf5
--- /dev/null
+++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts
@@ -0,0 +1,552 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is
+ * regenerated.
+ */
+
+import * as msRest from "@azure/ms-rest-js";
+import * as Models from "../models";
+import * as Mappers from "../models/incidentsMappers";
+import * as Parameters from "../models/parameters";
+import { SecurityInsightsContext } from "../securityInsightsContext";
+
+/** Class representing a Incidents. */
+export class Incidents {
+ private readonly client: SecurityInsightsContext;
+
+ /**
+ * Create a Incidents.
+ * @param {SecurityInsightsContext} client Reference to the service client.
+ */
+ constructor(client: SecurityInsightsContext) {
+ this.client = client;
+ }
+
+ /**
+ * Gets all incidents.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ list(resourceGroupName: string, workspaceName: string, options?: Models.IncidentsListOptionalParams): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param callback The callback
+ */
+ list(resourceGroupName: string, workspaceName: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ list(resourceGroupName: string, workspaceName: string, options: Models.IncidentsListOptionalParams, callback: msRest.ServiceCallback): void;
+ list(resourceGroupName: string, workspaceName: string, options?: Models.IncidentsListOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ options
+ },
+ listOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Gets a given incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ get(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param callback The callback
+ */
+ get(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ get(resourceGroupName: string, workspaceName: string, incidentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ get(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ options
+ },
+ getOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Creates or updates an incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incident The incident
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Models.Incident, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incident The incident
+ * @param callback The callback
+ */
+ createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Models.Incident, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param incident The incident
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Models.Incident, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Models.Incident, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ incident,
+ options
+ },
+ createOrUpdateOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Deletes a given incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ deleteMethod(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param callback The callback
+ */
+ deleteMethod(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ deleteMethod(resourceGroupName: string, workspaceName: string, incidentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ deleteMethod(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ options
+ },
+ deleteMethodOperationSpec,
+ callback);
+ }
+
+ /**
+ * Gets all alerts for an incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ listOfAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param callback The callback
+ */
+ listOfAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ listOfAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ listOfAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ options
+ },
+ listOfAlertsOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Gets all bookmarks for an incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ listOfBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param callback The callback
+ */
+ listOfBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ listOfBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ listOfBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise {
+ return this.client.sendOperationRequest(
+ {
+ resourceGroupName,
+ workspaceName,
+ incidentId,
+ options
+ },
+ listOfBookmarksOperationSpec,
+ callback) as Promise;
+ }
+
+ /**
+ * Gets all entities for an incident.
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param [options] The optional parameters
+ * @returns Promise
+ */
+ listOfEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase): Promise;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param callback The callback
+ */
+ listOfEntities(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void;
+ /**
+ * @param resourceGroupName The name of the resource group within the user's subscription. The name
+ * is case insensitive.
+ * @param workspaceName The name of the workspace.
+ * @param incidentId Incident ID
+ * @param options The optional parameters
+ * @param callback The callback
+ */
+ listOfEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void;
+ listOfEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise