From 655d7a675d1758677bd422144234d57ddd962333 Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Wed, 6 Oct 2021 05:30:28 +0000 Subject: [PATCH] CodeGen from PR 16268 in Azure/azure-rest-api-specs Merge fa61b48bfdb743f321fcc80cc6def4149059a482 into 9d0188802cf8f540411f7fe58d3030d9081c66c3 --- .../arm-securityinsight/LICENSE.txt | 21 + .../arm-securityinsight/README.md | 118 + .../arm-securityinsight/package.json | 59 + .../arm-securityinsight/rollup.config.js | 37 + .../src/models/actionsMappers.ts | 49 + .../src/models/alertRuleTemplatesMappers.ts | 49 + .../src/models/alertRulesMappers.ts | 49 + .../src/models/incidentCommentsMappers.ts | 49 + .../src/models/incidentRelationsMappers.ts | 49 + .../src/models/incidentsMappers.ts | 79 + .../arm-securityinsight/src/models/index.ts | 5516 ++++++++++++++++ .../arm-securityinsight/src/models/mappers.ts | 5715 +++++++++++++++++ .../src/models/operationsMappers.ts | 17 + .../src/models/parameters.ts | 234 + .../threatIntelligenceIndicatorMappers.ts | 27 + ...reatIntelligenceIndicatorMetricsMappers.ts | 18 + .../threatIntelligenceIndicatorsMappers.ts | 22 + .../src/models/watchlistItemsMappers.ts | 49 + .../src/models/watchlistsMappers.ts | 49 + .../src/operations/actions.ts | 357 + .../src/operations/alertRuleTemplates.ts | 200 + .../src/operations/alertRules.ts | 337 + .../src/operations/incidentComments.ts | 365 ++ .../src/operations/incidentRelations.ts | 365 ++ .../src/operations/incidents.ts | 531 ++ .../src/operations/index.ts | 21 + .../src/operations/operations.ts | 125 + .../operations/threatIntelligenceIndicator.ts | 628 ++ .../threatIntelligenceIndicatorMetrics.ts | 94 + .../threatIntelligenceIndicators.ts | 154 + .../src/operations/watchlistItems.ts | 391 ++ .../src/operations/watchlists.ts | 373 ++ .../src/securityInsights.ts | 69 + .../src/securityInsightsContext.ts | 67 + .../arm-securityinsight/tsconfig.json | 19 + 35 files changed, 16302 insertions(+) create mode 100644 sdk/securityinsight/arm-securityinsight/LICENSE.txt create mode 100644 sdk/securityinsight/arm-securityinsight/README.md create mode 100644 sdk/securityinsight/arm-securityinsight/package.json create mode 100644 sdk/securityinsight/arm-securityinsight/rollup.config.js create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/actionsMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/alertRuleTemplatesMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/alertRulesMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/incidentCommentsMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/incidentRelationsMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/incidentsMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/index.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/mappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/operationsMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/parameters.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMetricsMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorsMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/watchlistItemsMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/models/watchlistsMappers.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/actions.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/index.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/operations.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicator.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicatorMetrics.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/securityInsights.ts create mode 100644 sdk/securityinsight/arm-securityinsight/src/securityInsightsContext.ts create mode 100644 sdk/securityinsight/arm-securityinsight/tsconfig.json diff --git a/sdk/securityinsight/arm-securityinsight/LICENSE.txt b/sdk/securityinsight/arm-securityinsight/LICENSE.txt new file mode 100644 index 000000000000..2d3163745319 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/LICENSE.txt @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2021 Microsoft + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/sdk/securityinsight/arm-securityinsight/README.md b/sdk/securityinsight/arm-securityinsight/README.md new file mode 100644 index 000000000000..d04ee0c6289e --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/README.md @@ -0,0 +1,118 @@ +## Azure SecurityInsights SDK for JavaScript + +This package contains an isomorphic SDK (runs both in node.js and in browsers) for SecurityInsights. + +### Currently supported environments + +- [LTS versions of Node.js](https://nodejs.org/about/releases/) +- Latest versions of Safari, Chrome, Edge and Firefox. + +### Prerequisites + +You must have an [Azure subscription](https://azure.microsoft.com/free/). + +### How to install + +To use this SDK in your project, you will need to install two packages. +- `@azure/arm-securityinsight` that contains the client. +- `@azure/identity` that provides different mechanisms for the client to authenticate your requests using Azure Active Directory. + +Install both packages using the below command: +```bash +npm install --save @azure/arm-securityinsight @azure/identity +``` +> **Note**: You may have used either `@azure/ms-rest-nodeauth` or `@azure/ms-rest-browserauth` in the past. These packages are in maintenance mode receiving critical bug fixes, but no new features. +If you are on a [Node.js that has LTS status](https://nodejs.org/about/releases/), or are writing a client side browser application, we strongly encourage you to upgrade to `@azure/identity` which uses the latest versions of Azure Active Directory and MSAL APIs and provides more authentication options. + +### How to use + +- If you are writing a client side browser application, + - Follow the instructions in the section on Authenticating client side browser applications in [Azure Identity examples](https://aka.ms/azsdk/js/identity/examples) to register your application in the Microsoft identity platform and set the right permissions. + - Copy the client ID and tenant ID from the Overview section of your app registration in Azure portal and use it in the browser sample below. +- If you are writing a server side application, + - [Select a credential from `@azure/identity` based on the authentication method of your choice](https://aka.ms/azsdk/js/identity/examples) + - Complete the set up steps required by the credential if any. + - Use the credential you picked in the place of `DefaultAzureCredential` in the Node.js sample below. + +In the below samples, we pass the credential and the Azure subscription id to instantiate the client. +Once the client is created, explore the operations on it either in your favorite editor or in our [API reference documentation](https://docs.microsoft.com/javascript/api) to get started. +#### nodejs - Authentication, client creation, and list incidents as an example written in JavaScript. + +##### Sample code + +```javascript +const { DefaultAzureCredential } = require("@azure/identity"); +const { SecurityInsights } = require("@azure/arm-securityinsight"); +const subscriptionId = process.env["AZURE_SUBSCRIPTION_ID"]; + +// Use `DefaultAzureCredential` or any other credential of your choice based on https://aka.ms/azsdk/js/identity/examples +// Please note that you can also use credentials from the `@azure/ms-rest-nodeauth` package instead. +const creds = new DefaultAzureCredential(); +const client = new SecurityInsights(creds, subscriptionId); +const resourceGroupName = "testresourceGroupName"; +const workspaceName = "testworkspaceName"; +const filter = "testfilter"; +const orderby = "testorderby"; +const top = 1; +const skipToken = "testskipToken"; +client.incidents.list(resourceGroupName, workspaceName, filter, orderby, top, skipToken).then((result) => { + console.log("The result is:"); + console.log(result); +}).catch((err) => { + console.log("An error occurred:"); + console.error(err); +}); +``` + +#### browser - Authentication, client creation, and list incidents as an example written in JavaScript. + +In browser applications, we recommend using the `InteractiveBrowserCredential` that interactively authenticates using the default system browser. + - See [Single-page application: App registration guide](https://docs.microsoft.com/azure/active-directory/develop/scenario-spa-app-registration) to configure your app registration for the browser. + - Note down the client Id from the previous step and use it in the browser sample below. + +##### Sample code + +- index.html + +```html + + + + @azure/arm-securityinsight sample + + + + + + + +``` + +## Related projects + +- [Microsoft Azure SDK for Javascript](https://github.com/Azure/azure-sdk-for-js) + +![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-js/sdk/securityinsight/arm-securityinsight/README.png) diff --git a/sdk/securityinsight/arm-securityinsight/package.json b/sdk/securityinsight/arm-securityinsight/package.json new file mode 100644 index 000000000000..0477c570a3b6 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/package.json @@ -0,0 +1,59 @@ +{ + "name": "@azure/arm-securityinsight", + "author": "Microsoft Corporation", + "description": "SecurityInsights Library with typescript type definitions for node.js and browser.", + "version": "1.0.0", + "dependencies": { + "@azure/ms-rest-azure-js": "^2.1.0", + "@azure/ms-rest-js": "^2.2.0", + "@azure/core-auth": "^1.1.4", + "tslib": "^1.10.0" + }, + "keywords": [ + "node", + "azure", + "typescript", + "browser", + "isomorphic" + ], + "license": "MIT", + "main": "./dist/arm-securityinsight.js", + "module": "./esm/securityInsights.js", + "types": "./esm/securityInsights.d.ts", + "devDependencies": { + "typescript": "^3.6.0", + "rollup": "^1.18.0", + "rollup-plugin-node-resolve": "^5.2.0", + "rollup-plugin-sourcemaps": "^0.4.2", + "uglify-js": "^3.6.0" + }, + "homepage": "https://github.com/Azure/azure-sdk-for-js/tree/master/sdk/securityinsight/arm-securityinsight", + "repository": { + "type": "git", + "url": "https://github.com/Azure/azure-sdk-for-js.git" + }, + "bugs": { + "url": "https://github.com/Azure/azure-sdk-for-js/issues" + }, + "files": [ + "dist/**/*.js", + "dist/**/*.js.map", + "dist/**/*.d.ts", + "dist/**/*.d.ts.map", + "esm/**/*.js", + "esm/**/*.js.map", + "esm/**/*.d.ts", + "esm/**/*.d.ts.map", + "src/**/*.ts", + "README.md", + "rollup.config.js", + "tsconfig.json" + ], + "scripts": { + "build": "tsc && rollup -c rollup.config.js && npm run minify", + "minify": "uglifyjs -c -m --comments --source-map \"content='./dist/arm-securityinsight.js.map'\" -o ./dist/arm-securityinsight.min.js ./dist/arm-securityinsight.js", + "prepack": "npm install && npm run build" + }, + "sideEffects": false, + "autoPublish": true +} diff --git a/sdk/securityinsight/arm-securityinsight/rollup.config.js b/sdk/securityinsight/arm-securityinsight/rollup.config.js new file mode 100644 index 000000000000..276048058dba --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/rollup.config.js @@ -0,0 +1,37 @@ +import rollup from "rollup"; +import nodeResolve from "rollup-plugin-node-resolve"; +import sourcemaps from "rollup-plugin-sourcemaps"; + +/** + * @type {rollup.RollupFileOptions} + */ +const config = { + input: "./esm/securityInsights.js", + external: [ + "@azure/ms-rest-js", + "@azure/ms-rest-azure-js" + ], + output: { + file: "./dist/arm-securityinsight.js", + format: "umd", + name: "Azure.ArmSecurityinsight", + sourcemap: true, + globals: { + "@azure/ms-rest-js": "msRest", + "@azure/ms-rest-azure-js": "msRestAzure" + }, + banner: `/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */` + }, + plugins: [ + nodeResolve({ mainFields: ['module', 'main'] }), + sourcemaps() + ] +}; + +export default config; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/actionsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/actionsMappers.ts new file mode 100644 index 000000000000..824aff8bfaf1 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/actionsMappers.ts @@ -0,0 +1,49 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + ActionRequest, + ActionResponse, + ActionsList, + AlertDetailsOverride, + AlertRule, + AlertRuleTemplate, + AlertRuleTemplateDataSource, + AzureEntityResource, + BaseResource, + ClientInfo, + EntityMapping, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + EventGroupingSettings, + FieldMapping, + FusionAlertRule, + FusionAlertRuleTemplate, + GroupingConfiguration, + Incident, + IncidentAdditionalData, + IncidentComment, + IncidentConfiguration, + IncidentLabel, + IncidentOwnerInfo, + MicrosoftSecurityIncidentCreationAlertRule, + MicrosoftSecurityIncidentCreationAlertRuleTemplate, + ProxyResource, + Relation, + Resource, + ResourceWithEtag, + ScheduledAlertRule, + ScheduledAlertRuleTemplate, + SystemData, + TrackedResource, + UserInfo, + Watchlist, + WatchlistItem +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/alertRuleTemplatesMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/alertRuleTemplatesMappers.ts new file mode 100644 index 000000000000..54999231696d --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/alertRuleTemplatesMappers.ts @@ -0,0 +1,49 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + ActionRequest, + ActionResponse, + AlertDetailsOverride, + AlertRule, + AlertRuleTemplate, + AlertRuleTemplateDataSource, + AlertRuleTemplatesList, + AzureEntityResource, + BaseResource, + ClientInfo, + EntityMapping, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + EventGroupingSettings, + FieldMapping, + FusionAlertRule, + FusionAlertRuleTemplate, + GroupingConfiguration, + Incident, + IncidentAdditionalData, + IncidentComment, + IncidentConfiguration, + IncidentLabel, + IncidentOwnerInfo, + MicrosoftSecurityIncidentCreationAlertRule, + MicrosoftSecurityIncidentCreationAlertRuleTemplate, + ProxyResource, + Relation, + Resource, + ResourceWithEtag, + ScheduledAlertRule, + ScheduledAlertRuleTemplate, + SystemData, + TrackedResource, + UserInfo, + Watchlist, + WatchlistItem +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/alertRulesMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/alertRulesMappers.ts new file mode 100644 index 000000000000..c02a0610f322 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/alertRulesMappers.ts @@ -0,0 +1,49 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + ActionRequest, + ActionResponse, + AlertDetailsOverride, + AlertRule, + AlertRulesList, + AlertRuleTemplate, + AlertRuleTemplateDataSource, + AzureEntityResource, + BaseResource, + ClientInfo, + EntityMapping, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + EventGroupingSettings, + FieldMapping, + FusionAlertRule, + FusionAlertRuleTemplate, + GroupingConfiguration, + Incident, + IncidentAdditionalData, + IncidentComment, + IncidentConfiguration, + IncidentLabel, + IncidentOwnerInfo, + MicrosoftSecurityIncidentCreationAlertRule, + MicrosoftSecurityIncidentCreationAlertRuleTemplate, + ProxyResource, + Relation, + Resource, + ResourceWithEtag, + ScheduledAlertRule, + ScheduledAlertRuleTemplate, + SystemData, + TrackedResource, + UserInfo, + Watchlist, + WatchlistItem +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/incidentCommentsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/incidentCommentsMappers.ts new file mode 100644 index 000000000000..9b3a38491111 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/incidentCommentsMappers.ts @@ -0,0 +1,49 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + ActionRequest, + ActionResponse, + AlertDetailsOverride, + AlertRule, + AlertRuleTemplate, + AlertRuleTemplateDataSource, + AzureEntityResource, + BaseResource, + ClientInfo, + EntityMapping, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + EventGroupingSettings, + FieldMapping, + FusionAlertRule, + FusionAlertRuleTemplate, + GroupingConfiguration, + Incident, + IncidentAdditionalData, + IncidentComment, + IncidentCommentList, + IncidentConfiguration, + IncidentLabel, + IncidentOwnerInfo, + MicrosoftSecurityIncidentCreationAlertRule, + MicrosoftSecurityIncidentCreationAlertRuleTemplate, + ProxyResource, + Relation, + Resource, + ResourceWithEtag, + ScheduledAlertRule, + ScheduledAlertRuleTemplate, + SystemData, + TrackedResource, + UserInfo, + Watchlist, + WatchlistItem +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/incidentRelationsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/incidentRelationsMappers.ts new file mode 100644 index 000000000000..cd4ea15f752b --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/incidentRelationsMappers.ts @@ -0,0 +1,49 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + ActionRequest, + ActionResponse, + AlertDetailsOverride, + AlertRule, + AlertRuleTemplate, + AlertRuleTemplateDataSource, + AzureEntityResource, + BaseResource, + ClientInfo, + EntityMapping, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + EventGroupingSettings, + FieldMapping, + FusionAlertRule, + FusionAlertRuleTemplate, + GroupingConfiguration, + Incident, + IncidentAdditionalData, + IncidentComment, + IncidentConfiguration, + IncidentLabel, + IncidentOwnerInfo, + MicrosoftSecurityIncidentCreationAlertRule, + MicrosoftSecurityIncidentCreationAlertRuleTemplate, + ProxyResource, + Relation, + RelationList, + Resource, + ResourceWithEtag, + ScheduledAlertRule, + ScheduledAlertRuleTemplate, + SystemData, + TrackedResource, + UserInfo, + Watchlist, + WatchlistItem +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/incidentsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/incidentsMappers.ts new file mode 100644 index 000000000000..4d5e2b87e9a9 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/incidentsMappers.ts @@ -0,0 +1,79 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + AccountEntity, + ActionRequest, + ActionResponse, + AlertDetailsOverride, + AlertRule, + AlertRuleTemplate, + AlertRuleTemplateDataSource, + AzureEntityResource, + AzureResourceEntity, + BaseResource, + ClientInfo, + CloudApplicationEntity, + DnsEntity, + Entity, + EntityMapping, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + EventGroupingSettings, + FieldMapping, + FileEntity, + FileHashEntity, + FusionAlertRule, + FusionAlertRuleTemplate, + GeoLocation, + GroupingConfiguration, + HostEntity, + HuntingBookmark, + Incident, + IncidentAdditionalData, + IncidentAlertList, + IncidentBookmarkList, + IncidentComment, + IncidentConfiguration, + IncidentEntitiesResponse, + IncidentEntitiesResultsMetadata, + IncidentInfo, + IncidentLabel, + IncidentList, + IncidentOwnerInfo, + IoTDeviceEntity, + IpEntity, + MailboxEntity, + MailClusterEntity, + MailMessageEntity, + MalwareEntity, + MicrosoftSecurityIncidentCreationAlertRule, + MicrosoftSecurityIncidentCreationAlertRuleTemplate, + ProcessEntity, + ProxyResource, + RegistryKeyEntity, + RegistryValueEntity, + Relation, + Resource, + ResourceWithEtag, + ScheduledAlertRule, + ScheduledAlertRuleTemplate, + SecurityAlert, + SecurityAlertPropertiesConfidenceReasonsItem, + SecurityGroupEntity, + SubmissionMailEntity, + SystemData, + ThreatIntelligence, + TrackedResource, + UrlEntity, + UserInfo, + Watchlist, + WatchlistItem +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/index.ts b/sdk/securityinsight/arm-securityinsight/src/models/index.ts new file mode 100644 index 000000000000..ea99da6e6977 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/index.ts @@ -0,0 +1,5516 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { BaseResource, CloudError, AzureServiceClientOptions } from "@azure/ms-rest-azure-js"; +import * as msRest from "@azure/ms-rest-js"; + +export { BaseResource, CloudError }; + +/** + * Contains the possible cases for Entity. + */ +export type EntityUnion = Entity | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | HuntingBookmark | SecurityAlert | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity; + +/** + * Specific entity. + */ +export interface Entity { + /** + * Polymorphic Discriminator + */ + kind: "Entity"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; +} + +/** + * Represents an account entity. + */ +export interface AccountEntity { + /** + * Polymorphic Discriminator + */ + kind: "Account"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The Azure Active Directory tenant id. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly aadTenantId?: string; + /** + * The Azure Active Directory user id. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly aadUserId?: string; + /** + * The name of the account. This field should hold only the name without any domain added to it, + * i.e. administrator. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly accountName?: string; + /** + * The display name of the account. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly displayName?: string; + /** + * The Host entity id that contains the account in case it is a local account (not domain joined) + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly hostEntityId?: string; + /** + * Determines whether this is a domain account. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly isDomainJoined?: boolean; + /** + * The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT + * AUTHORITY. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly ntDomain?: string; + /** + * The objectGUID attribute is a single-value attribute that is the unique identifier for the + * object, assigned by active directory. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly objectGuid?: string; + /** + * The Azure Active Directory Passport User ID. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly puid?: string; + /** + * The account security identifier, e.g. S-1-5-18. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly sid?: string; + /** + * The user principal name suffix for the account, in some cases it is also the domain name. + * Examples: contoso.com. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly upnSuffix?: string; + /** + * The fully qualified domain DNS name. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly dnsDomain?: string; +} + +/** + * Represents an azure resource entity. + */ +export interface AzureResourceEntity { + /** + * Polymorphic Discriminator + */ + kind: "AzureResource"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The azure resource id of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly resourceId?: string; + /** + * The subscription id of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly subscriptionId?: string; +} + +/** + * Information on the client (user or application) that made some action + */ +export interface ClientInfo { + /** + * The email of the client. + */ + email?: string; + /** + * The name of the client. + */ + name?: string; + /** + * The object id of the client. + */ + objectId?: string; + /** + * The user principal name of the client. + */ + userPrincipalName?: string; +} + +/** + * Represents a cloud application entity. + */ +export interface CloudApplicationEntity { + /** + * Polymorphic Discriminator + */ + kind: "CloudApplication"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The technical identifier of the application. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly appId?: number; + /** + * The name of the related cloud application. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly appName?: string; + /** + * The user defined instance name of the cloud application. It is often used to distinguish + * between several applications of the same type that a customer has. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly instanceName?: string; +} + +/** + * Represents a dns entity. + */ +export interface DnsEntity { + /** + * Polymorphic Discriminator + */ + kind: "DnsResolution"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * An ip entity id for the dns server resolving the request + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly dnsServerIpEntityId?: string; + /** + * The name of the dns record associated with the alert + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly domainName?: string; + /** + * An ip entity id for the dns request client + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly hostIpAddressEntityId?: string; + /** + * Ip entity identifiers for the resolved ip address. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly ipAddressEntityIds?: string[]; +} + +/** + * Metadata pertaining to creation and last modification of the resource. + */ +export interface SystemData { + /** + * The identity that created the resource. + */ + createdBy?: string; + /** + * The type of identity that created the resource. Possible values include: 'User', + * 'Application', 'ManagedIdentity', 'Key' + */ + createdByType?: CreatedByType; + /** + * The timestamp of resource creation (UTC). + */ + createdAt?: Date; + /** + * The identity that last modified the resource. + */ + lastModifiedBy?: string; + /** + * The type of identity that last modified the resource. Possible values include: 'User', + * 'Application', 'ManagedIdentity', 'Key' + */ + lastModifiedByType?: CreatedByType; + /** + * The timestamp of resource last modification (UTC) + */ + lastModifiedAt?: Date; +} + +/** + * Entity common property bag. + */ +export interface EntityCommonProperties { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; +} + +/** + * The edge that connects the entity to the other entity. + */ +export interface EntityEdges { + /** + * The target entity Id. + */ + targetEntityId?: string; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + */ + additionalData?: { [propertyName: string]: any }; +} + +/** + * Describes an entity with kind. + */ +export interface EntityKind { + /** + * The kind of the entity. Possible values include: 'Account', 'Host', 'File', 'AzureResource', + * 'CloudApplication', 'DnsResolution', 'FileHash', 'Ip', 'Malware', 'Process', 'RegistryKey', + * 'RegistryValue', 'SecurityGroup', 'Url', 'IoTDevice', 'SecurityAlert', 'Bookmark', + * 'MailCluster', 'MailMessage', 'Mailbox', 'SubmissionMail' + */ + kind: EntityKindEnum; +} + +/** + * Represents a file entity. + */ +export interface FileEntity { + /** + * Polymorphic Discriminator + */ + kind: "File"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The full path to the file. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly directory?: string; + /** + * The file hash entity identifiers associated with this file + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly fileHashEntityIds?: string[]; + /** + * The file name without path (some alerts might not include path). + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly fileName?: string; + /** + * The Host entity id which the file belongs to + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly hostEntityId?: string; +} + +/** + * Represents a file hash entity. + */ +export interface FileHashEntity { + /** + * Polymorphic Discriminator + */ + kind: "FileHash"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', + * 'SHA256AC' + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly algorithm?: FileHashAlgorithm; + /** + * The file hash value. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly hashValue?: string; +} + +/** + * The geo-location context attached to the ip entity + */ +export interface GeoLocation { + /** + * Autonomous System Number + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly asn?: number; + /** + * City name + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly city?: string; + /** + * The country code according to ISO 3166 format + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly countryCode?: string; + /** + * Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly countryName?: string; + /** + * The longitude of the identified location, expressed as a floating point number with range of + * -180 to 180, with positive numbers representing East and negative numbers representing West. + * Latitude and longitude are derived from the city or postal code. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly latitude?: number; + /** + * The latitude of the identified location, expressed as a floating point number with range of - + * 90 to 90, with positive numbers representing North and negative numbers representing South. + * Latitude and longitude are derived from the city or postal code. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly longitude?: number; + /** + * State name + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly state?: string; +} + +/** + * Represents a host entity. + */ +export interface HostEntity { + /** + * Polymorphic Discriminator + */ + kind: "Host"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The azure resource id of the VM. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly azureID?: string; + /** + * The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly dnsDomain?: string; + /** + * The hostname without the domain suffix. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly hostName?: string; + /** + * Determines whether this host belongs to a domain. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly isDomainJoined?: boolean; + /** + * The host name (pre-windows2000). + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly netBiosName?: string; + /** + * The NT domain that this host belongs to. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly ntDomain?: string; + /** + * The OMS agent id, if the host has OMS agent installed. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly omsAgentID?: string; + /** + * The operating system type. Possible values include: 'Linux', 'Windows', 'Android', 'IOS', + * 'Unknown' + */ + osFamily?: OSFamily; + /** + * A free text representation of the operating system. This field is meant to hold specific + * versions the are more fine grained than OSFamily or future values not supported by OSFamily + * enumeration + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly osVersion?: string; +} + +/** + * User information that made some action + */ +export interface UserInfo { + /** + * The email of the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly email?: string; + /** + * The name of the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The object id of the user. + */ + objectId?: string; +} + +/** + * Describes related incident information for the bookmark + */ +export interface IncidentInfo { + /** + * Incident Id + */ + incidentId?: string; + /** + * The severity of the incident. Possible values include: 'Critical', 'High', 'Medium', 'Low', + * 'Informational' + */ + severity?: CaseSeverity; + /** + * The title of the incident + */ + title?: string; + /** + * Relation Name + */ + relationName?: string; +} + +/** + * Represents a Hunting bookmark entity. + */ +export interface HuntingBookmark { + /** + * Polymorphic Discriminator + */ + kind: "Bookmark"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The time the bookmark was created + */ + created?: Date; + /** + * Describes a user that created the bookmark + */ + createdBy?: UserInfo; + /** + * The display name of the bookmark + */ + displayName: string; + /** + * The time of the event + */ + eventTime?: Date; + /** + * List of labels relevant to this bookmark + */ + labels?: string[]; + /** + * The notes of the bookmark + */ + notes?: string; + /** + * The query of the bookmark. + */ + query: string; + /** + * The query result of the bookmark. + */ + queryResult?: string; + /** + * The last time the bookmark was updated + */ + updated?: Date; + /** + * Describes a user that updated the bookmark + */ + updatedBy?: UserInfo; + /** + * Describes an incident that relates to bookmark + */ + incidentInfo?: IncidentInfo; +} + +/** + * Incident additional data property bag. + */ +export interface IncidentAdditionalData { + /** + * The number of alerts in the incident + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly alertsCount?: number; + /** + * The number of bookmarks in the incident + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly bookmarksCount?: number; + /** + * The number of comments in the incident + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly commentsCount?: number; + /** + * List of product names of alerts in the incident + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly alertProductNames?: string[]; + /** + * The tactics associated with incident + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly tactics?: AttackTactic[]; +} + +/** + * Represents an incident label + */ +export interface IncidentLabel { + /** + * The name of the label + */ + labelName: string; + /** + * The type of the label. Possible values include: 'User', 'System' + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly labelType?: IncidentLabelType; +} + +/** + * Information on the user an incident is assigned to + */ +export interface IncidentOwnerInfo { + /** + * The email of the user the incident is assigned to. + */ + email?: string; + /** + * The name of the user the incident is assigned to. + */ + assignedTo?: string; + /** + * The object id of the user the incident is assigned to. + */ + objectId?: string; + /** + * The user principal name of the user the incident is assigned to. + */ + userPrincipalName?: string; +} + +/** + * Common fields that are returned in the response for all Azure Resource Manager resources + * @summary Resource + */ +export interface Resource extends BaseResource { + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; +} + +/** + * An azure resource object with an Etag property + */ +export interface ResourceWithEtag extends Resource { + /** + * Etag of the azure resource + */ + etag?: string; +} + +/** + * Represents an incident in Azure Security Insights. + */ +export interface Incident extends ResourceWithEtag { + /** + * Additional data on the incident + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: IncidentAdditionalData; + /** + * The reason the incident was closed. Possible values include: 'Undetermined', 'TruePositive', + * 'BenignPositive', 'FalsePositive' + */ + classification?: IncidentClassification; + /** + * Describes the reason the incident was closed + */ + classificationComment?: string; + /** + * The classification reason the incident was closed with. Possible values include: + * 'SuspiciousActivity', 'SuspiciousButExpected', 'IncorrectAlertLogic', 'InaccurateData' + */ + classificationReason?: IncidentClassificationReason; + /** + * The time the incident was created + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly createdTimeUtc?: Date; + /** + * The description of the incident + */ + description?: string; + /** + * The time of the first activity in the incident + */ + firstActivityTimeUtc?: Date; + /** + * The deep-link url to the incident in Azure portal + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly incidentUrl?: string; + /** + * A sequential number + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly incidentNumber?: number; + /** + * List of labels relevant to this incident + */ + labels?: IncidentLabel[]; + /** + * The time of the last activity in the incident + */ + lastActivityTimeUtc?: Date; + /** + * The last time the incident was updated + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly lastModifiedTimeUtc?: Date; + /** + * Describes a user that the incident is assigned to + */ + owner?: IncidentOwnerInfo; + /** + * List of resource ids of Analytic rules related to the incident + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly relatedAnalyticRuleIds?: string[]; + /** + * The severity of the incident. Possible values include: 'High', 'Medium', 'Low', + * 'Informational' + */ + severity: IncidentSeverity; + /** + * The status of the incident. Possible values include: 'New', 'Active', 'Closed' + */ + status: IncidentStatus; + /** + * The title of the incident + */ + title: string; +} + +/** + * confidence reason item + */ +export interface SecurityAlertPropertiesConfidenceReasonsItem { + /** + * The reason's description + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly reason?: string; + /** + * The type (category) of the reason + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly reasonType?: string; +} + +/** + * Represents a security alert entity. + */ +export interface SecurityAlert { + /** + * Polymorphic Discriminator + */ + kind: "SecurityAlert"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The display name of the alert. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly alertDisplayName?: string; + /** + * The type name of the alert. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly alertType?: string; + /** + * Display name of the main entity being reported on. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly compromisedEntity?: string; + /** + * The confidence level of this alert. Possible values include: 'Unknown', 'Low', 'High' + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly confidenceLevel?: ConfidenceLevel; + /** + * The confidence reasons + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[]; + /** + * The confidence score of the alert. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly confidenceScore?: number; + /** + * The confidence score calculation status, i.e. indicating if score calculation is pending for + * this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', + * 'NotFinal', 'Final' + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly confidenceScoreStatus?: ConfidenceScoreStatus; + /** + * Alert description. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly description?: string; + /** + * The impact end time of the alert (the time of the last event contributing to the alert). + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly endTimeUtc?: Date; + /** + * Holds the alert intent stage(s) mapping for this alert. Possible values include: 'Unknown', + * 'Probing', 'Exploitation', 'Persistence', 'PrivilegeEscalation', 'DefenseEvasion', + * 'CredentialAccess', 'Discovery', 'LateralMovement', 'Execution', 'Collection', 'Exfiltration', + * 'CommandAndControl', 'Impact' + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly intent?: KillChainIntent; + /** + * The identifier of the alert inside the product which generated the alert. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly providerAlertId?: string; + /** + * The time the alert was made available for consumption. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly processingEndTime?: Date; + /** + * The name of a component inside the product which generated the alert. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly productComponentName?: string; + /** + * The name of the product which published this alert. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly productName?: string; + /** + * The version of the product generating the alert. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly productVersion?: string; + /** + * Manual action items to take to remediate the alert. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly remediationSteps?: string[]; + /** + * The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational' + */ + severity?: AlertSeverity; + /** + * The impact start time of the alert (the time of the first event contributing to the alert). + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly startTimeUtc?: Date; + /** + * The lifecycle status of the alert. Possible values include: 'Unknown', 'New', 'Resolved', + * 'Dismissed', 'InProgress' + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly status?: AlertStatus; + /** + * Holds the product identifier of the alert for the product. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemAlertId?: string; + /** + * The tactics of the alert + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly tactics?: AttackTactic[]; + /** + * The time the alert was generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly timeGenerated?: Date; + /** + * The name of the vendor that raise the alert. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly vendorName?: string; + /** + * The uri link of the alert. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly alertLink?: string; + /** + * The list of resource identifiers of the alert. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly resourceIdentifiers?: any[]; +} + +/** + * List of incident alerts. + */ +export interface IncidentAlertList { + /** + * Array of incident alerts. + */ + value: SecurityAlert[]; +} + +/** + * List of incident bookmarks. + */ +export interface IncidentBookmarkList { + /** + * Array of incident bookmarks. + */ + value: HuntingBookmark[]; +} + +/** + * Represents an incident comment + */ +export interface IncidentComment extends ResourceWithEtag { + /** + * The time the comment was created + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly createdTimeUtc?: Date; + /** + * The time the comment was updated + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly lastModifiedTimeUtc?: Date; + /** + * The comment message + */ + message: string; + /** + * Describes the client that created the comment + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly author?: ClientInfo; +} + +/** + * Information of a specific aggregation in the incident related entities result. + */ +export interface IncidentEntitiesResultsMetadata { + /** + * Total number of aggregations of the given kind in the incident related entities result. + */ + count: number; + /** + * The kind of the aggregated entity. Possible values include: 'Account', 'Host', 'File', + * 'AzureResource', 'CloudApplication', 'DnsResolution', 'FileHash', 'Ip', 'Malware', 'Process', + * 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'Url', 'IoTDevice', 'SecurityAlert', + * 'Bookmark', 'MailCluster', 'MailMessage', 'Mailbox', 'SubmissionMail' + */ + entityKind: EntityKindEnum; +} + +/** + * The incident related entities response. + */ +export interface IncidentEntitiesResponse { + /** + * Array of the incident related entities. + */ + entities?: EntityUnion[]; + /** + * The metadata from the incident related entities results. + */ + metaData?: IncidentEntitiesResultsMetadata[]; +} + +/** + * ThreatIntelligence property bag. + */ +export interface ThreatIntelligence { + /** + * Confidence (must be between 0 and 1) + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly confidence?: number; + /** + * Name of the provider from whom this Threat Intelligence information was received + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly providerName?: string; + /** + * Report link + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly reportLink?: string; + /** + * Threat description (free text) + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly threatDescription?: string; + /** + * Threat name (e.g. "Jedobot malware") + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly threatName?: string; + /** + * Threat type (e.g. "Botnet") + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly threatType?: string; +} + +/** + * Represents an IoT device entity. + */ +export interface IoTDeviceEntity { + /** + * Polymorphic Discriminator + */ + kind: "IoTDevice"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The ID of the IoT Device in the IoT Hub + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly deviceId?: string; + /** + * The friendly name of the device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly deviceName?: string; + /** + * The source of the device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly source?: string; + /** + * The ID of the security agent running on the device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly iotSecurityAgentId?: string; + /** + * The type of the device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly deviceType?: string; + /** + * The vendor of the device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly vendor?: string; + /** + * The ID of the edge device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly edgeId?: string; + /** + * The MAC address of the device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly macAddress?: string; + /** + * The model of the device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly model?: string; + /** + * The serial number of the device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly serialNumber?: string; + /** + * The firmware version of the device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly firmwareVersion?: string; + /** + * The operating system of the device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly operatingSystem?: string; + /** + * The AzureResource entity id of the IoT Hub + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly iotHubEntityId?: string; + /** + * The Host entity id of this device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly hostEntityId?: string; + /** + * The IP entity if of this device + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly ipAddressEntityId?: string; + /** + * A list of TI contexts attached to the IoTDevice entity. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly threatIntelligence?: ThreatIntelligence[]; + /** + * A list of protocols of the IoTDevice entity. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly protocols?: string[]; +} + +/** + * Represents an ip entity. + */ +export interface IpEntity { + /** + * Polymorphic Discriminator + */ + kind: "Ip"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly address?: string; + /** + * The geo-location context attached to the ip entity + */ + location?: GeoLocation; + /** + * A list of TI contexts attached to the ip entity. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly threatIntelligence?: ThreatIntelligence[]; +} + +/** + * Represents a mailbox entity. + */ +export interface MailboxEntity { + /** + * Polymorphic Discriminator + */ + kind: "Mailbox"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The mailbox's primary address + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly mailboxPrimaryAddress?: string; + /** + * The mailbox's display name + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly displayName?: string; + /** + * The mailbox's UPN + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly upn?: string; + /** + * The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is + * specific to mailbox object on office side + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly externalDirectoryObjectId?: string; +} + +/** + * Represents a mail cluster entity. + */ +export interface MailClusterEntity { + /** + * Polymorphic Discriminator + */ + kind: "MailCluster"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The mail message IDs that are part of the mail cluster + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly networkMessageIds?: string[]; + /** + * Count of mail messages by DeliveryStatus string representation + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly countByDeliveryStatus?: any; + /** + * Count of mail messages by ThreatType string representation + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly countByThreatType?: any; + /** + * Count of mail messages by ProtectionStatus string representation + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly countByProtectionStatus?: any; + /** + * The threats of mail messages that are part of the mail cluster + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly threats?: string[]; + /** + * The query that was used to identify the messages of the mail cluster + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly query?: string; + /** + * The query time + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly queryTime?: Date; + /** + * The number of mail messages that are part of the mail cluster + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly mailCount?: number; + /** + * Is this a volume anomaly mail cluster + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly isVolumeAnomaly?: boolean; + /** + * The source of the mail cluster (default is 'O365 ATP') + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly source?: string; + /** + * The id of the cluster source + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly clusterSourceIdentifier?: string; + /** + * The type of the cluster source + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly clusterSourceType?: string; + /** + * The cluster query start time + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly clusterQueryStartTime?: Date; + /** + * The cluster query end time + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly clusterQueryEndTime?: Date; + /** + * The cluster group + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly clusterGroup?: string; +} + +/** + * Represents a mail message entity. + */ +export interface MailMessageEntity { + /** + * Polymorphic Discriminator + */ + kind: "MailMessage"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The File entity ids of this mail message's attachments + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly fileEntityIds?: string[]; + /** + * The recipient of this mail message. Note that in case of multiple recipients the mail message + * is forked and each copy has one recipient + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly recipient?: string; + /** + * The Urls contained in this mail message + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly urls?: string[]; + /** + * The threats of this mail message + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly threats?: string[]; + /** + * The p1 sender's email address + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly p1Sender?: string; + /** + * The p1 sender's display name + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly p1SenderDisplayName?: string; + /** + * The p1 sender's domain + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly p1SenderDomain?: string; + /** + * The sender's IP address + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly senderIP?: string; + /** + * The p2 sender's email address + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly p2Sender?: string; + /** + * The p2 sender's display name + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly p2SenderDisplayName?: string; + /** + * The p2 sender's domain + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly p2SenderDomain?: string; + /** + * The receive date of this message + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly receiveDate?: Date; + /** + * The network message id of this mail message + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly networkMessageId?: string; + /** + * The internet message id of this mail message + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly internetMessageId?: string; + /** + * The subject of this mail message + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly subject?: string; + /** + * The language of this mail message + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly language?: string; + /** + * The threat detection methods + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly threatDetectionMethods?: string[]; + /** + * The bodyFingerprintBin1 + */ + bodyFingerprintBin1?: number; + /** + * The bodyFingerprintBin2 + */ + bodyFingerprintBin2?: number; + /** + * The bodyFingerprintBin3 + */ + bodyFingerprintBin3?: number; + /** + * The bodyFingerprintBin4 + */ + bodyFingerprintBin4?: number; + /** + * The bodyFingerprintBin5 + */ + bodyFingerprintBin5?: number; + /** + * The directionality of this mail message. Possible values include: 'Unknown', 'Inbound', + * 'Outbound', 'Intraorg' + */ + antispamDirection?: AntispamMailDirection; + /** + * The delivery action of this mail message like Delivered, Blocked, Replaced etc. Possible + * values include: 'Unknown', 'DeliveredAsSpam', 'Delivered', 'Blocked', 'Replaced' + */ + deliveryAction?: DeliveryAction; + /** + * The delivery location of this mail message like Inbox, JunkFolder etc. Possible values + * include: 'Unknown', 'Inbox', 'JunkFolder', 'DeletedFolder', 'Quarantine', 'External', + * 'Failed', 'Dropped', 'Forwarded' + */ + deliveryLocation?: DeliveryLocation; +} + +/** + * Represents a malware entity. + */ +export interface MalwareEntity { + /** + * Polymorphic Discriminator + */ + kind: "Malware"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The malware category by the vendor, e.g. Trojan + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly category?: string; + /** + * List of linked file entity identifiers on which the malware was found + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly fileEntityIds?: string[]; + /** + * The malware name by the vendor, e.g. Win32/Toga!rfn + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly malwareName?: string; + /** + * List of linked process entity identifiers on which the malware was found. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly processEntityIds?: string[]; +} + +/** + * Represents a process entity. + */ +export interface ProcessEntity { + /** + * Polymorphic Discriminator + */ + kind: "Process"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The account entity id running the processes. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly accountEntityId?: string; + /** + * The command line used to create the process + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly commandLine?: string; + /** + * The time when the process started to run + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly creationTimeUtc?: Date; + /** + * The elevation token associated with the process. Possible values include: 'Default', 'Full', + * 'Limited' + */ + elevationToken?: ElevationToken; + /** + * The host entity id on which the process was running + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly hostEntityId?: string; + /** + * The session entity id in which the process was running + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly hostLogonSessionEntityId?: string; + /** + * Image file entity id + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly imageFileEntityId?: string; + /** + * The parent process entity id. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly parentProcessEntityId?: string; + /** + * The process ID + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly processId?: string; +} + +/** + * Represents a registry key entity. + */ +export interface RegistryKeyEntity { + /** + * Polymorphic Discriminator + */ + kind: "RegistryKey"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * the hive that holds the registry key. Possible values include: 'HKEY_LOCAL_MACHINE', + * 'HKEY_CLASSES_ROOT', 'HKEY_CURRENT_CONFIG', 'HKEY_USERS', 'HKEY_CURRENT_USER_LOCAL_SETTINGS', + * 'HKEY_PERFORMANCE_DATA', 'HKEY_PERFORMANCE_NLSTEXT', 'HKEY_PERFORMANCE_TEXT', 'HKEY_A', + * 'HKEY_CURRENT_USER' + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly hive?: RegistryHive; + /** + * The registry key path. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly key?: string; +} + +/** + * Represents a registry value entity. + */ +export interface RegistryValueEntity { + /** + * Polymorphic Discriminator + */ + kind: "RegistryValue"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The registry key entity id. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly keyEntityId?: string; + /** + * String formatted representation of the value data. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly valueData?: string; + /** + * The registry value name. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly valueName?: string; + /** + * Specifies the data types to use when storing values in the registry, or identifies the data + * type of a value in the registry. Possible values include: 'None', 'Unknown', 'String', + * 'ExpandString', 'Binary', 'DWord', 'MultiString', 'QWord' + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly valueType?: RegistryValueKind; +} + +/** + * Represents a relation between two resources + */ +export interface Relation extends ResourceWithEtag { + /** + * The resource ID of the related resource + */ + relatedResourceId: string; + /** + * The name of the related resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly relatedResourceName?: string; + /** + * The resource type of the related resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly relatedResourceType?: string; + /** + * The resource kind of the related resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly relatedResourceKind?: string; +} + +/** + * Represents a security group entity. + */ +export interface SecurityGroupEntity { + /** + * Polymorphic Discriminator + */ + kind: "SecurityGroup"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The group distinguished name + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly distinguishedName?: string; + /** + * A single-value attribute that is the unique identifier for the object, assigned by active + * directory. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly objectGuid?: string; + /** + * The SID attribute is a single-value attribute that specifies the security identifier (SID) of + * the group + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly sid?: string; +} + +/** + * Represents a submission mail entity. + */ +export interface SubmissionMailEntity { + /** + * Polymorphic Discriminator + */ + kind: "SubmissionMail"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * The network message id of email to which submission belongs + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly networkMessageId?: string; + /** + * The submission id + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly submissionId?: string; + /** + * The submitter + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly submitter?: string; + /** + * The submission date + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly submissionDate?: Date; + /** + * The Time stamp when the message is received (Mail) + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly timestamp?: Date; + /** + * The recipient of the mail + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly recipient?: string; + /** + * The sender of the mail + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly sender?: string; + /** + * The sender's IP + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly senderIp?: string; + /** + * The subject of submission mail + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly subject?: string; + /** + * The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly reportType?: string; +} + +/** + * Represents a url entity. + */ +export interface UrlEntity { + /** + * Polymorphic Discriminator + */ + kind: "Url"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * A full URL the entity points to + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly url?: string; +} + +/** + * The resource model definition for a Azure Resource Manager proxy resource. It will not have tags + * and a location + * @summary Proxy Resource + */ +export interface ProxyResource extends Resource { +} + +/** + * The resource model definition for an Azure Resource Manager tracked top level resource which has + * 'tags' and a 'location' + * @summary Tracked Resource + */ +export interface TrackedResource extends Resource { + /** + * Resource tags. + */ + tags?: { [propertyName: string]: string }; + /** + * The geo-location where the resource lives + */ + location: string; +} + +/** + * The resource model definition for an Azure Resource Manager resource with an etag. + * @summary Entity Resource + */ +export interface AzureEntityResource extends Resource { + /** + * Resource Etag. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly etag?: string; +} + +/** + * The resource management error additional info. + */ +export interface ErrorAdditionalInfo { + /** + * The additional info type. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * The additional info. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly info?: any; +} + +/** + * The error detail. + */ +export interface ErrorDetail { + /** + * The error code. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly code?: string; + /** + * The error message. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly message?: string; + /** + * The error target. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly target?: string; + /** + * The error details. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly details?: ErrorDetail[]; + /** + * The error additional info. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalInfo?: ErrorAdditionalInfo[]; +} + +/** + * Common error response for all Azure Resource Manager APIs to return error details for failed + * operations. (This also follows the OData error response format.). + * @summary Error response + */ +export interface ErrorResponse { + /** + * The error object. + */ + error?: ErrorDetail; +} + +/** + * Contains the possible cases for ThreatIntelligenceInformation. + */ +export type ThreatIntelligenceInformationUnion = ThreatIntelligenceInformation | ThreatIntelligenceIndicatorModel; + +/** + * Threat intelligence information object. + */ +export interface ThreatIntelligenceInformation { + /** + * Polymorphic Discriminator + */ + kind: "ThreatIntelligenceInformation"; + /** + * Etag of the azure resource + */ + etag?: string; +} + +/** + * Describes threat kill chain phase entity + */ +export interface ThreatIntelligenceKillChainPhase { + /** + * Kill chainName name + */ + killChainName?: string; + /** + * Phase name + */ + phaseName?: string; +} + +/** + * Describes threat kill chain phase entity + */ +export interface ThreatIntelligenceParsedPatternTypeValue { + /** + * Type of the value + */ + valueType?: string; + /** + * Value of parsed pattern + */ + value?: string; +} + +/** + * Describes parsed pattern entity + */ +export interface ThreatIntelligenceParsedPattern { + /** + * Pattern type key + */ + patternTypeKey?: string; + /** + * Pattern type keys + */ + patternTypeValues?: ThreatIntelligenceParsedPatternTypeValue[]; +} + +/** + * Describes external reference + */ +export interface ThreatIntelligenceExternalReference { + /** + * External reference description + */ + description?: string; + /** + * External reference ID + */ + externalId?: string; + /** + * External reference source name + */ + sourceName?: string; + /** + * External reference URL + */ + url?: string; + /** + * External reference hashes + */ + hashes?: { [propertyName: string]: string }; +} + +/** + * Describes threat granular marking model entity + */ +export interface ThreatIntelligenceGranularMarkingModel { + /** + * Language granular marking model + */ + language?: string; + /** + * marking reference granular marking model + */ + markingRef?: number; + /** + * granular marking model selectors + */ + selectors?: string[]; +} + +/** + * Threat intelligence indicator entity. + */ +export interface ThreatIntelligenceIndicatorModel { + /** + * Polymorphic Discriminator + */ + kind: "indicator"; + /** + * Etag of the azure resource + */ + etag?: string; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * List of tags + */ + threatIntelligenceTags?: string[]; + /** + * Last updated time in UTC + */ + lastUpdatedTimeUtc?: string; + /** + * Source of a threat intelligence entity + */ + source?: string; + /** + * Display name of a threat intelligence entity + */ + displayName?: string; + /** + * Description of a threat intelligence entity + */ + description?: string; + /** + * Indicator types of threat intelligence entities + */ + indicatorTypes?: string[]; + /** + * Pattern of a threat intelligence entity + */ + pattern?: string; + /** + * Pattern type of a threat intelligence entity + */ + patternType?: string; + /** + * Pattern version of a threat intelligence entity + */ + patternVersion?: string; + /** + * Kill chain phases + */ + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + /** + * Parsed patterns + */ + parsedPattern?: ThreatIntelligenceParsedPattern[]; + /** + * External ID of threat intelligence entity + */ + externalId?: string; + /** + * Created by reference of threat intelligence entity + */ + createdByRef?: string; + /** + * Is threat intelligence entity defanged + */ + defanged?: boolean; + /** + * External last updated time in UTC + */ + externalLastUpdatedTimeUtc?: string; + /** + * External References + */ + externalReferences?: ThreatIntelligenceExternalReference[]; + /** + * Granular Markings + */ + granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; + /** + * Labels of threat intelligence entity + */ + labels?: string[]; + /** + * Is threat intelligence entity revoked + */ + revoked?: boolean; + /** + * Confidence of threat intelligence entity + */ + confidence?: number; + /** + * Threat intelligence entity object marking references + */ + objectMarkingRefs?: string[]; + /** + * Language of threat intelligence entity + */ + language?: string; + /** + * Threat types + */ + threatTypes?: string[]; + /** + * Valid from + */ + validFrom?: string; + /** + * Valid until + */ + validUntil?: string; + /** + * Created by + */ + created?: string; + /** + * Modified by + */ + modified?: string; + /** + * Extensions map + */ + extensions?: { [propertyName: string]: any }; +} + +/** + * Describes an entity with kind. + */ +export interface ThreatIntelligenceResourceKind { +} + +/** + * Threat intelligence indicator entity used in request body. + */ +export interface ThreatIntelligenceIndicatorModelForRequestBody extends ThreatIntelligenceResourceKind { + /** + * Etag of the azure resource + */ + etag?: string; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly additionalData?: { [propertyName: string]: any }; + /** + * The graph item display name which is a short humanly readable description of the graph item + * instance. This property is optional and might be system generated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly friendlyName?: string; + /** + * List of tags + */ + threatIntelligenceTags?: string[]; + /** + * Last updated time in UTC + */ + lastUpdatedTimeUtc?: string; + /** + * Source of a threat intelligence entity + */ + source?: string; + /** + * Display name of a threat intelligence entity + */ + displayName?: string; + /** + * Description of a threat intelligence entity + */ + description?: string; + /** + * Indicator types of threat intelligence entities + */ + indicatorTypes?: string[]; + /** + * Pattern of a threat intelligence entity + */ + pattern?: string; + /** + * Pattern type of a threat intelligence entity + */ + patternType?: string; + /** + * Pattern version of a threat intelligence entity + */ + patternVersion?: string; + /** + * Kill chain phases + */ + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + /** + * Parsed patterns + */ + parsedPattern?: ThreatIntelligenceParsedPattern[]; + /** + * External ID of threat intelligence entity + */ + externalId?: string; + /** + * Created by reference of threat intelligence entity + */ + createdByRef?: string; + /** + * Is threat intelligence entity defanged + */ + defanged?: boolean; + /** + * External last updated time in UTC + */ + externalLastUpdatedTimeUtc?: string; + /** + * External References + */ + externalReferences?: ThreatIntelligenceExternalReference[]; + /** + * Granular Markings + */ + granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; + /** + * Labels of threat intelligence entity + */ + labels?: string[]; + /** + * Is threat intelligence entity revoked + */ + revoked?: boolean; + /** + * Confidence of threat intelligence entity + */ + confidence?: number; + /** + * Threat intelligence entity object marking references + */ + objectMarkingRefs?: string[]; + /** + * Language of threat intelligence entity + */ + language?: string; + /** + * Threat types + */ + threatTypes?: string[]; + /** + * Valid from + */ + validFrom?: string; + /** + * Valid until + */ + validUntil?: string; + /** + * Created by + */ + created?: string; + /** + * Modified by + */ + modified?: string; + /** + * Extensions map + */ + extensions?: { [propertyName: string]: any }; +} + +/** + * List of available columns for sorting + */ +export interface ThreatIntelligenceSortingCriteria { + /** + * Column name + */ + itemKey?: string; + /** + * Sorting order (ascending/descending/unsorted). Possible values include: 'unsorted', + * 'ascending', 'descending' + */ + sortOrder?: ThreatIntelligenceSortingOrder; +} + +/** + * Filtering criteria for querying threat intelligence indicators. + */ +export interface ThreatIntelligenceFilteringCriteria { + /** + * Page size + */ + pageSize?: number; + /** + * Minimum confidence. + */ + minConfidence?: number; + /** + * Maximum confidence. + */ + maxConfidence?: number; + /** + * Start time for ValidUntil filter. + */ + minValidUntil?: string; + /** + * End time for ValidUntil filter. + */ + maxValidUntil?: string; + /** + * Parameter to include/exclude disabled indicators. + */ + includeDisabled?: boolean; + /** + * Columns to sort by and sorting order + */ + sortBy?: ThreatIntelligenceSortingCriteria[]; + /** + * Sources of threat intelligence indicators + */ + sources?: string[]; + /** + * Pattern types + */ + patternTypes?: string[]; + /** + * Threat types of threat intelligence indicators + */ + threatTypes?: string[]; + /** + * Ids of threat intelligence indicators + */ + ids?: string[]; + /** + * Keywords for searching threat intelligence indicators + */ + keywords?: string[]; + /** + * Skip token. + */ + skipToken?: string; +} + +/** + * Array of tags to be appended to the threat intelligence indicator. + */ +export interface ThreatIntelligenceAppendTags { + /** + * List of tags to be appended. + */ + threatIntelligenceTags?: string[]; +} + +/** + * Describes threat intelligence metric entity + */ +export interface ThreatIntelligenceMetricEntity { + /** + * Metric name + */ + metricName?: string; + /** + * Metric value + */ + metricValue?: number; +} + +/** + * Describes threat intelligence metric + */ +export interface ThreatIntelligenceMetric { + /** + * Last updated indicator metric + */ + lastUpdatedTimeUtc?: string; + /** + * Threat type metrics + */ + threatTypeMetrics?: ThreatIntelligenceMetricEntity[]; + /** + * Pattern type metrics + */ + patternTypeMetrics?: ThreatIntelligenceMetricEntity[]; + /** + * Source metrics + */ + sourceMetrics?: ThreatIntelligenceMetricEntity[]; +} + +/** + * Threat intelligence metrics. + */ +export interface ThreatIntelligenceMetrics { + /** + * Threat intelligence metrics. + */ + properties?: ThreatIntelligenceMetric; +} + +/** + * List of all the threat intelligence metric fields (type/threat type/source). + */ +export interface ThreatIntelligenceMetricsList { + /** + * Array of threat intelligence metric fields (type/threat type/source). + */ + value: ThreatIntelligenceMetrics[]; +} + +/** + * Represents a Watchlist in Azure Security Insights. + */ +export interface Watchlist extends ResourceWithEtag { + /** + * The id (a Guid) of the watchlist + */ + watchlistId?: string; + /** + * The display name of the watchlist + */ + displayName: string; + /** + * The provider of the watchlist + */ + provider: string; + /** + * The source of the watchlist. Possible values include: 'Local file', 'Remote storage' + */ + source: Source; + /** + * The time the watchlist was created + */ + created?: Date; + /** + * The last time the watchlist was updated + */ + updated?: Date; + /** + * Describes a user that created the watchlist + */ + createdBy?: UserInfo; + /** + * Describes a user that updated the watchlist + */ + updatedBy?: UserInfo; + /** + * A description of the watchlist + */ + description?: string; + /** + * The type of the watchlist + */ + watchlistType?: string; + /** + * The alias of the watchlist + */ + watchlistAlias?: string; + /** + * A flag that indicates if the watchlist is deleted or not + */ + isDeleted?: boolean; + /** + * List of labels relevant to this watchlist + */ + labels?: string[]; + /** + * The default duration of a watchlist (in ISO 8601 duration format) + */ + defaultDuration?: string; + /** + * The tenantId where the watchlist belongs to + */ + tenantId?: string; + /** + * The number of lines in a csv content to skip before the header + */ + numberOfLinesToSkip?: number; + /** + * The raw content that represents to watchlist items to create. Example : This line will be + * skipped + * header1,header2 + * value1,value2 + */ + rawContent?: string; + /** + * The search key is used to optimize query performance when using watchlists for joins with + * other data. For example, enable a column with IP addresses to be the designated SearchKey + * field, then use this field as the key field when joining to other event data by IP address. + */ + itemsSearchKey: string; + /** + * The content type of the raw content. For now, only text/csv is valid + */ + contentType?: string; + /** + * The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist + * upload status is InProgress, the Watchlist cannot be deleted + */ + uploadStatus?: string; +} + +/** + * Represents a Watchlist Item in Azure Security Insights. + */ +export interface WatchlistItem extends ResourceWithEtag { + /** + * The type of the watchlist item + */ + watchlistItemType?: string; + /** + * The id (a Guid) of the watchlist item + */ + watchlistItemId?: string; + /** + * The tenantId to which the watchlist item belongs to + */ + tenantId?: string; + /** + * A flag that indicates if the watchlist item is deleted or not + */ + isDeleted?: boolean; + /** + * The time the watchlist item was created + */ + created?: Date; + /** + * The last time the watchlist item was updated + */ + updated?: Date; + /** + * Describes a user that created the watchlist item + */ + createdBy?: UserInfo; + /** + * Describes a user that updated the watchlist item + */ + updatedBy?: UserInfo; + /** + * key-value pairs for a watchlist item + */ + itemsKeyValue: any; + /** + * key-value pairs for a watchlist item entity mapping + */ + entityMapping?: any; +} + +/** + * Properties of the operation + */ +export interface OperationDisplay { + /** + * Description of the operation + */ + description?: string; + /** + * Operation name + */ + operation?: string; + /** + * Provider name + */ + provider?: string; + /** + * Resource name + */ + resource?: string; +} + +/** + * Operation provided by provider + */ +export interface Operation { + /** + * Properties of the operation + */ + display?: OperationDisplay; + /** + * Name of the operation + */ + name?: string; + /** + * The origin of the operation + */ + origin?: string; +} + +/** + * Action for alert rule. + */ +export interface ActionResponse extends Resource { + /** + * Etag of the action. + */ + etag?: string; + /** + * Logic App Resource Id, + * /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + */ + logicAppResourceId: string; + /** + * The name of the logic app's workflow. + */ + workflowId?: string; +} + +/** + * Action for alert rule. + */ +export interface ActionRequest extends ResourceWithEtag { + /** + * Logic App Resource Id, + * /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + */ + logicAppResourceId: string; + /** + * Logic App Callback URL for this specific workflow. + */ + triggerUri: string; +} + +/** + * Action property bag base. + */ +export interface ActionPropertiesBase { + /** + * Logic App Resource Id, + * /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + */ + logicAppResourceId: string; +} + +/** + * Contains the possible cases for AlertRule. + */ +export type AlertRuleUnion = AlertRule | FusionAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule; + +/** + * Alert rule. + */ +export interface AlertRule { + /** + * Polymorphic Discriminator + */ + kind: "AlertRule"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * Etag of the azure resource + */ + etag?: string; +} + +/** + * Contains the possible cases for AlertRuleTemplate. + */ +export type AlertRuleTemplateUnion = AlertRuleTemplate | FusionAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate; + +/** + * Alert rule template. + */ +export interface AlertRuleTemplate { + /** + * Polymorphic Discriminator + */ + kind: "AlertRuleTemplate"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; +} + +/** + * alert rule template data sources + */ +export interface AlertRuleTemplateDataSource { + /** + * The connector id that provides the following data types + */ + connectorId?: string; + /** + * The data types used by the alert rule template + */ + dataTypes?: string[]; +} + +/** + * Represents Fusion alert rule. + */ +export interface FusionAlertRule { + /** + * Polymorphic Discriminator + */ + kind: "Fusion"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * Etag of the azure resource + */ + etag?: string; + /** + * The Name of the alert rule template used to create this rule. + */ + alertRuleTemplateName: string; + /** + * The description of the alert rule. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly description?: string; + /** + * The display name for alerts created by this alert rule. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly displayName?: string; + /** + * Determines whether this alert rule is enabled or disabled. + */ + enabled: boolean; + /** + * The last time that this alert has been modified. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly lastModifiedUtc?: Date; + /** + * The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', + * 'Low', 'Informational' + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly severity?: AlertSeverity; + /** + * The tactics of the alert rule + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly tactics?: AttackTactic[]; +} + +/** + * Represents Fusion alert rule template. + */ +export interface FusionAlertRuleTemplate { + /** + * Polymorphic Discriminator + */ + kind: "Fusion"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * the number of alert rules that were created by this template + */ + alertRulesCreatedByTemplateCount?: number; + /** + * The time that this alert rule template has been added. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly createdDateUTC?: Date; + /** + * The time that this alert rule template was last updated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The description of the alert rule template. + */ + description?: string; + /** + * The display name for alert rule template. + */ + displayName?: string; + /** + * The required data connectors for this template + */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** + * The alert rule template status. Possible values include: 'Installed', 'Available', + * 'NotAvailable' + */ + status?: TemplateStatus; + /** + * The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', + * 'Low', 'Informational' + */ + severity?: AlertSeverity; + /** + * The tactics of the alert rule template + */ + tactics?: AttackTactic[]; +} + +/** + * Represents MicrosoftSecurityIncidentCreation rule. + */ +export interface MicrosoftSecurityIncidentCreationAlertRule { + /** + * Polymorphic Discriminator + */ + kind: "MicrosoftSecurityIncidentCreation"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * Etag of the azure resource + */ + etag?: string; + /** + * the alerts' displayNames on which the cases will be generated + */ + displayNamesFilter?: string[]; + /** + * the alerts' displayNames on which the cases will not be generated + */ + displayNamesExcludeFilter?: string[]; + /** + * The alerts' productName on which the cases will be generated. Possible values include: + * 'Microsoft Cloud App Security', 'Azure Security Center', 'Azure Advanced Threat Protection', + * 'Azure Active Directory Identity Protection', 'Azure Security Center for IoT' + */ + productFilter: MicrosoftSecurityProductName; + /** + * the alerts' severities on which the cases will be generated + */ + severitiesFilter?: AlertSeverity[]; + /** + * The Name of the alert rule template used to create this rule. + */ + alertRuleTemplateName?: string; + /** + * The description of the alert rule. + */ + description?: string; + /** + * The display name for alerts created by this alert rule. + */ + displayName: string; + /** + * Determines whether this alert rule is enabled or disabled. + */ + enabled: boolean; + /** + * The last time that this alert has been modified. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly lastModifiedUtc?: Date; +} + +/** + * MicrosoftSecurityIncidentCreation rule common property bag. + */ +export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { + /** + * the alerts' displayNames on which the cases will be generated + */ + displayNamesFilter?: string[]; + /** + * the alerts' displayNames on which the cases will not be generated + */ + displayNamesExcludeFilter?: string[]; + /** + * The alerts' productName on which the cases will be generated. Possible values include: + * 'Microsoft Cloud App Security', 'Azure Security Center', 'Azure Advanced Threat Protection', + * 'Azure Active Directory Identity Protection', 'Azure Security Center for IoT' + */ + productFilter: MicrosoftSecurityProductName; + /** + * the alerts' severities on which the cases will be generated + */ + severitiesFilter?: AlertSeverity[]; +} + +/** + * Represents MicrosoftSecurityIncidentCreation rule template. + */ +export interface MicrosoftSecurityIncidentCreationAlertRuleTemplate { + /** + * Polymorphic Discriminator + */ + kind: "MicrosoftSecurityIncidentCreation"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * the number of alert rules that were created by this template + */ + alertRulesCreatedByTemplateCount?: number; + /** + * The time that this alert rule template has been added. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly createdDateUTC?: Date; + /** + * The time that this alert rule template was last updated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The description of the alert rule template. + */ + description?: string; + /** + * The display name for alert rule template. + */ + displayName?: string; + /** + * The required data connectors for this template + */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** + * The alert rule template status. Possible values include: 'Installed', 'Available', + * 'NotAvailable' + */ + status?: TemplateStatus; + /** + * the alerts' displayNames on which the cases will be generated + */ + displayNamesFilter?: string[]; + /** + * the alerts' displayNames on which the cases will not be generated + */ + displayNamesExcludeFilter?: string[]; + /** + * The alerts' productName on which the cases will be generated. Possible values include: + * 'Microsoft Cloud App Security', 'Azure Security Center', 'Azure Advanced Threat Protection', + * 'Azure Active Directory Identity Protection', 'Azure Security Center for IoT' + */ + productFilter: MicrosoftSecurityProductName; + /** + * the alerts' severities on which the cases will be generated + */ + severitiesFilter?: AlertSeverity[]; +} + +/** + * Grouping configuration property bag. + */ +export interface GroupingConfiguration { + /** + * Grouping enabled + */ + enabled: boolean; + /** + * Re-open closed matching incidents + */ + reopenClosedIncident: boolean; + /** + * Limit the group to alerts created within the lookback duration (in ISO 8601 duration format) + */ + lookbackDuration: string; + /** + * Grouping matching method. When method is Selected at least one of groupByEntities, + * groupByAlertDetails, groupByCustomDetails must be provided and not empty. Possible values + * include: 'AllEntities', 'AnyAlert', 'Selected' + */ + matchingMethod: MatchingMethod; + /** + * A list of entity types to group by (when matchingMethod is Selected). Only entities defined in + * the current alert rule may be used. + */ + groupByEntities?: EntityMappingType[]; + /** + * A list of alert details to group by (when matchingMethod is Selected) + */ + groupByAlertDetails?: AlertDetail[]; + /** + * A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined + * in the current alert rule may be used. + */ + groupByCustomDetails?: string[]; +} + +/** + * Incident Configuration property bag. + */ +export interface IncidentConfiguration { + /** + * Create incidents from alerts triggered by this analytics rule + */ + createIncident: boolean; + /** + * Set how the alerts that are triggered by this analytics rule, are grouped into incidents + */ + groupingConfiguration?: GroupingConfiguration; +} + +/** + * Represents scheduled alert rule. + */ +export interface ScheduledAlertRule { + /** + * Polymorphic Discriminator + */ + kind: "Scheduled"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * Etag of the azure resource + */ + etag?: string; + /** + * The query that creates alerts for this rule. + */ + query?: string; + /** + * The frequency (in ISO 8601 duration format) for this alert rule to run. + */ + queryFrequency?: string; + /** + * The period (in ISO 8601 duration format) that this alert rule looks at. + */ + queryPeriod?: string; + /** + * The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', + * 'Low', 'Informational' + */ + severity?: AlertSeverity; + /** + * The operation against the threshold that triggers alert rule. Possible values include: + * 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + */ + triggerOperator?: TriggerOperator; + /** + * The threshold triggers this alert rule. + */ + triggerThreshold?: number; + /** + * The event grouping settings. + */ + eventGroupingSettings?: EventGroupingSettings; + /** + * Dictionary of string key-value pairs of columns to be attached to the alert + */ + customDetails?: { [propertyName: string]: string }; + /** + * Array of the entity mappings of the alert rule + */ + entityMappings?: EntityMapping[]; + /** + * The alert details override settings + */ + alertDetailsOverride?: AlertDetailsOverride; + /** + * The Name of the alert rule template used to create this rule. + */ + alertRuleTemplateName?: string; + /** + * The description of the alert rule. + */ + description?: string; + /** + * The display name for alerts created by this alert rule. + */ + displayName: string; + /** + * Determines whether this alert rule is enabled or disabled. + */ + enabled: boolean; + /** + * The last time that this alert rule has been modified. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly lastModifiedUtc?: Date; + /** + * The suppression (in ISO 8601 duration format) to wait since last time this alert rule been + * triggered. + */ + suppressionDuration: string; + /** + * Determines whether the suppression for this alert rule is enabled or disabled. + */ + suppressionEnabled: boolean; + /** + * The tactics of the alert rule + */ + tactics?: AttackTactic[]; + /** + * The settings of the incidents that created from alerts triggered by this analytics rule + */ + incidentConfiguration?: IncidentConfiguration; +} + +/** + * Event grouping settings property bag. + */ +export interface EventGroupingSettings { + /** + * Possible values include: 'SingleAlert', 'AlertPerResult' + */ + aggregationKind?: EventGroupingAggregationKind; +} + +/** + * A single field mapping of the mapped entity + */ +export interface FieldMapping { + /** + * the V3 identifier of the entity + */ + identifier?: string; + /** + * the column name to be mapped to the identifier + */ + columnName?: string; +} + +/** + * Single entity mapping for the alert rule + */ +export interface EntityMapping { + /** + * Possible values include: 'Account', 'Host', 'IP', 'Malware', 'File', 'Process', + * 'CloudApplication', 'DNS', 'AzureResource', 'FileHash', 'RegistryKey', 'RegistryValue', + * 'SecurityGroup', 'URL', 'Mailbox', 'MailCluster', 'MailMessage', 'SubmissionMail' + */ + entityType?: EntityMappingType; + /** + * array of field mappings for the given entity mapping + */ + fieldMappings?: FieldMapping[]; +} + +/** + * Settings for how to dynamically override alert static details + */ +export interface AlertDetailsOverride { + /** + * the format containing columns name(s) to override the alert name + */ + alertDisplayNameFormat?: string; + /** + * the format containing columns name(s) to override the alert description + */ + alertDescriptionFormat?: string; + /** + * the column name to take the alert tactics from + */ + alertTacticsColumnName?: string; + /** + * the column name to take the alert severity from + */ + alertSeverityColumnName?: string; +} + +/** + * Scheduled alert rule template property bag. + */ +export interface ScheduledAlertRuleCommonProperties { + /** + * The query that creates alerts for this rule. + */ + query?: string; + /** + * The frequency (in ISO 8601 duration format) for this alert rule to run. + */ + queryFrequency?: string; + /** + * The period (in ISO 8601 duration format) that this alert rule looks at. + */ + queryPeriod?: string; + /** + * The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', + * 'Low', 'Informational' + */ + severity?: AlertSeverity; + /** + * The operation against the threshold that triggers alert rule. Possible values include: + * 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + */ + triggerOperator?: TriggerOperator; + /** + * The threshold triggers this alert rule. + */ + triggerThreshold?: number; + /** + * The event grouping settings. + */ + eventGroupingSettings?: EventGroupingSettings; + /** + * Dictionary of string key-value pairs of columns to be attached to the alert + */ + customDetails?: { [propertyName: string]: string }; + /** + * Array of the entity mappings of the alert rule + */ + entityMappings?: EntityMapping[]; + /** + * The alert details override settings + */ + alertDetailsOverride?: AlertDetailsOverride; +} + +/** + * Represents scheduled alert rule template. + */ +export interface ScheduledAlertRuleTemplate { + /** + * Polymorphic Discriminator + */ + kind: "Scheduled"; + /** + * Fully qualified resource ID for the resource. Ex - + * /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly id?: string; + /** + * The name of the resource + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + * "Microsoft.Storage/storageAccounts" + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly systemData?: SystemData; + /** + * the number of alert rules that were created by this template + */ + alertRulesCreatedByTemplateCount?: number; + /** + * The time that this alert rule template has been added. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly createdDateUTC?: Date; + /** + * The time that this alert rule template was last updated. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The description of the alert rule template. + */ + description?: string; + /** + * The display name for alert rule template. + */ + displayName?: string; + /** + * The required data connectors for this template + */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** + * The alert rule template status. Possible values include: 'Installed', 'Available', + * 'NotAvailable' + */ + status?: TemplateStatus; + /** + * The query that creates alerts for this rule. + */ + query?: string; + /** + * The frequency (in ISO 8601 duration format) for this alert rule to run. + */ + queryFrequency?: string; + /** + * The period (in ISO 8601 duration format) that this alert rule looks at. + */ + queryPeriod?: string; + /** + * The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', + * 'Low', 'Informational' + */ + severity?: AlertSeverity; + /** + * The operation against the threshold that triggers alert rule. Possible values include: + * 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + */ + triggerOperator?: TriggerOperator; + /** + * The threshold triggers this alert rule. + */ + triggerThreshold?: number; + /** + * The tactics of the alert rule template + */ + tactics?: AttackTactic[]; + /** + * The version of this template - in format , where all are numbers. For example <1.0.2>. + */ + version?: string; +} + +/** + * Optional Parameters. + */ +export interface IncidentsListOptionalParams extends msRest.RequestOptionsBase { + /** + * Filters the results, based on a Boolean condition. Optional. + */ + filter?: string; + /** + * Sorts the results. Optional. + */ + orderby?: string; + /** + * Returns only the first n results. Optional. + */ + top?: number; + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; +} + +/** + * Optional Parameters. + */ +export interface IncidentsListNextOptionalParams extends msRest.RequestOptionsBase { + /** + * Filters the results, based on a Boolean condition. Optional. + */ + filter?: string; + /** + * Sorts the results. Optional. + */ + orderby?: string; + /** + * Returns only the first n results. Optional. + */ + top?: number; + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; +} + +/** + * Optional Parameters. + */ +export interface IncidentCommentsListByIncidentOptionalParams extends msRest.RequestOptionsBase { + /** + * Filters the results, based on a Boolean condition. Optional. + */ + filter?: string; + /** + * Sorts the results. Optional. + */ + orderby?: string; + /** + * Returns only the first n results. Optional. + */ + top?: number; + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; +} + +/** + * Optional Parameters. + */ +export interface IncidentCommentsListByIncidentNextOptionalParams extends msRest.RequestOptionsBase { + /** + * Filters the results, based on a Boolean condition. Optional. + */ + filter?: string; + /** + * Sorts the results. Optional. + */ + orderby?: string; + /** + * Returns only the first n results. Optional. + */ + top?: number; + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; +} + +/** + * Optional Parameters. + */ +export interface IncidentRelationsListOptionalParams extends msRest.RequestOptionsBase { + /** + * Filters the results, based on a Boolean condition. Optional. + */ + filter?: string; + /** + * Sorts the results. Optional. + */ + orderby?: string; + /** + * Returns only the first n results. Optional. + */ + top?: number; + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; +} + +/** + * Optional Parameters. + */ +export interface IncidentRelationsListNextOptionalParams extends msRest.RequestOptionsBase { + /** + * Filters the results, based on a Boolean condition. Optional. + */ + filter?: string; + /** + * Sorts the results. Optional. + */ + orderby?: string; + /** + * Returns only the first n results. Optional. + */ + top?: number; + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; +} + +/** + * Optional Parameters. + */ +export interface ThreatIntelligenceIndicatorsListOptionalParams extends msRest.RequestOptionsBase { + /** + * Filters the results, based on a Boolean condition. Optional. + */ + filter?: string; + /** + * Returns only the first n results. Optional. + */ + top?: number; + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; + /** + * Sorts the results. Optional. + */ + orderby?: string; +} + +/** + * Optional Parameters. + */ +export interface ThreatIntelligenceIndicatorsListNextOptionalParams extends msRest.RequestOptionsBase { + /** + * Filters the results, based on a Boolean condition. Optional. + */ + filter?: string; + /** + * Returns only the first n results. Optional. + */ + top?: number; + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; + /** + * Sorts the results. Optional. + */ + orderby?: string; +} + +/** + * Optional Parameters. + */ +export interface WatchlistsListOptionalParams extends msRest.RequestOptionsBase { + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; +} + +/** + * Optional Parameters. + */ +export interface WatchlistsListNextOptionalParams extends msRest.RequestOptionsBase { + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; +} + +/** + * Optional Parameters. + */ +export interface WatchlistItemsListOptionalParams extends msRest.RequestOptionsBase { + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; +} + +/** + * Optional Parameters. + */ +export interface WatchlistItemsListNextOptionalParams extends msRest.RequestOptionsBase { + /** + * Skiptoken is only used if a previous operation returned a partial result. If a previous + * response contains a nextLink element, the value of the nextLink element will include a + * skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + */ + skipToken?: string; +} + +/** + * An interface representing SecurityInsightsOptions. + */ +export interface SecurityInsightsOptions extends AzureServiceClientOptions { + baseUri?: string; +} + +/** + * @interface + * List all the incidents. + * @extends Array + */ +export interface IncidentList extends Array { + /** + * URL to fetch the next set of incidents. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly nextLink?: string; +} + +/** + * @interface + * List of incident comments. + * @extends Array + */ +export interface IncidentCommentList extends Array { + /** + * URL to fetch the next set of comments. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly nextLink?: string; +} + +/** + * @interface + * List of relations. + * @extends Array + */ +export interface RelationList extends Array { + /** + * URL to fetch the next set of relations. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly nextLink?: string; +} + +/** + * @interface + * List of all the threat intelligence information objects. + * @extends Array + */ +export interface ThreatIntelligenceInformationList extends Array { + /** + * URL to fetch the next set of information objects. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly nextLink?: string; +} + +/** + * @interface + * List all the watchlists. + * @extends Array + */ +export interface WatchlistList extends Array { + /** + * URL to fetch the next set of watchlists. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly nextLink?: string; +} + +/** + * @interface + * List all the watchlist items. + * @extends Array + */ +export interface WatchlistItemList extends Array { + /** + * URL to fetch the next set of watchlist items. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly nextLink?: string; +} + +/** + * @interface + * Lists the operations available in the SecurityInsights RP. + * @extends Array + */ +export interface OperationsList extends Array { + /** + * URL to fetch the next set of operations. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly nextLink?: string; +} + +/** + * @interface + * List all the alert rules. + * @extends Array + */ +export interface AlertRulesList extends Array { + /** + * URL to fetch the next set of alert rules. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly nextLink?: string; +} + +/** + * @interface + * List all the actions. + * @extends Array + */ +export interface ActionsList extends Array { + /** + * URL to fetch the next set of actions. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly nextLink?: string; +} + +/** + * @interface + * List all the alert rule templates. + * @extends Array + */ +export interface AlertRuleTemplatesList extends Array { + /** + * URL to fetch the next set of alert rule templates. + * **NOTE: This property will not be serialized. It can only be populated by the server.** + */ + readonly nextLink?: string; +} + +/** + * Defines values for CreatedByType. + * Possible values include: 'User', 'Application', 'ManagedIdentity', 'Key' + * @readonly + * @enum {string} + */ +export type CreatedByType = 'User' | 'Application' | 'ManagedIdentity' | 'Key'; + +/** + * Defines values for EntityKindEnum. + * Possible values include: 'Account', 'Host', 'File', 'AzureResource', 'CloudApplication', + * 'DnsResolution', 'FileHash', 'Ip', 'Malware', 'Process', 'RegistryKey', 'RegistryValue', + * 'SecurityGroup', 'Url', 'IoTDevice', 'SecurityAlert', 'Bookmark', 'MailCluster', 'MailMessage', + * 'Mailbox', 'SubmissionMail' + * @readonly + * @enum {string} + */ +export type EntityKindEnum = 'Account' | 'Host' | 'File' | 'AzureResource' | 'CloudApplication' | 'DnsResolution' | 'FileHash' | 'Ip' | 'Malware' | 'Process' | 'RegistryKey' | 'RegistryValue' | 'SecurityGroup' | 'Url' | 'IoTDevice' | 'SecurityAlert' | 'Bookmark' | 'MailCluster' | 'MailMessage' | 'Mailbox' | 'SubmissionMail'; + +/** + * Defines values for FileHashAlgorithm. + * Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC' + * @readonly + * @enum {string} + */ +export type FileHashAlgorithm = 'Unknown' | 'MD5' | 'SHA1' | 'SHA256' | 'SHA256AC'; + +/** + * Defines values for OSFamily. + * Possible values include: 'Linux', 'Windows', 'Android', 'IOS', 'Unknown' + * @readonly + * @enum {string} + */ +export type OSFamily = 'Linux' | 'Windows' | 'Android' | 'IOS' | 'Unknown'; + +/** + * Defines values for CaseSeverity. + * Possible values include: 'Critical', 'High', 'Medium', 'Low', 'Informational' + * @readonly + * @enum {string} + */ +export type CaseSeverity = 'Critical' | 'High' | 'Medium' | 'Low' | 'Informational'; + +/** + * Defines values for AttackTactic. + * Possible values include: 'InitialAccess', 'Execution', 'Persistence', 'PrivilegeEscalation', + * 'DefenseEvasion', 'CredentialAccess', 'Discovery', 'LateralMovement', 'Collection', + * 'Exfiltration', 'CommandAndControl', 'Impact', 'PreAttack' + * @readonly + * @enum {string} + */ +export type AttackTactic = 'InitialAccess' | 'Execution' | 'Persistence' | 'PrivilegeEscalation' | 'DefenseEvasion' | 'CredentialAccess' | 'Discovery' | 'LateralMovement' | 'Collection' | 'Exfiltration' | 'CommandAndControl' | 'Impact' | 'PreAttack'; + +/** + * Defines values for IncidentClassification. + * Possible values include: 'Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive' + * @readonly + * @enum {string} + */ +export type IncidentClassification = 'Undetermined' | 'TruePositive' | 'BenignPositive' | 'FalsePositive'; + +/** + * Defines values for IncidentClassificationReason. + * Possible values include: 'SuspiciousActivity', 'SuspiciousButExpected', 'IncorrectAlertLogic', + * 'InaccurateData' + * @readonly + * @enum {string} + */ +export type IncidentClassificationReason = 'SuspiciousActivity' | 'SuspiciousButExpected' | 'IncorrectAlertLogic' | 'InaccurateData'; + +/** + * Defines values for IncidentLabelType. + * Possible values include: 'User', 'System' + * @readonly + * @enum {string} + */ +export type IncidentLabelType = 'User' | 'System'; + +/** + * Defines values for IncidentSeverity. + * Possible values include: 'High', 'Medium', 'Low', 'Informational' + * @readonly + * @enum {string} + */ +export type IncidentSeverity = 'High' | 'Medium' | 'Low' | 'Informational'; + +/** + * Defines values for IncidentStatus. + * Possible values include: 'New', 'Active', 'Closed' + * @readonly + * @enum {string} + */ +export type IncidentStatus = 'New' | 'Active' | 'Closed'; + +/** + * Defines values for ConfidenceLevel. + * Possible values include: 'Unknown', 'Low', 'High' + * @readonly + * @enum {string} + */ +export type ConfidenceLevel = 'Unknown' | 'Low' | 'High'; + +/** + * Defines values for ConfidenceScoreStatus. + * Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final' + * @readonly + * @enum {string} + */ +export type ConfidenceScoreStatus = 'NotApplicable' | 'InProcess' | 'NotFinal' | 'Final'; + +/** + * Defines values for KillChainIntent. + * Possible values include: 'Unknown', 'Probing', 'Exploitation', 'Persistence', + * 'PrivilegeEscalation', 'DefenseEvasion', 'CredentialAccess', 'Discovery', 'LateralMovement', + * 'Execution', 'Collection', 'Exfiltration', 'CommandAndControl', 'Impact' + * @readonly + * @enum {string} + */ +export type KillChainIntent = 'Unknown' | 'Probing' | 'Exploitation' | 'Persistence' | 'PrivilegeEscalation' | 'DefenseEvasion' | 'CredentialAccess' | 'Discovery' | 'LateralMovement' | 'Execution' | 'Collection' | 'Exfiltration' | 'CommandAndControl' | 'Impact'; + +/** + * Defines values for AlertSeverity. + * Possible values include: 'High', 'Medium', 'Low', 'Informational' + * @readonly + * @enum {string} + */ +export type AlertSeverity = 'High' | 'Medium' | 'Low' | 'Informational'; + +/** + * Defines values for AlertStatus. + * Possible values include: 'Unknown', 'New', 'Resolved', 'Dismissed', 'InProgress' + * @readonly + * @enum {string} + */ +export type AlertStatus = 'Unknown' | 'New' | 'Resolved' | 'Dismissed' | 'InProgress'; + +/** + * Defines values for AntispamMailDirection. + * Possible values include: 'Unknown', 'Inbound', 'Outbound', 'Intraorg' + * @readonly + * @enum {string} + */ +export type AntispamMailDirection = 'Unknown' | 'Inbound' | 'Outbound' | 'Intraorg'; + +/** + * Defines values for DeliveryAction. + * Possible values include: 'Unknown', 'DeliveredAsSpam', 'Delivered', 'Blocked', 'Replaced' + * @readonly + * @enum {string} + */ +export type DeliveryAction = 'Unknown' | 'DeliveredAsSpam' | 'Delivered' | 'Blocked' | 'Replaced'; + +/** + * Defines values for DeliveryLocation. + * Possible values include: 'Unknown', 'Inbox', 'JunkFolder', 'DeletedFolder', 'Quarantine', + * 'External', 'Failed', 'Dropped', 'Forwarded' + * @readonly + * @enum {string} + */ +export type DeliveryLocation = 'Unknown' | 'Inbox' | 'JunkFolder' | 'DeletedFolder' | 'Quarantine' | 'External' | 'Failed' | 'Dropped' | 'Forwarded'; + +/** + * Defines values for ElevationToken. + * Possible values include: 'Default', 'Full', 'Limited' + * @readonly + * @enum {string} + */ +export type ElevationToken = 'Default' | 'Full' | 'Limited'; + +/** + * Defines values for RegistryHive. + * Possible values include: 'HKEY_LOCAL_MACHINE', 'HKEY_CLASSES_ROOT', 'HKEY_CURRENT_CONFIG', + * 'HKEY_USERS', 'HKEY_CURRENT_USER_LOCAL_SETTINGS', 'HKEY_PERFORMANCE_DATA', + * 'HKEY_PERFORMANCE_NLSTEXT', 'HKEY_PERFORMANCE_TEXT', 'HKEY_A', 'HKEY_CURRENT_USER' + * @readonly + * @enum {string} + */ +export type RegistryHive = 'HKEY_LOCAL_MACHINE' | 'HKEY_CLASSES_ROOT' | 'HKEY_CURRENT_CONFIG' | 'HKEY_USERS' | 'HKEY_CURRENT_USER_LOCAL_SETTINGS' | 'HKEY_PERFORMANCE_DATA' | 'HKEY_PERFORMANCE_NLSTEXT' | 'HKEY_PERFORMANCE_TEXT' | 'HKEY_A' | 'HKEY_CURRENT_USER'; + +/** + * Defines values for RegistryValueKind. + * Possible values include: 'None', 'Unknown', 'String', 'ExpandString', 'Binary', 'DWord', + * 'MultiString', 'QWord' + * @readonly + * @enum {string} + */ +export type RegistryValueKind = 'None' | 'Unknown' | 'String' | 'ExpandString' | 'Binary' | 'DWord' | 'MultiString' | 'QWord'; + +/** + * Defines values for ThreatIntelligenceResourceInnerKind. + * Possible values include: 'indicator' + * @readonly + * @enum {string} + */ +export type ThreatIntelligenceResourceInnerKind = 'indicator'; + +/** + * Defines values for ThreatIntelligenceSortingOrder. + * Possible values include: 'unsorted', 'ascending', 'descending' + * @readonly + * @enum {string} + */ +export type ThreatIntelligenceSortingOrder = 'unsorted' | 'ascending' | 'descending'; + +/** + * Defines values for Source. + * Possible values include: 'Local file', 'Remote storage' + * @readonly + * @enum {string} + */ +export type Source = 'Local file' | 'Remote storage'; + +/** + * Defines values for AlertRuleKind. + * Possible values include: 'Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion' + * @readonly + * @enum {string} + */ +export type AlertRuleKind = 'Scheduled' | 'MicrosoftSecurityIncidentCreation' | 'Fusion'; + +/** + * Defines values for TemplateStatus. + * Possible values include: 'Installed', 'Available', 'NotAvailable' + * @readonly + * @enum {string} + */ +export type TemplateStatus = 'Installed' | 'Available' | 'NotAvailable'; + +/** + * Defines values for TriggerOperator. + * Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + * @readonly + * @enum {string} + */ +export type TriggerOperator = 'GreaterThan' | 'LessThan' | 'Equal' | 'NotEqual'; + +/** + * Defines values for MicrosoftSecurityProductName. + * Possible values include: 'Microsoft Cloud App Security', 'Azure Security Center', 'Azure + * Advanced Threat Protection', 'Azure Active Directory Identity Protection', 'Azure Security + * Center for IoT' + * @readonly + * @enum {string} + */ +export type MicrosoftSecurityProductName = 'Microsoft Cloud App Security' | 'Azure Security Center' | 'Azure Advanced Threat Protection' | 'Azure Active Directory Identity Protection' | 'Azure Security Center for IoT'; + +/** + * Defines values for MatchingMethod. + * Possible values include: 'AllEntities', 'AnyAlert', 'Selected' + * @readonly + * @enum {string} + */ +export type MatchingMethod = 'AllEntities' | 'AnyAlert' | 'Selected'; + +/** + * Defines values for EntityMappingType. + * Possible values include: 'Account', 'Host', 'IP', 'Malware', 'File', 'Process', + * 'CloudApplication', 'DNS', 'AzureResource', 'FileHash', 'RegistryKey', 'RegistryValue', + * 'SecurityGroup', 'URL', 'Mailbox', 'MailCluster', 'MailMessage', 'SubmissionMail' + * @readonly + * @enum {string} + */ +export type EntityMappingType = 'Account' | 'Host' | 'IP' | 'Malware' | 'File' | 'Process' | 'CloudApplication' | 'DNS' | 'AzureResource' | 'FileHash' | 'RegistryKey' | 'RegistryValue' | 'SecurityGroup' | 'URL' | 'Mailbox' | 'MailCluster' | 'MailMessage' | 'SubmissionMail'; + +/** + * Defines values for AlertDetail. + * Possible values include: 'DisplayName', 'Severity' + * @readonly + * @enum {string} + */ +export type AlertDetail = 'DisplayName' | 'Severity'; + +/** + * Defines values for EventGroupingAggregationKind. + * Possible values include: 'SingleAlert', 'AlertPerResult' + * @readonly + * @enum {string} + */ +export type EventGroupingAggregationKind = 'SingleAlert' | 'AlertPerResult'; + +/** + * Contains response data for the list operation. + */ +export type IncidentsListResponse = IncidentList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: IncidentList; + }; +}; + +/** + * Contains response data for the get operation. + */ +export type IncidentsGetResponse = Incident & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: Incident; + }; +}; + +/** + * Contains response data for the createOrUpdate operation. + */ +export type IncidentsCreateOrUpdateResponse = Incident & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: Incident; + }; +}; + +/** + * Contains response data for the listOfAlerts operation. + */ +export type IncidentsListOfAlertsResponse = IncidentAlertList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: IncidentAlertList; + }; +}; + +/** + * Contains response data for the listOfBookmarks operation. + */ +export type IncidentsListOfBookmarksResponse = IncidentBookmarkList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: IncidentBookmarkList; + }; +}; + +/** + * Contains response data for the listOfEntities operation. + */ +export type IncidentsListOfEntitiesResponse = IncidentEntitiesResponse & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: IncidentEntitiesResponse; + }; +}; + +/** + * Contains response data for the listNext operation. + */ +export type IncidentsListNextResponse = IncidentList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: IncidentList; + }; +}; + +/** + * Contains response data for the listByIncident operation. + */ +export type IncidentCommentsListByIncidentResponse = IncidentCommentList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: IncidentCommentList; + }; +}; + +/** + * Contains response data for the get operation. + */ +export type IncidentCommentsGetResponse = IncidentComment & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: IncidentComment; + }; +}; + +/** + * Contains response data for the createComment operation. + */ +export type IncidentCommentsCreateCommentResponse = IncidentComment & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: IncidentComment; + }; +}; + +/** + * Contains response data for the listByIncidentNext operation. + */ +export type IncidentCommentsListByIncidentNextResponse = IncidentCommentList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: IncidentCommentList; + }; +}; + +/** + * Contains response data for the list operation. + */ +export type IncidentRelationsListResponse = RelationList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: RelationList; + }; +}; + +/** + * Contains response data for the getRelation operation. + */ +export type IncidentRelationsGetRelationResponse = Relation & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: Relation; + }; +}; + +/** + * Contains response data for the createOrUpdateRelation operation. + */ +export type IncidentRelationsCreateOrUpdateRelationResponse = Relation & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: Relation; + }; +}; + +/** + * Contains response data for the listNext operation. + */ +export type IncidentRelationsListNextResponse = RelationList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: RelationList; + }; +}; + +/** + * Contains response data for the createIndicator operation. + */ +export type ThreatIntelligenceIndicatorCreateIndicatorResponse = ThreatIntelligenceInformationUnion & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ThreatIntelligenceInformationUnion; + }; +}; + +/** + * Contains response data for the get operation. + */ +export type ThreatIntelligenceIndicatorGetResponse = ThreatIntelligenceInformationUnion & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ThreatIntelligenceInformationUnion; + }; +}; + +/** + * Contains response data for the create operation. + */ +export type ThreatIntelligenceIndicatorCreateResponse = ThreatIntelligenceInformationUnion & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ThreatIntelligenceInformationUnion; + }; +}; + +/** + * Contains response data for the queryIndicators operation. + */ +export type ThreatIntelligenceIndicatorQueryIndicatorsResponse = ThreatIntelligenceInformationList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ThreatIntelligenceInformationList; + }; +}; + +/** + * Contains response data for the replaceTags operation. + */ +export type ThreatIntelligenceIndicatorReplaceTagsResponse = ThreatIntelligenceInformationUnion & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ThreatIntelligenceInformationUnion; + }; +}; + +/** + * Contains response data for the queryIndicatorsNext operation. + */ +export type ThreatIntelligenceIndicatorQueryIndicatorsNextResponse = ThreatIntelligenceInformationList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ThreatIntelligenceInformationList; + }; +}; + +/** + * Contains response data for the list operation. + */ +export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ThreatIntelligenceInformationList; + }; +}; + +/** + * Contains response data for the listNext operation. + */ +export type ThreatIntelligenceIndicatorsListNextResponse = ThreatIntelligenceInformationList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ThreatIntelligenceInformationList; + }; +}; + +/** + * Contains response data for the list operation. + */ +export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ThreatIntelligenceMetricsList; + }; +}; + +/** + * Contains response data for the list operation. + */ +export type WatchlistsListResponse = WatchlistList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: WatchlistList; + }; +}; + +/** + * Contains response data for the get operation. + */ +export type WatchlistsGetResponse = Watchlist & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: Watchlist; + }; +}; + +/** + * Contains response data for the createOrUpdate operation. + */ +export type WatchlistsCreateOrUpdateResponse = Watchlist & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: Watchlist; + }; +}; + +/** + * Contains response data for the listNext operation. + */ +export type WatchlistsListNextResponse = WatchlistList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: WatchlistList; + }; +}; + +/** + * Contains response data for the list operation. + */ +export type WatchlistItemsListResponse = WatchlistItemList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: WatchlistItemList; + }; +}; + +/** + * Contains response data for the get operation. + */ +export type WatchlistItemsGetResponse = WatchlistItem & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: WatchlistItem; + }; +}; + +/** + * Contains response data for the createOrUpdate operation. + */ +export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: WatchlistItem; + }; +}; + +/** + * Contains response data for the listNext operation. + */ +export type WatchlistItemsListNextResponse = WatchlistItemList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: WatchlistItemList; + }; +}; + +/** + * Contains response data for the list operation. + */ +export type OperationsListResponse = OperationsList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: OperationsList; + }; +}; + +/** + * Contains response data for the listNext operation. + */ +export type OperationsListNextResponse = OperationsList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: OperationsList; + }; +}; + +/** + * Contains response data for the list operation. + */ +export type AlertRulesListResponse = AlertRulesList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: AlertRulesList; + }; +}; + +/** + * Contains response data for the get operation. + */ +export type AlertRulesGetResponse = AlertRuleUnion & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: AlertRuleUnion; + }; +}; + +/** + * Contains response data for the createOrUpdate operation. + */ +export type AlertRulesCreateOrUpdateResponse = AlertRuleUnion & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: AlertRuleUnion; + }; +}; + +/** + * Contains response data for the listNext operation. + */ +export type AlertRulesListNextResponse = AlertRulesList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: AlertRulesList; + }; +}; + +/** + * Contains response data for the listByAlertRule operation. + */ +export type ActionsListByAlertRuleResponse = ActionsList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ActionsList; + }; +}; + +/** + * Contains response data for the get operation. + */ +export type ActionsGetResponse = ActionResponse & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ActionResponse; + }; +}; + +/** + * Contains response data for the createOrUpdate operation. + */ +export type ActionsCreateOrUpdateResponse = ActionResponse & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ActionResponse; + }; +}; + +/** + * Contains response data for the listByAlertRuleNext operation. + */ +export type ActionsListByAlertRuleNextResponse = ActionsList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: ActionsList; + }; +}; + +/** + * Contains response data for the list operation. + */ +export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: AlertRuleTemplatesList; + }; +}; + +/** + * Contains response data for the get operation. + */ +export type AlertRuleTemplatesGetResponse = AlertRuleTemplateUnion & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: AlertRuleTemplateUnion; + }; +}; + +/** + * Contains response data for the listNext operation. + */ +export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList & { + /** + * The underlying HTTP response. + */ + _response: msRest.HttpResponse & { + /** + * The response body as text (string format) + */ + bodyAsText: string; + + /** + * The response body as parsed JSON or XML + */ + parsedBody: AlertRuleTemplatesList; + }; +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts new file mode 100644 index 000000000000..9340557a8fde --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts @@ -0,0 +1,5715 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { CloudErrorMapper, BaseResourceMapper } from "@azure/ms-rest-azure-js"; +import * as msRest from "@azure/ms-rest-js"; + +export const CloudError = CloudErrorMapper; +export const BaseResource = BaseResourceMapper; + +export const Entity: msRest.CompositeMapper = { + serializedName: "Entity", + type: { + name: "Composite", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + uberParent: "Entity", + className: "Entity", + modelProperties: { + id: { + readOnly: true, + serializedName: "id", + type: { + name: "String" + } + }, + name: { + readOnly: true, + serializedName: "name", + type: { + name: "String" + } + }, + type: { + readOnly: true, + serializedName: "type", + type: { + name: "String" + } + }, + systemData: { + readOnly: true, + serializedName: "systemData", + type: { + name: "Composite", + className: "SystemData" + } + }, + kind: { + required: true, + serializedName: "kind", + type: { + name: "String" + } + } + } + } +}; + +export const AccountEntity: msRest.CompositeMapper = { + serializedName: "Account", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "AccountEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + aadTenantId: { + readOnly: true, + serializedName: "properties.aadTenantId", + type: { + name: "String" + } + }, + aadUserId: { + readOnly: true, + serializedName: "properties.aadUserId", + type: { + name: "String" + } + }, + accountName: { + readOnly: true, + serializedName: "properties.accountName", + type: { + name: "String" + } + }, + displayName: { + readOnly: true, + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + hostEntityId: { + readOnly: true, + serializedName: "properties.hostEntityId", + type: { + name: "String" + } + }, + isDomainJoined: { + readOnly: true, + serializedName: "properties.isDomainJoined", + type: { + name: "Boolean" + } + }, + ntDomain: { + readOnly: true, + serializedName: "properties.ntDomain", + type: { + name: "String" + } + }, + objectGuid: { + readOnly: true, + serializedName: "properties.objectGuid", + type: { + name: "Uuid" + } + }, + puid: { + readOnly: true, + serializedName: "properties.puid", + type: { + name: "String" + } + }, + sid: { + readOnly: true, + serializedName: "properties.sid", + type: { + name: "String" + } + }, + upnSuffix: { + readOnly: true, + serializedName: "properties.upnSuffix", + type: { + name: "String" + } + }, + dnsDomain: { + readOnly: true, + serializedName: "properties.dnsDomain", + type: { + name: "String" + } + } + } + } +}; + +export const AzureResourceEntity: msRest.CompositeMapper = { + serializedName: "AzureResource", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "AzureResourceEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + resourceId: { + readOnly: true, + serializedName: "properties.resourceId", + type: { + name: "String" + } + }, + subscriptionId: { + readOnly: true, + serializedName: "properties.subscriptionId", + type: { + name: "String" + } + } + } + } +}; + +export const ClientInfo: msRest.CompositeMapper = { + serializedName: "ClientInfo", + type: { + name: "Composite", + className: "ClientInfo", + modelProperties: { + email: { + serializedName: "email", + type: { + name: "String" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + objectId: { + serializedName: "objectId", + type: { + name: "Uuid" + } + }, + userPrincipalName: { + serializedName: "userPrincipalName", + type: { + name: "String" + } + } + } + } +}; + +export const CloudApplicationEntity: msRest.CompositeMapper = { + serializedName: "CloudApplication", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "CloudApplicationEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + appId: { + readOnly: true, + serializedName: "properties.appId", + type: { + name: "Number" + } + }, + appName: { + readOnly: true, + serializedName: "properties.appName", + type: { + name: "String" + } + }, + instanceName: { + readOnly: true, + serializedName: "properties.instanceName", + type: { + name: "String" + } + } + } + } +}; + +export const DnsEntity: msRest.CompositeMapper = { + serializedName: "DnsResolution", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "DnsEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + dnsServerIpEntityId: { + readOnly: true, + serializedName: "properties.dnsServerIpEntityId", + type: { + name: "String" + } + }, + domainName: { + readOnly: true, + serializedName: "properties.domainName", + type: { + name: "String" + } + }, + hostIpAddressEntityId: { + readOnly: true, + serializedName: "properties.hostIpAddressEntityId", + type: { + name: "String" + } + }, + ipAddressEntityIds: { + readOnly: true, + serializedName: "properties.ipAddressEntityIds", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const SystemData: msRest.CompositeMapper = { + serializedName: "systemData", + type: { + name: "Composite", + className: "SystemData", + modelProperties: { + createdBy: { + serializedName: "createdBy", + type: { + name: "String" + } + }, + createdByType: { + serializedName: "createdByType", + type: { + name: "String" + } + }, + createdAt: { + serializedName: "createdAt", + type: { + name: "DateTime" + } + }, + lastModifiedBy: { + serializedName: "lastModifiedBy", + type: { + name: "String" + } + }, + lastModifiedByType: { + serializedName: "lastModifiedByType", + type: { + name: "String" + } + }, + lastModifiedAt: { + serializedName: "lastModifiedAt", + type: { + name: "DateTime" + } + } + } + } +}; + +export const EntityCommonProperties: msRest.CompositeMapper = { + serializedName: "EntityCommonProperties", + type: { + name: "Composite", + className: "EntityCommonProperties", + modelProperties: { + additionalData: { + readOnly: true, + serializedName: "additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "friendlyName", + type: { + name: "String" + } + } + } + } +}; + +export const EntityEdges: msRest.CompositeMapper = { + serializedName: "EntityEdges", + type: { + name: "Composite", + className: "EntityEdges", + modelProperties: { + targetEntityId: { + serializedName: "targetEntityId", + type: { + name: "String" + } + }, + additionalData: { + serializedName: "additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + } + } + } +}; + +export const EntityKind: msRest.CompositeMapper = { + serializedName: "EntityKind", + type: { + name: "Composite", + className: "EntityKind", + modelProperties: { + kind: { + required: true, + serializedName: "kind", + type: { + name: "String" + } + } + } + } +}; + +export const FileEntity: msRest.CompositeMapper = { + serializedName: "File", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "FileEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + directory: { + readOnly: true, + serializedName: "properties.directory", + type: { + name: "String" + } + }, + fileHashEntityIds: { + readOnly: true, + serializedName: "properties.fileHashEntityIds", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + fileName: { + readOnly: true, + serializedName: "properties.fileName", + type: { + name: "String" + } + }, + hostEntityId: { + readOnly: true, + serializedName: "properties.hostEntityId", + type: { + name: "String" + } + } + } + } +}; + +export const FileHashEntity: msRest.CompositeMapper = { + serializedName: "FileHash", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "FileHashEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + algorithm: { + readOnly: true, + serializedName: "properties.algorithm", + type: { + name: "String" + } + }, + hashValue: { + readOnly: true, + serializedName: "properties.hashValue", + type: { + name: "String" + } + } + } + } +}; + +export const GeoLocation: msRest.CompositeMapper = { + serializedName: "GeoLocation", + type: { + name: "Composite", + className: "GeoLocation", + modelProperties: { + asn: { + readOnly: true, + serializedName: "asn", + type: { + name: "Number" + } + }, + city: { + readOnly: true, + serializedName: "city", + type: { + name: "String" + } + }, + countryCode: { + readOnly: true, + serializedName: "countryCode", + type: { + name: "String" + } + }, + countryName: { + readOnly: true, + serializedName: "countryName", + type: { + name: "String" + } + }, + latitude: { + readOnly: true, + serializedName: "latitude", + type: { + name: "Number" + } + }, + longitude: { + readOnly: true, + serializedName: "longitude", + type: { + name: "Number" + } + }, + state: { + readOnly: true, + serializedName: "state", + type: { + name: "String" + } + } + } + } +}; + +export const HostEntity: msRest.CompositeMapper = { + serializedName: "Host", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "HostEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + azureID: { + readOnly: true, + serializedName: "properties.azureID", + type: { + name: "String" + } + }, + dnsDomain: { + readOnly: true, + serializedName: "properties.dnsDomain", + type: { + name: "String" + } + }, + hostName: { + readOnly: true, + serializedName: "properties.hostName", + type: { + name: "String" + } + }, + isDomainJoined: { + readOnly: true, + serializedName: "properties.isDomainJoined", + type: { + name: "Boolean" + } + }, + netBiosName: { + readOnly: true, + serializedName: "properties.netBiosName", + type: { + name: "String" + } + }, + ntDomain: { + readOnly: true, + serializedName: "properties.ntDomain", + type: { + name: "String" + } + }, + omsAgentID: { + readOnly: true, + serializedName: "properties.omsAgentID", + type: { + name: "String" + } + }, + osFamily: { + serializedName: "properties.osFamily", + type: { + name: "Enum", + allowedValues: [ + "Linux", + "Windows", + "Android", + "IOS", + "Unknown" + ] + } + }, + osVersion: { + readOnly: true, + serializedName: "properties.osVersion", + type: { + name: "String" + } + } + } + } +}; + +export const UserInfo: msRest.CompositeMapper = { + serializedName: "UserInfo", + type: { + name: "Composite", + className: "UserInfo", + modelProperties: { + email: { + readOnly: true, + serializedName: "email", + type: { + name: "String" + } + }, + name: { + readOnly: true, + serializedName: "name", + type: { + name: "String" + } + }, + objectId: { + nullable: true, + serializedName: "objectId", + type: { + name: "Uuid" + } + } + } + } +}; + +export const IncidentInfo: msRest.CompositeMapper = { + serializedName: "IncidentInfo", + type: { + name: "Composite", + className: "IncidentInfo", + modelProperties: { + incidentId: { + serializedName: "incidentId", + type: { + name: "String" + } + }, + severity: { + serializedName: "severity", + type: { + name: "String" + } + }, + title: { + serializedName: "title", + type: { + name: "String" + } + }, + relationName: { + serializedName: "relationName", + type: { + name: "String" + } + } + } + } +}; + +export const HuntingBookmark: msRest.CompositeMapper = { + serializedName: "Bookmark", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "HuntingBookmark", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + created: { + serializedName: "properties.created", + type: { + name: "DateTime" + } + }, + createdBy: { + serializedName: "properties.createdBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + displayName: { + required: true, + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + eventTime: { + serializedName: "properties.eventTime", + type: { + name: "DateTime" + } + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + notes: { + serializedName: "properties.notes", + type: { + name: "String" + } + }, + query: { + required: true, + serializedName: "properties.query", + type: { + name: "String" + } + }, + queryResult: { + serializedName: "properties.queryResult", + type: { + name: "String" + } + }, + updated: { + serializedName: "properties.updated", + type: { + name: "DateTime" + } + }, + updatedBy: { + serializedName: "properties.updatedBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + incidentInfo: { + serializedName: "properties.incidentInfo", + type: { + name: "Composite", + className: "IncidentInfo" + } + } + } + } +}; + +export const IncidentAdditionalData: msRest.CompositeMapper = { + serializedName: "IncidentAdditionalData", + type: { + name: "Composite", + className: "IncidentAdditionalData", + modelProperties: { + alertsCount: { + readOnly: true, + serializedName: "alertsCount", + type: { + name: "Number" + } + }, + bookmarksCount: { + readOnly: true, + serializedName: "bookmarksCount", + type: { + name: "Number" + } + }, + commentsCount: { + readOnly: true, + serializedName: "commentsCount", + type: { + name: "Number" + } + }, + alertProductNames: { + readOnly: true, + serializedName: "alertProductNames", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + tactics: { + readOnly: true, + serializedName: "tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const IncidentLabel: msRest.CompositeMapper = { + serializedName: "IncidentLabel", + type: { + name: "Composite", + className: "IncidentLabel", + modelProperties: { + labelName: { + required: true, + serializedName: "labelName", + type: { + name: "String" + } + }, + labelType: { + readOnly: true, + serializedName: "labelType", + type: { + name: "String" + } + } + } + } +}; + +export const IncidentOwnerInfo: msRest.CompositeMapper = { + serializedName: "IncidentOwnerInfo", + type: { + name: "Composite", + className: "IncidentOwnerInfo", + modelProperties: { + email: { + serializedName: "email", + type: { + name: "String" + } + }, + assignedTo: { + serializedName: "assignedTo", + type: { + name: "String" + } + }, + objectId: { + serializedName: "objectId", + type: { + name: "Uuid" + } + }, + userPrincipalName: { + serializedName: "userPrincipalName", + type: { + name: "String" + } + } + } + } +}; + +export const Resource: msRest.CompositeMapper = { + serializedName: "Resource", + type: { + name: "Composite", + className: "Resource", + modelProperties: { + id: { + readOnly: true, + serializedName: "id", + type: { + name: "String" + } + }, + name: { + readOnly: true, + serializedName: "name", + type: { + name: "String" + } + }, + type: { + readOnly: true, + serializedName: "type", + type: { + name: "String" + } + }, + systemData: { + readOnly: true, + serializedName: "systemData", + type: { + name: "Composite", + className: "SystemData" + } + } + } + } +}; + +export const ResourceWithEtag: msRest.CompositeMapper = { + serializedName: "ResourceWithEtag", + type: { + name: "Composite", + className: "ResourceWithEtag", + modelProperties: { + ...Resource.type.modelProperties, + etag: { + serializedName: "etag", + type: { + name: "String" + } + } + } + } +}; + +export const Incident: msRest.CompositeMapper = { + serializedName: "Incident", + type: { + name: "Composite", + className: "Incident", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Composite", + className: "IncidentAdditionalData" + } + }, + classification: { + serializedName: "properties.classification", + type: { + name: "String" + } + }, + classificationComment: { + serializedName: "properties.classificationComment", + type: { + name: "String" + } + }, + classificationReason: { + serializedName: "properties.classificationReason", + type: { + name: "String" + } + }, + createdTimeUtc: { + readOnly: true, + serializedName: "properties.createdTimeUtc", + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + firstActivityTimeUtc: { + serializedName: "properties.firstActivityTimeUtc", + type: { + name: "DateTime" + } + }, + incidentUrl: { + readOnly: true, + serializedName: "properties.incidentUrl", + type: { + name: "String" + } + }, + incidentNumber: { + readOnly: true, + serializedName: "properties.incidentNumber", + type: { + name: "Number" + } + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentLabel" + } + } + } + }, + lastActivityTimeUtc: { + serializedName: "properties.lastActivityTimeUtc", + type: { + name: "DateTime" + } + }, + lastModifiedTimeUtc: { + readOnly: true, + serializedName: "properties.lastModifiedTimeUtc", + type: { + name: "DateTime" + } + }, + owner: { + serializedName: "properties.owner", + type: { + name: "Composite", + className: "IncidentOwnerInfo" + } + }, + relatedAnalyticRuleIds: { + readOnly: true, + serializedName: "properties.relatedAnalyticRuleIds", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + severity: { + required: true, + serializedName: "properties.severity", + type: { + name: "String" + } + }, + status: { + required: true, + serializedName: "properties.status", + type: { + name: "String" + } + }, + title: { + required: true, + serializedName: "properties.title", + type: { + name: "String" + } + } + } + } +}; + +export const SecurityAlertPropertiesConfidenceReasonsItem: msRest.CompositeMapper = { + serializedName: "SecurityAlertProperties_confidenceReasonsItem", + type: { + name: "Composite", + className: "SecurityAlertPropertiesConfidenceReasonsItem", + modelProperties: { + reason: { + readOnly: true, + serializedName: "reason", + type: { + name: "String" + } + }, + reasonType: { + readOnly: true, + serializedName: "reasonType", + type: { + name: "String" + } + } + } + } +}; + +export const SecurityAlert: msRest.CompositeMapper = { + serializedName: "SecurityAlert", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "SecurityAlert", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + alertDisplayName: { + readOnly: true, + serializedName: "properties.alertDisplayName", + type: { + name: "String" + } + }, + alertType: { + readOnly: true, + serializedName: "properties.alertType", + type: { + name: "String" + } + }, + compromisedEntity: { + readOnly: true, + serializedName: "properties.compromisedEntity", + type: { + name: "String" + } + }, + confidenceLevel: { + readOnly: true, + serializedName: "properties.confidenceLevel", + type: { + name: "String" + } + }, + confidenceReasons: { + readOnly: true, + serializedName: "properties.confidenceReasons", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SecurityAlertPropertiesConfidenceReasonsItem" + } + } + } + }, + confidenceScore: { + readOnly: true, + serializedName: "properties.confidenceScore", + type: { + name: "Number" + } + }, + confidenceScoreStatus: { + readOnly: true, + serializedName: "properties.confidenceScoreStatus", + type: { + name: "String" + } + }, + description: { + readOnly: true, + serializedName: "properties.description", + type: { + name: "String" + } + }, + endTimeUtc: { + readOnly: true, + serializedName: "properties.endTimeUtc", + type: { + name: "DateTime" + } + }, + intent: { + readOnly: true, + serializedName: "properties.intent", + type: { + name: "String" + } + }, + providerAlertId: { + readOnly: true, + serializedName: "properties.providerAlertId", + type: { + name: "String" + } + }, + processingEndTime: { + readOnly: true, + serializedName: "properties.processingEndTime", + type: { + name: "DateTime" + } + }, + productComponentName: { + readOnly: true, + serializedName: "properties.productComponentName", + type: { + name: "String" + } + }, + productName: { + readOnly: true, + serializedName: "properties.productName", + type: { + name: "String" + } + }, + productVersion: { + readOnly: true, + serializedName: "properties.productVersion", + type: { + name: "String" + } + }, + remediationSteps: { + readOnly: true, + serializedName: "properties.remediationSteps", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + startTimeUtc: { + readOnly: true, + serializedName: "properties.startTimeUtc", + type: { + name: "DateTime" + } + }, + status: { + readOnly: true, + serializedName: "properties.status", + type: { + name: "String" + } + }, + systemAlertId: { + readOnly: true, + serializedName: "properties.systemAlertId", + type: { + name: "String" + } + }, + tactics: { + readOnly: true, + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + timeGenerated: { + readOnly: true, + serializedName: "properties.timeGenerated", + type: { + name: "DateTime" + } + }, + vendorName: { + readOnly: true, + serializedName: "properties.vendorName", + type: { + name: "String" + } + }, + alertLink: { + readOnly: true, + serializedName: "properties.alertLink", + type: { + name: "String" + } + }, + resourceIdentifiers: { + readOnly: true, + serializedName: "properties.resourceIdentifiers", + type: { + name: "Sequence", + element: { + type: { + name: "Object" + } + } + } + } + } + } +}; + +export const IncidentAlertList: msRest.CompositeMapper = { + serializedName: "IncidentAlertList", + type: { + name: "Composite", + className: "IncidentAlertList", + modelProperties: { + value: { + required: true, + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SecurityAlert" + } + } + } + } + } + } +}; + +export const IncidentBookmarkList: msRest.CompositeMapper = { + serializedName: "IncidentBookmarkList", + type: { + name: "Composite", + className: "IncidentBookmarkList", + modelProperties: { + value: { + required: true, + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "HuntingBookmark" + } + } + } + } + } + } +}; + +export const IncidentComment: msRest.CompositeMapper = { + serializedName: "IncidentComment", + type: { + name: "Composite", + className: "IncidentComment", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + createdTimeUtc: { + readOnly: true, + serializedName: "properties.createdTimeUtc", + type: { + name: "DateTime" + } + }, + lastModifiedTimeUtc: { + readOnly: true, + serializedName: "properties.lastModifiedTimeUtc", + type: { + name: "DateTime" + } + }, + message: { + required: true, + serializedName: "properties.message", + type: { + name: "String" + } + }, + author: { + readOnly: true, + serializedName: "properties.author", + type: { + name: "Composite", + className: "ClientInfo" + } + } + } + } +}; + +export const IncidentEntitiesResultsMetadata: msRest.CompositeMapper = { + serializedName: "IncidentEntitiesResultsMetadata", + type: { + name: "Composite", + className: "IncidentEntitiesResultsMetadata", + modelProperties: { + count: { + required: true, + serializedName: "count", + type: { + name: "Number" + } + }, + entityKind: { + required: true, + serializedName: "entityKind", + type: { + name: "String" + } + } + } + } +}; + +export const IncidentEntitiesResponse: msRest.CompositeMapper = { + serializedName: "IncidentEntitiesResponse", + type: { + name: "Composite", + className: "IncidentEntitiesResponse", + modelProperties: { + entities: { + serializedName: "entities", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Entity" + } + } + } + }, + metaData: { + serializedName: "metaData", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentEntitiesResultsMetadata" + } + } + } + } + } + } +}; + +export const ThreatIntelligence: msRest.CompositeMapper = { + serializedName: "ThreatIntelligence", + type: { + name: "Composite", + className: "ThreatIntelligence", + modelProperties: { + confidence: { + readOnly: true, + serializedName: "confidence", + type: { + name: "Number" + } + }, + providerName: { + readOnly: true, + serializedName: "providerName", + type: { + name: "String" + } + }, + reportLink: { + readOnly: true, + serializedName: "reportLink", + type: { + name: "String" + } + }, + threatDescription: { + readOnly: true, + serializedName: "threatDescription", + type: { + name: "String" + } + }, + threatName: { + readOnly: true, + serializedName: "threatName", + type: { + name: "String" + } + }, + threatType: { + readOnly: true, + serializedName: "threatType", + type: { + name: "String" + } + } + } + } +}; + +export const IoTDeviceEntity: msRest.CompositeMapper = { + serializedName: "IoTDevice", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "IoTDeviceEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + deviceId: { + readOnly: true, + serializedName: "properties.deviceId", + type: { + name: "String" + } + }, + deviceName: { + readOnly: true, + serializedName: "properties.deviceName", + type: { + name: "String" + } + }, + source: { + readOnly: true, + serializedName: "properties.source", + type: { + name: "String" + } + }, + iotSecurityAgentId: { + readOnly: true, + serializedName: "properties.iotSecurityAgentId", + type: { + name: "Uuid" + } + }, + deviceType: { + readOnly: true, + serializedName: "properties.deviceType", + type: { + name: "String" + } + }, + vendor: { + readOnly: true, + serializedName: "properties.vendor", + type: { + name: "String" + } + }, + edgeId: { + readOnly: true, + serializedName: "properties.edgeId", + type: { + name: "String" + } + }, + macAddress: { + readOnly: true, + serializedName: "properties.macAddress", + type: { + name: "String" + } + }, + model: { + readOnly: true, + serializedName: "properties.model", + type: { + name: "String" + } + }, + serialNumber: { + readOnly: true, + serializedName: "properties.serialNumber", + type: { + name: "String" + } + }, + firmwareVersion: { + readOnly: true, + serializedName: "properties.firmwareVersion", + type: { + name: "String" + } + }, + operatingSystem: { + readOnly: true, + serializedName: "properties.operatingSystem", + type: { + name: "String" + } + }, + iotHubEntityId: { + readOnly: true, + serializedName: "properties.iotHubEntityId", + type: { + name: "String" + } + }, + hostEntityId: { + readOnly: true, + serializedName: "properties.hostEntityId", + type: { + name: "String" + } + }, + ipAddressEntityId: { + readOnly: true, + serializedName: "properties.ipAddressEntityId", + type: { + name: "String" + } + }, + threatIntelligence: { + readOnly: true, + serializedName: "properties.threatIntelligence", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligence" + } + } + } + }, + protocols: { + readOnly: true, + serializedName: "properties.protocols", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const IpEntity: msRest.CompositeMapper = { + serializedName: "Ip", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "IpEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + address: { + readOnly: true, + serializedName: "properties.address", + type: { + name: "String" + } + }, + location: { + serializedName: "properties.location", + type: { + name: "Composite", + className: "GeoLocation" + } + }, + threatIntelligence: { + readOnly: true, + serializedName: "properties.threatIntelligence", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligence" + } + } + } + } + } + } +}; + +export const MailboxEntity: msRest.CompositeMapper = { + serializedName: "Mailbox", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "MailboxEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + mailboxPrimaryAddress: { + readOnly: true, + serializedName: "properties.mailboxPrimaryAddress", + type: { + name: "String" + } + }, + displayName: { + readOnly: true, + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + upn: { + readOnly: true, + serializedName: "properties.upn", + type: { + name: "String" + } + }, + externalDirectoryObjectId: { + readOnly: true, + serializedName: "properties.externalDirectoryObjectId", + type: { + name: "Uuid" + } + } + } + } +}; + +export const MailClusterEntity: msRest.CompositeMapper = { + serializedName: "MailCluster", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "MailClusterEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + networkMessageIds: { + readOnly: true, + serializedName: "properties.networkMessageIds", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + countByDeliveryStatus: { + readOnly: true, + serializedName: "properties.countByDeliveryStatus", + type: { + name: "Object" + } + }, + countByThreatType: { + readOnly: true, + serializedName: "properties.countByThreatType", + type: { + name: "Object" + } + }, + countByProtectionStatus: { + readOnly: true, + serializedName: "properties.countByProtectionStatus", + type: { + name: "Object" + } + }, + threats: { + readOnly: true, + serializedName: "properties.threats", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + query: { + readOnly: true, + serializedName: "properties.query", + type: { + name: "String" + } + }, + queryTime: { + readOnly: true, + serializedName: "properties.queryTime", + type: { + name: "DateTime" + } + }, + mailCount: { + readOnly: true, + serializedName: "properties.mailCount", + type: { + name: "Number" + } + }, + isVolumeAnomaly: { + readOnly: true, + serializedName: "properties.isVolumeAnomaly", + type: { + name: "Boolean" + } + }, + source: { + readOnly: true, + serializedName: "properties.source", + type: { + name: "String" + } + }, + clusterSourceIdentifier: { + readOnly: true, + serializedName: "properties.clusterSourceIdentifier", + type: { + name: "String" + } + }, + clusterSourceType: { + readOnly: true, + serializedName: "properties.clusterSourceType", + type: { + name: "String" + } + }, + clusterQueryStartTime: { + readOnly: true, + serializedName: "properties.clusterQueryStartTime", + type: { + name: "DateTime" + } + }, + clusterQueryEndTime: { + readOnly: true, + serializedName: "properties.clusterQueryEndTime", + type: { + name: "DateTime" + } + }, + clusterGroup: { + readOnly: true, + serializedName: "properties.clusterGroup", + type: { + name: "String" + } + } + } + } +}; + +export const MailMessageEntity: msRest.CompositeMapper = { + serializedName: "MailMessage", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "MailMessageEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + fileEntityIds: { + readOnly: true, + serializedName: "properties.fileEntityIds", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + recipient: { + readOnly: true, + serializedName: "properties.recipient", + type: { + name: "String" + } + }, + urls: { + readOnly: true, + serializedName: "properties.urls", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + threats: { + readOnly: true, + serializedName: "properties.threats", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + p1Sender: { + readOnly: true, + serializedName: "properties.p1Sender", + type: { + name: "String" + } + }, + p1SenderDisplayName: { + readOnly: true, + serializedName: "properties.p1SenderDisplayName", + type: { + name: "String" + } + }, + p1SenderDomain: { + readOnly: true, + serializedName: "properties.p1SenderDomain", + type: { + name: "String" + } + }, + senderIP: { + readOnly: true, + serializedName: "properties.senderIP", + type: { + name: "String" + } + }, + p2Sender: { + readOnly: true, + serializedName: "properties.p2Sender", + type: { + name: "String" + } + }, + p2SenderDisplayName: { + readOnly: true, + serializedName: "properties.p2SenderDisplayName", + type: { + name: "String" + } + }, + p2SenderDomain: { + readOnly: true, + serializedName: "properties.p2SenderDomain", + type: { + name: "String" + } + }, + receiveDate: { + readOnly: true, + serializedName: "properties.receiveDate", + type: { + name: "DateTime" + } + }, + networkMessageId: { + readOnly: true, + serializedName: "properties.networkMessageId", + type: { + name: "Uuid" + } + }, + internetMessageId: { + readOnly: true, + serializedName: "properties.internetMessageId", + type: { + name: "String" + } + }, + subject: { + readOnly: true, + serializedName: "properties.subject", + type: { + name: "String" + } + }, + language: { + readOnly: true, + serializedName: "properties.language", + type: { + name: "String" + } + }, + threatDetectionMethods: { + readOnly: true, + serializedName: "properties.threatDetectionMethods", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + bodyFingerprintBin1: { + serializedName: "properties.bodyFingerprintBin1", + type: { + name: "Number" + } + }, + bodyFingerprintBin2: { + serializedName: "properties.bodyFingerprintBin2", + type: { + name: "Number" + } + }, + bodyFingerprintBin3: { + serializedName: "properties.bodyFingerprintBin3", + type: { + name: "Number" + } + }, + bodyFingerprintBin4: { + serializedName: "properties.bodyFingerprintBin4", + type: { + name: "Number" + } + }, + bodyFingerprintBin5: { + serializedName: "properties.bodyFingerprintBin5", + type: { + name: "Number" + } + }, + antispamDirection: { + serializedName: "properties.antispamDirection", + type: { + name: "String" + } + }, + deliveryAction: { + serializedName: "properties.deliveryAction", + type: { + name: "Enum", + allowedValues: [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ] + } + }, + deliveryLocation: { + serializedName: "properties.deliveryLocation", + type: { + name: "Enum", + allowedValues: [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ] + } + } + } + } +}; + +export const MalwareEntity: msRest.CompositeMapper = { + serializedName: "Malware", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "MalwareEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + category: { + readOnly: true, + serializedName: "properties.category", + type: { + name: "String" + } + }, + fileEntityIds: { + readOnly: true, + serializedName: "properties.fileEntityIds", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + malwareName: { + readOnly: true, + serializedName: "properties.malwareName", + type: { + name: "String" + } + }, + processEntityIds: { + readOnly: true, + serializedName: "properties.processEntityIds", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ProcessEntity: msRest.CompositeMapper = { + serializedName: "Process", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "ProcessEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + accountEntityId: { + readOnly: true, + serializedName: "properties.accountEntityId", + type: { + name: "String" + } + }, + commandLine: { + readOnly: true, + serializedName: "properties.commandLine", + type: { + name: "String" + } + }, + creationTimeUtc: { + readOnly: true, + serializedName: "properties.creationTimeUtc", + type: { + name: "DateTime" + } + }, + elevationToken: { + serializedName: "properties.elevationToken", + type: { + name: "Enum", + allowedValues: [ + "Default", + "Full", + "Limited" + ] + } + }, + hostEntityId: { + readOnly: true, + serializedName: "properties.hostEntityId", + type: { + name: "String" + } + }, + hostLogonSessionEntityId: { + readOnly: true, + serializedName: "properties.hostLogonSessionEntityId", + type: { + name: "String" + } + }, + imageFileEntityId: { + readOnly: true, + serializedName: "properties.imageFileEntityId", + type: { + name: "String" + } + }, + parentProcessEntityId: { + readOnly: true, + serializedName: "properties.parentProcessEntityId", + type: { + name: "String" + } + }, + processId: { + readOnly: true, + serializedName: "properties.processId", + type: { + name: "String" + } + } + } + } +}; + +export const RegistryKeyEntity: msRest.CompositeMapper = { + serializedName: "RegistryKey", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "RegistryKeyEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + hive: { + readOnly: true, + serializedName: "properties.hive", + type: { + name: "String" + } + }, + key: { + readOnly: true, + serializedName: "properties.key", + type: { + name: "String" + } + } + } + } +}; + +export const RegistryValueEntity: msRest.CompositeMapper = { + serializedName: "RegistryValue", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "RegistryValueEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + keyEntityId: { + readOnly: true, + serializedName: "properties.keyEntityId", + type: { + name: "String" + } + }, + valueData: { + readOnly: true, + serializedName: "properties.valueData", + type: { + name: "String" + } + }, + valueName: { + readOnly: true, + serializedName: "properties.valueName", + type: { + name: "String" + } + }, + valueType: { + readOnly: true, + serializedName: "properties.valueType", + type: { + name: "String" + } + } + } + } +}; + +export const Relation: msRest.CompositeMapper = { + serializedName: "Relation", + type: { + name: "Composite", + className: "Relation", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + relatedResourceId: { + required: true, + serializedName: "properties.relatedResourceId", + type: { + name: "String" + } + }, + relatedResourceName: { + readOnly: true, + serializedName: "properties.relatedResourceName", + type: { + name: "String" + } + }, + relatedResourceType: { + readOnly: true, + serializedName: "properties.relatedResourceType", + type: { + name: "String" + } + }, + relatedResourceKind: { + readOnly: true, + serializedName: "properties.relatedResourceKind", + type: { + name: "String" + } + } + } + } +}; + +export const SecurityGroupEntity: msRest.CompositeMapper = { + serializedName: "SecurityGroup", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "SecurityGroupEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + distinguishedName: { + readOnly: true, + serializedName: "properties.distinguishedName", + type: { + name: "String" + } + }, + objectGuid: { + readOnly: true, + serializedName: "properties.objectGuid", + type: { + name: "Uuid" + } + }, + sid: { + readOnly: true, + serializedName: "properties.sid", + type: { + name: "String" + } + } + } + } +}; + +export const SubmissionMailEntity: msRest.CompositeMapper = { + serializedName: "SubmissionMail", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "SubmissionMailEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + networkMessageId: { + readOnly: true, + serializedName: "properties.networkMessageId", + type: { + name: "Uuid" + } + }, + submissionId: { + readOnly: true, + serializedName: "properties.submissionId", + type: { + name: "Uuid" + } + }, + submitter: { + readOnly: true, + serializedName: "properties.submitter", + type: { + name: "String" + } + }, + submissionDate: { + readOnly: true, + serializedName: "properties.submissionDate", + type: { + name: "DateTime" + } + }, + timestamp: { + readOnly: true, + serializedName: "properties.timestamp", + type: { + name: "DateTime" + } + }, + recipient: { + readOnly: true, + serializedName: "properties.recipient", + type: { + name: "String" + } + }, + sender: { + readOnly: true, + serializedName: "properties.sender", + type: { + name: "String" + } + }, + senderIp: { + readOnly: true, + serializedName: "properties.senderIp", + type: { + name: "String" + } + }, + subject: { + readOnly: true, + serializedName: "properties.subject", + type: { + name: "String" + } + }, + reportType: { + readOnly: true, + serializedName: "properties.reportType", + type: { + name: "String" + } + } + } + } +}; + +export const UrlEntity: msRest.CompositeMapper = { + serializedName: "Url", + type: { + name: "Composite", + polymorphicDiscriminator: Entity.type.polymorphicDiscriminator, + uberParent: "Entity", + className: "UrlEntity", + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + url: { + readOnly: true, + serializedName: "properties.url", + type: { + name: "String" + } + } + } + } +}; + +export const ProxyResource: msRest.CompositeMapper = { + serializedName: "ProxyResource", + type: { + name: "Composite", + className: "ProxyResource", + modelProperties: { + ...Resource.type.modelProperties + } + } +}; + +export const TrackedResource: msRest.CompositeMapper = { + serializedName: "TrackedResource", + type: { + name: "Composite", + className: "TrackedResource", + modelProperties: { + ...Resource.type.modelProperties, + tags: { + serializedName: "tags", + type: { + name: "Dictionary", + value: { + type: { + name: "String" + } + } + } + }, + location: { + required: true, + serializedName: "location", + type: { + name: "String" + } + } + } + } +}; + +export const AzureEntityResource: msRest.CompositeMapper = { + serializedName: "AzureEntityResource", + type: { + name: "Composite", + className: "AzureEntityResource", + modelProperties: { + ...Resource.type.modelProperties, + etag: { + readOnly: true, + serializedName: "etag", + type: { + name: "String" + } + } + } + } +}; + +export const ErrorAdditionalInfo: msRest.CompositeMapper = { + serializedName: "ErrorAdditionalInfo", + type: { + name: "Composite", + className: "ErrorAdditionalInfo", + modelProperties: { + type: { + readOnly: true, + serializedName: "type", + type: { + name: "String" + } + }, + info: { + readOnly: true, + serializedName: "info", + type: { + name: "Object" + } + } + } + } +}; + +export const ErrorDetail: msRest.CompositeMapper = { + serializedName: "ErrorDetail", + type: { + name: "Composite", + className: "ErrorDetail", + modelProperties: { + code: { + readOnly: true, + serializedName: "code", + type: { + name: "String" + } + }, + message: { + readOnly: true, + serializedName: "message", + type: { + name: "String" + } + }, + target: { + readOnly: true, + serializedName: "target", + type: { + name: "String" + } + }, + details: { + readOnly: true, + serializedName: "details", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ErrorDetail" + } + } + } + }, + additionalInfo: { + readOnly: true, + serializedName: "additionalInfo", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ErrorAdditionalInfo" + } + } + } + } + } + } +}; + +export const ErrorResponse: msRest.CompositeMapper = { + serializedName: "ErrorResponse", + type: { + name: "Composite", + className: "ErrorResponse", + modelProperties: { + error: { + serializedName: "error", + type: { + name: "Composite", + className: "ErrorDetail" + } + } + } + } +}; + +export const ThreatIntelligenceInformation: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceInformation", + type: { + name: "Composite", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + uberParent: "ThreatIntelligenceInformation", + className: "ThreatIntelligenceInformation", + modelProperties: { + etag: { + serializedName: "etag", + type: { + name: "String" + } + }, + kind: { + required: true, + serializedName: "kind", + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceKillChainPhase: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceKillChainPhase", + type: { + name: "Composite", + className: "ThreatIntelligenceKillChainPhase", + modelProperties: { + killChainName: { + serializedName: "killChainName", + type: { + name: "String" + } + }, + phaseName: { + serializedName: "phaseName", + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceParsedPatternTypeValue: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceParsedPatternTypeValue", + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPatternTypeValue", + modelProperties: { + valueType: { + serializedName: "valueType", + type: { + name: "String" + } + }, + value: { + serializedName: "value", + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceParsedPattern: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceParsedPattern", + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPattern", + modelProperties: { + patternTypeKey: { + serializedName: "patternTypeKey", + type: { + name: "String" + } + }, + patternTypeValues: { + serializedName: "patternTypeValues", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPatternTypeValue" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceExternalReference: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceExternalReference", + type: { + name: "Composite", + className: "ThreatIntelligenceExternalReference", + modelProperties: { + description: { + serializedName: "description", + type: { + name: "String" + } + }, + externalId: { + serializedName: "externalId", + type: { + name: "String" + } + }, + sourceName: { + serializedName: "sourceName", + type: { + name: "String" + } + }, + url: { + serializedName: "url", + type: { + name: "String" + } + }, + hashes: { + serializedName: "hashes", + type: { + name: "Dictionary", + value: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceGranularMarkingModel: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceGranularMarkingModel", + type: { + name: "Composite", + className: "ThreatIntelligenceGranularMarkingModel", + modelProperties: { + language: { + serializedName: "language", + type: { + name: "String" + } + }, + markingRef: { + serializedName: "markingRef", + type: { + name: "Number" + } + }, + selectors: { + serializedName: "selectors", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceIndicatorModel: msRest.CompositeMapper = { + serializedName: "indicator", + type: { + name: "Composite", + polymorphicDiscriminator: ThreatIntelligenceInformation.type.polymorphicDiscriminator, + uberParent: "ThreatIntelligenceInformation", + className: "ThreatIntelligenceIndicatorModel", + modelProperties: { + ...ThreatIntelligenceInformation.type.modelProperties, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + threatIntelligenceTags: { + serializedName: "properties.threatIntelligenceTags", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + lastUpdatedTimeUtc: { + serializedName: "properties.lastUpdatedTimeUtc", + type: { + name: "String" + } + }, + source: { + serializedName: "properties.source", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + indicatorTypes: { + serializedName: "properties.indicatorTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + pattern: { + serializedName: "properties.pattern", + type: { + name: "String" + } + }, + patternType: { + serializedName: "properties.patternType", + type: { + name: "String" + } + }, + patternVersion: { + serializedName: "properties.patternVersion", + type: { + name: "String" + } + }, + killChainPhases: { + serializedName: "properties.killChainPhases", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceKillChainPhase" + } + } + } + }, + parsedPattern: { + serializedName: "properties.parsedPattern", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPattern" + } + } + } + }, + externalId: { + serializedName: "properties.externalId", + type: { + name: "String" + } + }, + createdByRef: { + serializedName: "properties.createdByRef", + type: { + name: "String" + } + }, + defanged: { + serializedName: "properties.defanged", + type: { + name: "Boolean" + } + }, + externalLastUpdatedTimeUtc: { + serializedName: "properties.externalLastUpdatedTimeUtc", + type: { + name: "String" + } + }, + externalReferences: { + serializedName: "properties.externalReferences", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceExternalReference" + } + } + } + }, + granularMarkings: { + serializedName: "properties.granularMarkings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceGranularMarkingModel" + } + } + } + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + revoked: { + serializedName: "properties.revoked", + type: { + name: "Boolean" + } + }, + confidence: { + serializedName: "properties.confidence", + type: { + name: "Number" + } + }, + objectMarkingRefs: { + serializedName: "properties.objectMarkingRefs", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + language: { + serializedName: "properties.language", + type: { + name: "String" + } + }, + threatTypes: { + serializedName: "properties.threatTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + validFrom: { + serializedName: "properties.validFrom", + type: { + name: "String" + } + }, + validUntil: { + serializedName: "properties.validUntil", + type: { + name: "String" + } + }, + created: { + serializedName: "properties.created", + type: { + name: "String" + } + }, + modified: { + serializedName: "properties.modified", + type: { + name: "String" + } + }, + extensions: { + serializedName: "properties.extensions", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceResourceKind: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceResourceKind", + type: { + name: "Composite", + className: "ThreatIntelligenceResourceKind", + modelProperties: { + kind: { + required: true, + isConstant: true, + serializedName: "kind", + defaultValue: 'indicator', + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceIndicatorModelForRequestBody: msRest.CompositeMapper = { + serializedName: "indicator", + type: { + name: "Composite", + className: "ThreatIntelligenceIndicatorModelForRequestBody", + modelProperties: { + ...ThreatIntelligenceResourceKind.type.modelProperties, + etag: { + serializedName: "etag", + type: { + name: "String" + } + }, + additionalData: { + readOnly: true, + serializedName: "properties.additionalData", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + }, + friendlyName: { + readOnly: true, + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + threatIntelligenceTags: { + serializedName: "properties.threatIntelligenceTags", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + lastUpdatedTimeUtc: { + serializedName: "properties.lastUpdatedTimeUtc", + type: { + name: "String" + } + }, + source: { + serializedName: "properties.source", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + indicatorTypes: { + serializedName: "properties.indicatorTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + pattern: { + serializedName: "properties.pattern", + type: { + name: "String" + } + }, + patternType: { + serializedName: "properties.patternType", + type: { + name: "String" + } + }, + patternVersion: { + serializedName: "properties.patternVersion", + type: { + name: "String" + } + }, + killChainPhases: { + serializedName: "properties.killChainPhases", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceKillChainPhase" + } + } + } + }, + parsedPattern: { + serializedName: "properties.parsedPattern", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPattern" + } + } + } + }, + externalId: { + serializedName: "properties.externalId", + type: { + name: "String" + } + }, + createdByRef: { + serializedName: "properties.createdByRef", + type: { + name: "String" + } + }, + defanged: { + serializedName: "properties.defanged", + type: { + name: "Boolean" + } + }, + externalLastUpdatedTimeUtc: { + serializedName: "properties.externalLastUpdatedTimeUtc", + type: { + name: "String" + } + }, + externalReferences: { + serializedName: "properties.externalReferences", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceExternalReference" + } + } + } + }, + granularMarkings: { + serializedName: "properties.granularMarkings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceGranularMarkingModel" + } + } + } + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + revoked: { + serializedName: "properties.revoked", + type: { + name: "Boolean" + } + }, + confidence: { + serializedName: "properties.confidence", + type: { + name: "Number" + } + }, + objectMarkingRefs: { + serializedName: "properties.objectMarkingRefs", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + language: { + serializedName: "properties.language", + type: { + name: "String" + } + }, + threatTypes: { + serializedName: "properties.threatTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + validFrom: { + serializedName: "properties.validFrom", + type: { + name: "String" + } + }, + validUntil: { + serializedName: "properties.validUntil", + type: { + name: "String" + } + }, + created: { + serializedName: "properties.created", + type: { + name: "String" + } + }, + modified: { + serializedName: "properties.modified", + type: { + name: "String" + } + }, + extensions: { + serializedName: "properties.extensions", + type: { + name: "Dictionary", + value: { + type: { + name: "Object" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceSortingCriteria: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceSortingCriteria", + type: { + name: "Composite", + className: "ThreatIntelligenceSortingCriteria", + modelProperties: { + itemKey: { + serializedName: "itemKey", + type: { + name: "String" + } + }, + sortOrder: { + serializedName: "sortOrder", + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceFilteringCriteria: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceFilteringCriteria", + type: { + name: "Composite", + className: "ThreatIntelligenceFilteringCriteria", + modelProperties: { + pageSize: { + serializedName: "pageSize", + type: { + name: "Number" + } + }, + minConfidence: { + serializedName: "minConfidence", + type: { + name: "Number" + } + }, + maxConfidence: { + serializedName: "maxConfidence", + type: { + name: "Number" + } + }, + minValidUntil: { + serializedName: "minValidUntil", + type: { + name: "String" + } + }, + maxValidUntil: { + serializedName: "maxValidUntil", + type: { + name: "String" + } + }, + includeDisabled: { + serializedName: "includeDisabled", + type: { + name: "Boolean" + } + }, + sortBy: { + serializedName: "sortBy", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceSortingCriteria" + } + } + } + }, + sources: { + serializedName: "sources", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + patternTypes: { + serializedName: "patternTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + threatTypes: { + serializedName: "threatTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + ids: { + serializedName: "ids", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + keywords: { + serializedName: "keywords", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + skipToken: { + serializedName: "skipToken", + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceAppendTags: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceAppendTags", + type: { + name: "Composite", + className: "ThreatIntelligenceAppendTags", + modelProperties: { + threatIntelligenceTags: { + serializedName: "threatIntelligenceTags", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceMetricEntity: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceMetricEntity", + type: { + name: "Composite", + className: "ThreatIntelligenceMetricEntity", + modelProperties: { + metricName: { + serializedName: "metricName", + type: { + name: "String" + } + }, + metricValue: { + serializedName: "metricValue", + type: { + name: "Number" + } + } + } + } +}; + +export const ThreatIntelligenceMetric: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceMetric", + type: { + name: "Composite", + className: "ThreatIntelligenceMetric", + modelProperties: { + lastUpdatedTimeUtc: { + serializedName: "lastUpdatedTimeUtc", + type: { + name: "String" + } + }, + threatTypeMetrics: { + serializedName: "threatTypeMetrics", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricEntity" + } + } + } + }, + patternTypeMetrics: { + serializedName: "patternTypeMetrics", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricEntity" + } + } + } + }, + sourceMetrics: { + serializedName: "sourceMetrics", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricEntity" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceMetrics: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceMetrics", + type: { + name: "Composite", + className: "ThreatIntelligenceMetrics", + modelProperties: { + properties: { + serializedName: "properties", + type: { + name: "Composite", + className: "ThreatIntelligenceMetric" + } + } + } + } +}; + +export const ThreatIntelligenceMetricsList: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceMetricsList", + type: { + name: "Composite", + className: "ThreatIntelligenceMetricsList", + modelProperties: { + value: { + required: true, + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetrics" + } + } + } + } + } + } +}; + +export const Watchlist: msRest.CompositeMapper = { + serializedName: "Watchlist", + type: { + name: "Composite", + className: "Watchlist", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + watchlistId: { + serializedName: "properties.watchlistId", + type: { + name: "String" + } + }, + displayName: { + required: true, + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + provider: { + required: true, + serializedName: "properties.provider", + type: { + name: "String" + } + }, + source: { + required: true, + serializedName: "properties.source", + type: { + name: "String" + } + }, + created: { + serializedName: "properties.created", + type: { + name: "DateTime" + } + }, + updated: { + serializedName: "properties.updated", + type: { + name: "DateTime" + } + }, + createdBy: { + serializedName: "properties.createdBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + updatedBy: { + serializedName: "properties.updatedBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + watchlistType: { + serializedName: "properties.watchlistType", + type: { + name: "String" + } + }, + watchlistAlias: { + serializedName: "properties.watchlistAlias", + type: { + name: "String" + } + }, + isDeleted: { + serializedName: "properties.isDeleted", + type: { + name: "Boolean" + } + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + defaultDuration: { + serializedName: "properties.defaultDuration", + type: { + name: "TimeSpan" + } + }, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + numberOfLinesToSkip: { + serializedName: "properties.numberOfLinesToSkip", + type: { + name: "Number" + } + }, + rawContent: { + serializedName: "properties.rawContent", + type: { + name: "String" + } + }, + itemsSearchKey: { + required: true, + serializedName: "properties.itemsSearchKey", + type: { + name: "String" + } + }, + contentType: { + serializedName: "properties.contentType", + type: { + name: "String" + } + }, + uploadStatus: { + serializedName: "properties.uploadStatus", + type: { + name: "String" + } + } + } + } +}; + +export const WatchlistItem: msRest.CompositeMapper = { + serializedName: "WatchlistItem", + type: { + name: "Composite", + className: "WatchlistItem", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + watchlistItemType: { + serializedName: "properties.watchlistItemType", + type: { + name: "String" + } + }, + watchlistItemId: { + serializedName: "properties.watchlistItemId", + type: { + name: "String" + } + }, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + isDeleted: { + serializedName: "properties.isDeleted", + type: { + name: "Boolean" + } + }, + created: { + serializedName: "properties.created", + type: { + name: "DateTime" + } + }, + updated: { + serializedName: "properties.updated", + type: { + name: "DateTime" + } + }, + createdBy: { + serializedName: "properties.createdBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + updatedBy: { + serializedName: "properties.updatedBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + itemsKeyValue: { + required: true, + serializedName: "properties.itemsKeyValue", + type: { + name: "Object" + } + }, + entityMapping: { + serializedName: "properties.entityMapping", + type: { + name: "Object" + } + } + } + } +}; + +export const OperationDisplay: msRest.CompositeMapper = { + serializedName: "Operation_display", + type: { + name: "Composite", + className: "OperationDisplay", + modelProperties: { + description: { + serializedName: "description", + type: { + name: "String" + } + }, + operation: { + serializedName: "operation", + type: { + name: "String" + } + }, + provider: { + serializedName: "provider", + type: { + name: "String" + } + }, + resource: { + serializedName: "resource", + type: { + name: "String" + } + } + } + } +}; + +export const Operation: msRest.CompositeMapper = { + serializedName: "Operation", + type: { + name: "Composite", + className: "Operation", + modelProperties: { + display: { + serializedName: "display", + type: { + name: "Composite", + className: "OperationDisplay" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + origin: { + serializedName: "origin", + type: { + name: "String" + } + } + } + } +}; + +export const ActionResponse: msRest.CompositeMapper = { + serializedName: "ActionResponse", + type: { + name: "Composite", + className: "ActionResponse", + modelProperties: { + ...Resource.type.modelProperties, + etag: { + serializedName: "etag", + type: { + name: "String" + } + }, + logicAppResourceId: { + required: true, + serializedName: "properties.logicAppResourceId", + type: { + name: "String" + } + }, + workflowId: { + serializedName: "properties.workflowId", + type: { + name: "String" + } + } + } + } +}; + +export const ActionRequest: msRest.CompositeMapper = { + serializedName: "ActionRequest", + type: { + name: "Composite", + className: "ActionRequest", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + logicAppResourceId: { + required: true, + serializedName: "properties.logicAppResourceId", + type: { + name: "String" + } + }, + triggerUri: { + required: true, + serializedName: "properties.triggerUri", + type: { + name: "String" + } + } + } + } +}; + +export const ActionPropertiesBase: msRest.CompositeMapper = { + serializedName: "ActionPropertiesBase", + type: { + name: "Composite", + className: "ActionPropertiesBase", + modelProperties: { + logicAppResourceId: { + required: true, + serializedName: "logicAppResourceId", + type: { + name: "String" + } + } + } + } +}; + +export const AlertRule: msRest.CompositeMapper = { + serializedName: "AlertRule", + type: { + name: "Composite", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + uberParent: "AlertRule", + className: "AlertRule", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + kind: { + required: true, + serializedName: "kind", + type: { + name: "String" + } + } + } + } +}; + +export const AlertRuleTemplate: msRest.CompositeMapper = { + serializedName: "AlertRuleTemplate", + type: { + name: "Composite", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + uberParent: "AlertRuleTemplate", + className: "AlertRuleTemplate", + modelProperties: { + ...Resource.type.modelProperties, + kind: { + required: true, + serializedName: "kind", + type: { + name: "String" + } + } + } + } +}; + +export const AlertRuleTemplateDataSource: msRest.CompositeMapper = { + serializedName: "AlertRuleTemplateDataSource", + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource", + modelProperties: { + connectorId: { + serializedName: "connectorId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const FusionAlertRule: msRest.CompositeMapper = { + serializedName: "Fusion", + type: { + name: "Composite", + polymorphicDiscriminator: AlertRule.type.polymorphicDiscriminator, + uberParent: "AlertRule", + className: "FusionAlertRule", + modelProperties: { + ...AlertRule.type.modelProperties, + alertRuleTemplateName: { + required: true, + serializedName: "properties.alertRuleTemplateName", + type: { + name: "String" + } + }, + description: { + readOnly: true, + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + readOnly: true, + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + enabled: { + required: true, + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + readOnly: true, + serializedName: "properties.lastModifiedUtc", + type: { + name: "DateTime" + } + }, + severity: { + readOnly: true, + serializedName: "properties.severity", + type: { + name: "String" + } + }, + tactics: { + readOnly: true, + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const FusionAlertRuleTemplate: msRest.CompositeMapper = { + serializedName: "Fusion", + type: { + name: "Composite", + polymorphicDiscriminator: AlertRuleTemplate.type.polymorphicDiscriminator, + uberParent: "AlertRuleTemplate", + className: "FusionAlertRuleTemplate", + modelProperties: { + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", + type: { + name: "Number" + } + }, + createdDateUTC: { + readOnly: true, + serializedName: "properties.createdDateUTC", + type: { + name: "DateTime" + } + }, + lastUpdatedDateUTC: { + readOnly: true, + serializedName: "properties.lastUpdatedDateUTC", + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } + } + }, + status: { + serializedName: "properties.status", + type: { + name: "String" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const MicrosoftSecurityIncidentCreationAlertRule: msRest.CompositeMapper = { + serializedName: "MicrosoftSecurityIncidentCreation", + type: { + name: "Composite", + polymorphicDiscriminator: AlertRule.type.polymorphicDiscriminator, + uberParent: "AlertRule", + className: "MicrosoftSecurityIncidentCreationAlertRule", + modelProperties: { + ...AlertRule.type.modelProperties, + displayNamesFilter: { + serializedName: "properties.displayNamesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + displayNamesExcludeFilter: { + serializedName: "properties.displayNamesExcludeFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + productFilter: { + required: true, + serializedName: "properties.productFilter", + type: { + name: "String" + } + }, + severitiesFilter: { + serializedName: "properties.severitiesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + required: true, + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + enabled: { + required: true, + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + readOnly: true, + serializedName: "properties.lastModifiedUtc", + type: { + name: "DateTime" + } + } + } + } +}; + +export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: msRest.CompositeMapper = { + serializedName: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", + type: { + name: "Composite", + className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", + modelProperties: { + displayNamesFilter: { + serializedName: "displayNamesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + displayNamesExcludeFilter: { + serializedName: "displayNamesExcludeFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + productFilter: { + required: true, + serializedName: "productFilter", + type: { + name: "String" + } + }, + severitiesFilter: { + serializedName: "severitiesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const MicrosoftSecurityIncidentCreationAlertRuleTemplate: msRest.CompositeMapper = { + serializedName: "MicrosoftSecurityIncidentCreation", + type: { + name: "Composite", + polymorphicDiscriminator: AlertRuleTemplate.type.polymorphicDiscriminator, + uberParent: "AlertRuleTemplate", + className: "MicrosoftSecurityIncidentCreationAlertRuleTemplate", + modelProperties: { + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", + type: { + name: "Number" + } + }, + createdDateUTC: { + readOnly: true, + serializedName: "properties.createdDateUTC", + type: { + name: "DateTime" + } + }, + lastUpdatedDateUTC: { + readOnly: true, + serializedName: "properties.lastUpdatedDateUTC", + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } + } + }, + status: { + serializedName: "properties.status", + type: { + name: "String" + } + }, + displayNamesFilter: { + serializedName: "properties.displayNamesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + displayNamesExcludeFilter: { + serializedName: "properties.displayNamesExcludeFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + productFilter: { + required: true, + serializedName: "properties.productFilter", + type: { + name: "String" + } + }, + severitiesFilter: { + serializedName: "properties.severitiesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const GroupingConfiguration: msRest.CompositeMapper = { + serializedName: "GroupingConfiguration", + type: { + name: "Composite", + className: "GroupingConfiguration", + modelProperties: { + enabled: { + required: true, + serializedName: "enabled", + type: { + name: "Boolean" + } + }, + reopenClosedIncident: { + required: true, + serializedName: "reopenClosedIncident", + type: { + name: "Boolean" + } + }, + lookbackDuration: { + required: true, + serializedName: "lookbackDuration", + type: { + name: "TimeSpan" + } + }, + matchingMethod: { + required: true, + serializedName: "matchingMethod", + type: { + name: "String" + } + }, + groupByEntities: { + serializedName: "groupByEntities", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + groupByAlertDetails: { + serializedName: "groupByAlertDetails", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + groupByCustomDetails: { + serializedName: "groupByCustomDetails", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const IncidentConfiguration: msRest.CompositeMapper = { + serializedName: "IncidentConfiguration", + type: { + name: "Composite", + className: "IncidentConfiguration", + modelProperties: { + createIncident: { + required: true, + serializedName: "createIncident", + type: { + name: "Boolean" + } + }, + groupingConfiguration: { + serializedName: "groupingConfiguration", + type: { + name: "Composite", + className: "GroupingConfiguration" + } + } + } + } +}; + +export const ScheduledAlertRule: msRest.CompositeMapper = { + serializedName: "Scheduled", + type: { + name: "Composite", + polymorphicDiscriminator: AlertRule.type.polymorphicDiscriminator, + uberParent: "AlertRule", + className: "ScheduledAlertRule", + modelProperties: { + ...AlertRule.type.modelProperties, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, + queryFrequency: { + serializedName: "properties.queryFrequency", + type: { + name: "TimeSpan" + } + }, + queryPeriod: { + serializedName: "properties.queryPeriod", + type: { + name: "TimeSpan" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + triggerOperator: { + serializedName: "properties.triggerOperator", + type: { + name: "Enum", + allowedValues: [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ] + } + }, + triggerThreshold: { + serializedName: "properties.triggerThreshold", + type: { + name: "Number" + } + }, + eventGroupingSettings: { + serializedName: "properties.eventGroupingSettings", + type: { + name: "Composite", + className: "EventGroupingSettings" + } + }, + customDetails: { + serializedName: "properties.customDetails", + type: { + name: "Dictionary", + value: { + type: { + name: "String" + } + } + } + }, + entityMappings: { + serializedName: "properties.entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityMapping" + } + } + } + }, + alertDetailsOverride: { + serializedName: "properties.alertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride" + } + }, + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + required: true, + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + enabled: { + required: true, + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + readOnly: true, + serializedName: "properties.lastModifiedUtc", + type: { + name: "DateTime" + } + }, + suppressionDuration: { + required: true, + serializedName: "properties.suppressionDuration", + type: { + name: "TimeSpan" + } + }, + suppressionEnabled: { + required: true, + serializedName: "properties.suppressionEnabled", + type: { + name: "Boolean" + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + incidentConfiguration: { + serializedName: "properties.incidentConfiguration", + type: { + name: "Composite", + className: "IncidentConfiguration" + } + } + } + } +}; + +export const EventGroupingSettings: msRest.CompositeMapper = { + serializedName: "EventGroupingSettings", + type: { + name: "Composite", + className: "EventGroupingSettings", + modelProperties: { + aggregationKind: { + serializedName: "aggregationKind", + type: { + name: "String" + } + } + } + } +}; + +export const FieldMapping: msRest.CompositeMapper = { + serializedName: "FieldMapping", + type: { + name: "Composite", + className: "FieldMapping", + modelProperties: { + identifier: { + serializedName: "identifier", + type: { + name: "String" + } + }, + columnName: { + serializedName: "columnName", + type: { + name: "String" + } + } + } + } +}; + +export const EntityMapping: msRest.CompositeMapper = { + serializedName: "EntityMapping", + type: { + name: "Composite", + className: "EntityMapping", + modelProperties: { + entityType: { + serializedName: "entityType", + type: { + name: "String" + } + }, + fieldMappings: { + serializedName: "fieldMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FieldMapping" + } + } + } + } + } + } +}; + +export const AlertDetailsOverride: msRest.CompositeMapper = { + serializedName: "AlertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride", + modelProperties: { + alertDisplayNameFormat: { + serializedName: "alertDisplayNameFormat", + type: { + name: "String" + } + }, + alertDescriptionFormat: { + serializedName: "alertDescriptionFormat", + type: { + name: "String" + } + }, + alertTacticsColumnName: { + serializedName: "alertTacticsColumnName", + type: { + name: "String" + } + }, + alertSeverityColumnName: { + serializedName: "alertSeverityColumnName", + type: { + name: "String" + } + } + } + } +}; + +export const ScheduledAlertRuleCommonProperties: msRest.CompositeMapper = { + serializedName: "ScheduledAlertRuleCommonProperties", + type: { + name: "Composite", + className: "ScheduledAlertRuleCommonProperties", + modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + }, + queryFrequency: { + serializedName: "queryFrequency", + type: { + name: "TimeSpan" + } + }, + queryPeriod: { + serializedName: "queryPeriod", + type: { + name: "TimeSpan" + } + }, + severity: { + serializedName: "severity", + type: { + name: "String" + } + }, + triggerOperator: { + serializedName: "triggerOperator", + type: { + name: "Enum", + allowedValues: [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ] + } + }, + triggerThreshold: { + serializedName: "triggerThreshold", + type: { + name: "Number" + } + }, + eventGroupingSettings: { + serializedName: "eventGroupingSettings", + type: { + name: "Composite", + className: "EventGroupingSettings" + } + }, + customDetails: { + serializedName: "customDetails", + type: { + name: "Dictionary", + value: { + type: { + name: "String" + } + } + } + }, + entityMappings: { + serializedName: "entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityMapping" + } + } + } + }, + alertDetailsOverride: { + serializedName: "alertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride" + } + } + } + } +}; + +export const ScheduledAlertRuleTemplate: msRest.CompositeMapper = { + serializedName: "Scheduled", + type: { + name: "Composite", + polymorphicDiscriminator: AlertRuleTemplate.type.polymorphicDiscriminator, + uberParent: "AlertRuleTemplate", + className: "ScheduledAlertRuleTemplate", + modelProperties: { + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", + type: { + name: "Number" + } + }, + createdDateUTC: { + readOnly: true, + serializedName: "properties.createdDateUTC", + type: { + name: "DateTime" + } + }, + lastUpdatedDateUTC: { + readOnly: true, + serializedName: "properties.lastUpdatedDateUTC", + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } + } + }, + status: { + serializedName: "properties.status", + type: { + name: "String" + } + }, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, + queryFrequency: { + serializedName: "properties.queryFrequency", + type: { + name: "TimeSpan" + } + }, + queryPeriod: { + serializedName: "properties.queryPeriod", + type: { + name: "TimeSpan" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + triggerOperator: { + serializedName: "properties.triggerOperator", + type: { + name: "Enum", + allowedValues: [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ] + } + }, + triggerThreshold: { + serializedName: "properties.triggerThreshold", + type: { + name: "Number" + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + version: { + serializedName: "properties.version", + type: { + name: "String" + } + } + } + } +}; + +export const IncidentList: msRest.CompositeMapper = { + serializedName: "IncidentList", + type: { + name: "Composite", + className: "IncidentList", + modelProperties: { + nextLink: { + readOnly: true, + serializedName: "nextLink", + type: { + name: "String" + } + }, + value: { + required: true, + serializedName: "", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Incident" + } + } + } + } + } + } +}; + +export const IncidentCommentList: msRest.CompositeMapper = { + serializedName: "IncidentCommentList", + type: { + name: "Composite", + className: "IncidentCommentList", + modelProperties: { + nextLink: { + readOnly: true, + serializedName: "nextLink", + type: { + name: "String" + } + }, + value: { + required: true, + serializedName: "", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentComment" + } + } + } + } + } + } +}; + +export const RelationList: msRest.CompositeMapper = { + serializedName: "RelationList", + type: { + name: "Composite", + className: "RelationList", + modelProperties: { + nextLink: { + readOnly: true, + serializedName: "nextLink", + type: { + name: "String" + } + }, + value: { + required: true, + serializedName: "", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Relation" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceInformationList: msRest.CompositeMapper = { + serializedName: "ThreatIntelligenceInformationList", + type: { + name: "Composite", + className: "ThreatIntelligenceInformationList", + modelProperties: { + nextLink: { + readOnly: true, + serializedName: "nextLink", + type: { + name: "String" + } + }, + value: { + required: true, + serializedName: "", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceInformation" + } + } + } + } + } + } +}; + +export const WatchlistList: msRest.CompositeMapper = { + serializedName: "WatchlistList", + type: { + name: "Composite", + className: "WatchlistList", + modelProperties: { + nextLink: { + readOnly: true, + serializedName: "nextLink", + type: { + name: "String" + } + }, + value: { + required: true, + serializedName: "", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Watchlist" + } + } + } + } + } + } +}; + +export const WatchlistItemList: msRest.CompositeMapper = { + serializedName: "WatchlistItemList", + type: { + name: "Composite", + className: "WatchlistItemList", + modelProperties: { + nextLink: { + readOnly: true, + serializedName: "nextLink", + type: { + name: "String" + } + }, + value: { + required: true, + serializedName: "", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "WatchlistItem" + } + } + } + } + } + } +}; + +export const OperationsList: msRest.CompositeMapper = { + serializedName: "OperationsList", + type: { + name: "Composite", + className: "OperationsList", + modelProperties: { + nextLink: { + readOnly: true, + serializedName: "nextLink", + type: { + name: "String" + } + }, + value: { + required: true, + serializedName: "", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Operation" + } + } + } + } + } + } +}; + +export const AlertRulesList: msRest.CompositeMapper = { + serializedName: "AlertRulesList", + type: { + name: "Composite", + className: "AlertRulesList", + modelProperties: { + nextLink: { + readOnly: true, + serializedName: "nextLink", + type: { + name: "String" + } + }, + value: { + required: true, + serializedName: "", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRule" + } + } + } + } + } + } +}; + +export const ActionsList: msRest.CompositeMapper = { + serializedName: "ActionsList", + type: { + name: "Composite", + className: "ActionsList", + modelProperties: { + nextLink: { + readOnly: true, + serializedName: "nextLink", + type: { + name: "String" + } + }, + value: { + required: true, + serializedName: "", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ActionResponse" + } + } + } + } + } + } +}; + +export const AlertRuleTemplatesList: msRest.CompositeMapper = { + serializedName: "AlertRuleTemplatesList", + type: { + name: "Composite", + className: "AlertRuleTemplatesList", + modelProperties: { + nextLink: { + readOnly: true, + serializedName: "nextLink", + type: { + name: "String" + } + }, + value: { + required: true, + serializedName: "", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplate" + } + } + } + } + } + } +}; + +export const discriminators = { + 'Entity.Account' : AccountEntity, + 'Entity.AzureResource' : AzureResourceEntity, + 'Entity.CloudApplication' : CloudApplicationEntity, + 'Entity.DnsResolution' : DnsEntity, + 'Entity' : Entity, + 'Entity.File' : FileEntity, + 'Entity.FileHash' : FileHashEntity, + 'Entity.Host' : HostEntity, + 'Entity.Bookmark' : HuntingBookmark, + 'Entity.SecurityAlert' : SecurityAlert, + 'Entity.IoTDevice' : IoTDeviceEntity, + 'Entity.Ip' : IpEntity, + 'Entity.Mailbox' : MailboxEntity, + 'Entity.MailCluster' : MailClusterEntity, + 'Entity.MailMessage' : MailMessageEntity, + 'Entity.Malware' : MalwareEntity, + 'Entity.Process' : ProcessEntity, + 'Entity.RegistryKey' : RegistryKeyEntity, + 'Entity.RegistryValue' : RegistryValueEntity, + 'Entity.SecurityGroup' : SecurityGroupEntity, + 'Entity.SubmissionMail' : SubmissionMailEntity, + 'Entity.Url' : UrlEntity, + 'ThreatIntelligenceInformation' : ThreatIntelligenceInformation, + 'ThreatIntelligenceInformation.indicator' : ThreatIntelligenceIndicatorModel, + 'AlertRule' : AlertRule, + 'AlertRuleTemplate' : AlertRuleTemplate, + 'AlertRule.Fusion' : FusionAlertRule, + 'AlertRuleTemplate.Fusion' : FusionAlertRuleTemplate, + 'AlertRule.MicrosoftSecurityIncidentCreation' : MicrosoftSecurityIncidentCreationAlertRule, + 'AlertRuleTemplate.MicrosoftSecurityIncidentCreation' : MicrosoftSecurityIncidentCreationAlertRuleTemplate, + 'AlertRule.Scheduled' : ScheduledAlertRule, + 'AlertRuleTemplate.Scheduled' : ScheduledAlertRuleTemplate + +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/operationsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/operationsMappers.ts new file mode 100644 index 000000000000..001da350966e --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/operationsMappers.ts @@ -0,0 +1,17 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + Operation, + OperationDisplay, + OperationsList +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts new file mode 100644 index 000000000000..9888435fb740 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts @@ -0,0 +1,234 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; + +export const acceptLanguage: msRest.OperationParameter = { + parameterPath: "acceptLanguage", + mapper: { + serializedName: "accept-language", + defaultValue: 'en-US', + type: { + name: "String" + } + } +}; +export const actionId: msRest.OperationURLParameter = { + parameterPath: "actionId", + mapper: { + required: true, + serializedName: "actionId", + type: { + name: "String" + } + } +}; +export const alertRuleTemplateId: msRest.OperationURLParameter = { + parameterPath: "alertRuleTemplateId", + mapper: { + required: true, + serializedName: "alertRuleTemplateId", + type: { + name: "String" + } + } +}; +export const apiVersion: msRest.OperationQueryParameter = { + parameterPath: "apiVersion", + mapper: { + required: true, + serializedName: "api-version", + constraints: { + MinLength: 1 + }, + type: { + name: "String" + } + } +}; +export const filter: msRest.OperationQueryParameter = { + parameterPath: [ + "options", + "filter" + ], + mapper: { + serializedName: "$filter", + type: { + name: "String" + } + } +}; +export const incidentCommentId: msRest.OperationURLParameter = { + parameterPath: "incidentCommentId", + mapper: { + required: true, + serializedName: "incidentCommentId", + type: { + name: "String" + } + } +}; +export const incidentId: msRest.OperationURLParameter = { + parameterPath: "incidentId", + mapper: { + required: true, + serializedName: "incidentId", + type: { + name: "String" + } + } +}; +export const name: msRest.OperationURLParameter = { + parameterPath: "name", + mapper: { + required: true, + serializedName: "name", + type: { + name: "String" + } + } +}; +export const nextPageLink: msRest.OperationURLParameter = { + parameterPath: "nextPageLink", + mapper: { + required: true, + serializedName: "nextLink", + type: { + name: "String" + } + }, + skipEncoding: true +}; +export const operationalInsightsResourceProvider: msRest.OperationURLParameter = { + parameterPath: "operationalInsightsResourceProvider", + mapper: { + required: true, + serializedName: "operationalInsightsResourceProvider", + type: { + name: "String" + } + } +}; +export const orderby: msRest.OperationQueryParameter = { + parameterPath: [ + "options", + "orderby" + ], + mapper: { + serializedName: "$orderby", + type: { + name: "String" + } + } +}; +export const relationName: msRest.OperationURLParameter = { + parameterPath: "relationName", + mapper: { + required: true, + serializedName: "relationName", + type: { + name: "String" + } + } +}; +export const resourceGroupName: msRest.OperationURLParameter = { + parameterPath: "resourceGroupName", + mapper: { + required: true, + serializedName: "resourceGroupName", + constraints: { + MaxLength: 90, + MinLength: 1 + }, + type: { + name: "String" + } + } +}; +export const ruleId: msRest.OperationURLParameter = { + parameterPath: "ruleId", + mapper: { + required: true, + serializedName: "ruleId", + type: { + name: "String" + } + } +}; +export const skipToken: msRest.OperationQueryParameter = { + parameterPath: [ + "options", + "skipToken" + ], + mapper: { + serializedName: "$skipToken", + type: { + name: "String" + } + } +}; +export const subscriptionId: msRest.OperationURLParameter = { + parameterPath: "subscriptionId", + mapper: { + required: true, + serializedName: "subscriptionId", + constraints: { + MinLength: 1 + }, + type: { + name: "String" + } + } +}; +export const top: msRest.OperationQueryParameter = { + parameterPath: [ + "options", + "top" + ], + mapper: { + serializedName: "$top", + type: { + name: "Number" + } + } +}; +export const watchlistAlias: msRest.OperationURLParameter = { + parameterPath: "watchlistAlias", + mapper: { + required: true, + serializedName: "watchlistAlias", + type: { + name: "String" + } + } +}; +export const watchlistItemId: msRest.OperationURLParameter = { + parameterPath: "watchlistItemId", + mapper: { + required: true, + serializedName: "watchlistItemId", + type: { + name: "String" + } + } +}; +export const workspaceName: msRest.OperationURLParameter = { + parameterPath: "workspaceName", + mapper: { + required: true, + serializedName: "workspaceName", + constraints: { + MaxLength: 90, + MinLength: 1 + }, + type: { + name: "String" + } + } +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMappers.ts new file mode 100644 index 000000000000..dc1ecbc5ee2f --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMappers.ts @@ -0,0 +1,27 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + ThreatIntelligenceAppendTags, + ThreatIntelligenceExternalReference, + ThreatIntelligenceFilteringCriteria, + ThreatIntelligenceGranularMarkingModel, + ThreatIntelligenceIndicatorModel, + ThreatIntelligenceIndicatorModelForRequestBody, + ThreatIntelligenceInformation, + ThreatIntelligenceInformationList, + ThreatIntelligenceKillChainPhase, + ThreatIntelligenceParsedPattern, + ThreatIntelligenceParsedPatternTypeValue, + ThreatIntelligenceResourceKind, + ThreatIntelligenceSortingCriteria +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMetricsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMetricsMappers.ts new file mode 100644 index 000000000000..8a6f4da5c15f --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorMetricsMappers.ts @@ -0,0 +1,18 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + ThreatIntelligenceMetric, + ThreatIntelligenceMetricEntity, + ThreatIntelligenceMetrics, + ThreatIntelligenceMetricsList +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorsMappers.ts new file mode 100644 index 000000000000..1bb5a990e0d3 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/threatIntelligenceIndicatorsMappers.ts @@ -0,0 +1,22 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + ThreatIntelligenceExternalReference, + ThreatIntelligenceGranularMarkingModel, + ThreatIntelligenceIndicatorModel, + ThreatIntelligenceInformation, + ThreatIntelligenceInformationList, + ThreatIntelligenceKillChainPhase, + ThreatIntelligenceParsedPattern, + ThreatIntelligenceParsedPatternTypeValue +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/watchlistItemsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/watchlistItemsMappers.ts new file mode 100644 index 000000000000..108f08b96f6a --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/watchlistItemsMappers.ts @@ -0,0 +1,49 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + ActionRequest, + ActionResponse, + AlertDetailsOverride, + AlertRule, + AlertRuleTemplate, + AlertRuleTemplateDataSource, + AzureEntityResource, + BaseResource, + ClientInfo, + EntityMapping, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + EventGroupingSettings, + FieldMapping, + FusionAlertRule, + FusionAlertRuleTemplate, + GroupingConfiguration, + Incident, + IncidentAdditionalData, + IncidentComment, + IncidentConfiguration, + IncidentLabel, + IncidentOwnerInfo, + MicrosoftSecurityIncidentCreationAlertRule, + MicrosoftSecurityIncidentCreationAlertRuleTemplate, + ProxyResource, + Relation, + Resource, + ResourceWithEtag, + ScheduledAlertRule, + ScheduledAlertRuleTemplate, + SystemData, + TrackedResource, + UserInfo, + Watchlist, + WatchlistItem, + WatchlistItemList +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/watchlistsMappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/watchlistsMappers.ts new file mode 100644 index 000000000000..5e35c9888a1f --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/watchlistsMappers.ts @@ -0,0 +1,49 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export { + discriminators, + ActionRequest, + ActionResponse, + AlertDetailsOverride, + AlertRule, + AlertRuleTemplate, + AlertRuleTemplateDataSource, + AzureEntityResource, + BaseResource, + ClientInfo, + EntityMapping, + ErrorAdditionalInfo, + ErrorDetail, + ErrorResponse, + EventGroupingSettings, + FieldMapping, + FusionAlertRule, + FusionAlertRuleTemplate, + GroupingConfiguration, + Incident, + IncidentAdditionalData, + IncidentComment, + IncidentConfiguration, + IncidentLabel, + IncidentOwnerInfo, + MicrosoftSecurityIncidentCreationAlertRule, + MicrosoftSecurityIncidentCreationAlertRuleTemplate, + ProxyResource, + Relation, + Resource, + ResourceWithEtag, + ScheduledAlertRule, + ScheduledAlertRuleTemplate, + SystemData, + TrackedResource, + UserInfo, + Watchlist, + WatchlistItem, + WatchlistList +} from "../models/mappers"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts b/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts new file mode 100644 index 000000000000..3f423179aa59 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts @@ -0,0 +1,357 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/actionsMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a Actions. */ +export class Actions { + private readonly client: SecurityInsightsContext; + + /** + * Create a Actions. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Gets all actions of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param [options] The optional parameters + * @returns Promise + */ + listByAlertRule(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param callback The callback + */ + listByAlertRule(resourceGroupName: string, workspaceName: string, ruleId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param options The optional parameters + * @param callback The callback + */ + listByAlertRule(resourceGroupName: string, workspaceName: string, ruleId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + listByAlertRule(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + ruleId, + options + }, + listByAlertRuleOperationSpec, + callback) as Promise; + } + + /** + * Gets the action of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param [options] The optional parameters + * @returns Promise + */ + get(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param callback The callback + */ + get(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param options The optional parameters + * @param callback The callback + */ + get(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + get(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + ruleId, + actionId, + options + }, + getOperationSpec, + callback) as Promise; + } + + /** + * Creates or updates the action of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param action The action + * @param [options] The optional parameters + * @returns Promise + */ + createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, action: Models.ActionRequest, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param action The action + * @param callback The callback + */ + createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, action: Models.ActionRequest, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param action The action + * @param options The optional parameters + * @param callback The callback + */ + createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, action: Models.ActionRequest, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, action: Models.ActionRequest, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + ruleId, + actionId, + action, + options + }, + createOrUpdateOperationSpec, + callback) as Promise; + } + + /** + * Delete the action of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param [options] The optional parameters + * @returns Promise + */ + deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param options The optional parameters + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + ruleId, + actionId, + options + }, + deleteMethodOperationSpec, + callback); + } + + /** + * Gets all actions of alert rule. + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param [options] The optional parameters + * @returns Promise + */ + listByAlertRuleNext(nextPageLink: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param callback The callback + */ + listByAlertRuleNext(nextPageLink: string, callback: msRest.ServiceCallback): void; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param options The optional parameters + * @param callback The callback + */ + listByAlertRuleNext(nextPageLink: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + listByAlertRuleNext(nextPageLink: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + nextPageLink, + options + }, + listByAlertRuleNextOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const listByAlertRuleOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.ActionsList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const getOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId, + Parameters.actionId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.ActionResponse + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const createOrUpdateOperationSpec: msRest.OperationSpec = { + httpMethod: "PUT", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId, + Parameters.actionId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "action", + mapper: { + ...Mappers.ActionRequest, + required: true + } + }, + responses: { + 200: { + bodyMapper: Mappers.ActionResponse + }, + 201: { + bodyMapper: Mappers.ActionResponse + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const deleteMethodOperationSpec: msRest.OperationSpec = { + httpMethod: "DELETE", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId, + Parameters.actionId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listByAlertRuleNextOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + baseUrl: "https://management.azure.com", + path: "{nextLink}", + urlParameters: [ + Parameters.nextPageLink + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.ActionsList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts new file mode 100644 index 000000000000..c9ee06cc39c6 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts @@ -0,0 +1,200 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/alertRuleTemplatesMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a AlertRuleTemplates. */ +export class AlertRuleTemplates { + private readonly client: SecurityInsightsContext; + + /** + * Create a AlertRuleTemplates. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Gets all alert rule templates. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param [options] The optional parameters + * @returns Promise + */ + list(resourceGroupName: string, workspaceName: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param callback The callback + */ + list(resourceGroupName: string, workspaceName: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The optional parameters + * @param callback The callback + */ + list(resourceGroupName: string, workspaceName: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + list(resourceGroupName: string, workspaceName: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + options + }, + listOperationSpec, + callback) as Promise; + } + + /** + * Gets the alert rule template. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param alertRuleTemplateId Alert rule template ID + * @param [options] The optional parameters + * @returns Promise + */ + get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param alertRuleTemplateId Alert rule template ID + * @param callback The callback + */ + get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param alertRuleTemplateId Alert rule template ID + * @param options The optional parameters + * @param callback The callback + */ + get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + alertRuleTemplateId, + options + }, + getOperationSpec, + callback) as Promise; + } + + /** + * Gets all alert rule templates. + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param [options] The optional parameters + * @returns Promise + */ + listNext(nextPageLink: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param callback The callback + */ + listNext(nextPageLink: string, callback: msRest.ServiceCallback): void; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param options The optional parameters + * @param callback The callback + */ + listNext(nextPageLink: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + listNext(nextPageLink: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + nextPageLink, + options + }, + listNextOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const listOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.AlertRuleTemplatesList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const getOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.alertRuleTemplateId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.AlertRuleTemplate + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listNextOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + baseUrl: "https://management.azure.com", + path: "{nextLink}", + urlParameters: [ + Parameters.nextPageLink + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.AlertRuleTemplatesList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts b/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts new file mode 100644 index 000000000000..47ef42428e7b --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts @@ -0,0 +1,337 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/alertRulesMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a AlertRules. */ +export class AlertRules { + private readonly client: SecurityInsightsContext; + + /** + * Create a AlertRules. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Gets all alert rules. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param [options] The optional parameters + * @returns Promise + */ + list(resourceGroupName: string, workspaceName: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param callback The callback + */ + list(resourceGroupName: string, workspaceName: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The optional parameters + * @param callback The callback + */ + list(resourceGroupName: string, workspaceName: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + list(resourceGroupName: string, workspaceName: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + options + }, + listOperationSpec, + callback) as Promise; + } + + /** + * Gets the alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param [options] The optional parameters + * @returns Promise + */ + get(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param callback The callback + */ + get(resourceGroupName: string, workspaceName: string, ruleId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param options The optional parameters + * @param callback The callback + */ + get(resourceGroupName: string, workspaceName: string, ruleId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + get(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + ruleId, + options + }, + getOperationSpec, + callback) as Promise; + } + + /** + * Creates or updates the alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param alertRule The alert rule + * @param [options] The optional parameters + * @returns Promise + */ + createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, alertRule: Models.AlertRuleUnion, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param alertRule The alert rule + * @param callback The callback + */ + createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, alertRule: Models.AlertRuleUnion, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param alertRule The alert rule + * @param options The optional parameters + * @param callback The callback + */ + createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, alertRule: Models.AlertRuleUnion, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, alertRule: Models.AlertRuleUnion, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + ruleId, + alertRule, + options + }, + createOrUpdateOperationSpec, + callback) as Promise; + } + + /** + * Delete the alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param [options] The optional parameters + * @returns Promise + */ + deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param options The optional parameters + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + deleteMethod(resourceGroupName: string, workspaceName: string, ruleId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + ruleId, + options + }, + deleteMethodOperationSpec, + callback); + } + + /** + * Gets all alert rules. + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param [options] The optional parameters + * @returns Promise + */ + listNext(nextPageLink: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param callback The callback + */ + listNext(nextPageLink: string, callback: msRest.ServiceCallback): void; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param options The optional parameters + * @param callback The callback + */ + listNext(nextPageLink: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + listNext(nextPageLink: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + nextPageLink, + options + }, + listNextOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const listOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.AlertRulesList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const getOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.AlertRule + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const createOrUpdateOperationSpec: msRest.OperationSpec = { + httpMethod: "PUT", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "alertRule", + mapper: { + ...Mappers.AlertRule, + required: true + } + }, + responses: { + 200: { + bodyMapper: Mappers.AlertRule + }, + 201: { + bodyMapper: Mappers.AlertRule + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const deleteMethodOperationSpec: msRest.OperationSpec = { + httpMethod: "DELETE", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listNextOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + baseUrl: "https://management.azure.com", + path: "{nextLink}", + urlParameters: [ + Parameters.nextPageLink + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.AlertRulesList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts new file mode 100644 index 000000000000..7c2249b2b738 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts @@ -0,0 +1,365 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/incidentCommentsMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a IncidentComments. */ +export class IncidentComments { + private readonly client: SecurityInsightsContext; + + /** + * Create a IncidentComments. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Gets all comments for a given incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param [options] The optional parameters + * @returns Promise + */ + listByIncident(resourceGroupName: string, workspaceName: string, incidentId: string, options?: Models.IncidentCommentsListByIncidentOptionalParams): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param callback The callback + */ + listByIncident(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The optional parameters + * @param callback The callback + */ + listByIncident(resourceGroupName: string, workspaceName: string, incidentId: string, options: Models.IncidentCommentsListByIncidentOptionalParams, callback: msRest.ServiceCallback): void; + listByIncident(resourceGroupName: string, workspaceName: string, incidentId: string, options?: Models.IncidentCommentsListByIncidentOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + options + }, + listByIncidentOperationSpec, + callback) as Promise; + } + + /** + * Gets a comment for a given incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param [options] The optional parameters + * @returns Promise + */ + get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param callback The callback + */ + get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param options The optional parameters + * @param callback The callback + */ + get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + incidentCommentId, + options + }, + getOperationSpec, + callback) as Promise; + } + + /** + * Creates or updates a comment for a given incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param incidentComment The incident comment + * @param [options] The optional parameters + * @returns Promise + */ + createComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: Models.IncidentComment, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param incidentComment The incident comment + * @param callback The callback + */ + createComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: Models.IncidentComment, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param incidentComment The incident comment + * @param options The optional parameters + * @param callback The callback + */ + createComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: Models.IncidentComment, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + createComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: Models.IncidentComment, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + incidentCommentId, + incidentComment, + options + }, + createCommentOperationSpec, + callback) as Promise; + } + + /** + * Deletes a comment for a given incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param [options] The optional parameters + * @returns Promise + */ + deleteComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param callback The callback + */ + deleteComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param options The optional parameters + * @param callback The callback + */ + deleteComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + deleteComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + incidentCommentId, + options + }, + deleteCommentOperationSpec, + callback); + } + + /** + * Gets all comments for a given incident. + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param [options] The optional parameters + * @returns Promise + */ + listByIncidentNext(nextPageLink: string, options?: Models.IncidentCommentsListByIncidentNextOptionalParams): Promise; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param callback The callback + */ + listByIncidentNext(nextPageLink: string, callback: msRest.ServiceCallback): void; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param options The optional parameters + * @param callback The callback + */ + listByIncidentNext(nextPageLink: string, options: Models.IncidentCommentsListByIncidentNextOptionalParams, callback: msRest.ServiceCallback): void; + listByIncidentNext(nextPageLink: string, options?: Models.IncidentCommentsListByIncidentNextOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + nextPageLink, + options + }, + listByIncidentNextOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const listByIncidentOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.IncidentCommentList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const getOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.incidentCommentId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.IncidentComment + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const createCommentOperationSpec: msRest.OperationSpec = { + httpMethod: "PUT", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.incidentCommentId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "incidentComment", + mapper: { + ...Mappers.IncidentComment, + required: true + } + }, + responses: { + 200: { + bodyMapper: Mappers.IncidentComment + }, + 201: { + bodyMapper: Mappers.IncidentComment + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const deleteCommentOperationSpec: msRest.OperationSpec = { + httpMethod: "DELETE", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.incidentCommentId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listByIncidentNextOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + baseUrl: "https://management.azure.com", + path: "{nextLink}", + urlParameters: [ + Parameters.nextPageLink + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.IncidentCommentList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts new file mode 100644 index 000000000000..c9c3eb0f1135 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts @@ -0,0 +1,365 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/incidentRelationsMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a IncidentRelations. */ +export class IncidentRelations { + private readonly client: SecurityInsightsContext; + + /** + * Create a IncidentRelations. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Gets all relations for a given incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param [options] The optional parameters + * @returns Promise + */ + list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: Models.IncidentRelationsListOptionalParams): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param callback The callback + */ + list(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The optional parameters + * @param callback The callback + */ + list(resourceGroupName: string, workspaceName: string, incidentId: string, options: Models.IncidentRelationsListOptionalParams, callback: msRest.ServiceCallback): void; + list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: Models.IncidentRelationsListOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + options + }, + listOperationSpec, + callback) as Promise; + } + + /** + * Gets a relation for a given incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param [options] The optional parameters + * @returns Promise + */ + getRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param callback The callback + */ + getRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param options The optional parameters + * @param callback The callback + */ + getRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + getRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + relationName, + options + }, + getRelationOperationSpec, + callback) as Promise; + } + + /** + * Creates or updates a relation for a given incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param relation The relation model + * @param [options] The optional parameters + * @returns Promise + */ + createOrUpdateRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Models.Relation, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param relation The relation model + * @param callback The callback + */ + createOrUpdateRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Models.Relation, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param relation The relation model + * @param options The optional parameters + * @param callback The callback + */ + createOrUpdateRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Models.Relation, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + createOrUpdateRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Models.Relation, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + relationName, + relation, + options + }, + createOrUpdateRelationOperationSpec, + callback) as Promise; + } + + /** + * Deletes a relation for a given incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param [options] The optional parameters + * @returns Promise + */ + deleteRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param callback The callback + */ + deleteRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param options The optional parameters + * @param callback The callback + */ + deleteRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + deleteRelation(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + relationName, + options + }, + deleteRelationOperationSpec, + callback); + } + + /** + * Gets all relations for a given incident. + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param [options] The optional parameters + * @returns Promise + */ + listNext(nextPageLink: string, options?: Models.IncidentRelationsListNextOptionalParams): Promise; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param callback The callback + */ + listNext(nextPageLink: string, callback: msRest.ServiceCallback): void; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param options The optional parameters + * @param callback The callback + */ + listNext(nextPageLink: string, options: Models.IncidentRelationsListNextOptionalParams, callback: msRest.ServiceCallback): void; + listNext(nextPageLink: string, options?: Models.IncidentRelationsListNextOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + nextPageLink, + options + }, + listNextOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const listOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.RelationList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const getRelationOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.relationName + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.Relation + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const createOrUpdateRelationOperationSpec: msRest.OperationSpec = { + httpMethod: "PUT", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.relationName + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "relation", + mapper: { + ...Mappers.Relation, + required: true + } + }, + responses: { + 200: { + bodyMapper: Mappers.Relation + }, + 201: { + bodyMapper: Mappers.Relation + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const deleteRelationOperationSpec: msRest.OperationSpec = { + httpMethod: "DELETE", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.relationName + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listNextOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + baseUrl: "https://management.azure.com", + path: "{nextLink}", + urlParameters: [ + Parameters.nextPageLink + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.RelationList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts new file mode 100644 index 000000000000..04fe6af91125 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts @@ -0,0 +1,531 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/incidentsMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a Incidents. */ +export class Incidents { + private readonly client: SecurityInsightsContext; + + /** + * Create a Incidents. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Gets all incidents. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param [options] The optional parameters + * @returns Promise + */ + list(resourceGroupName: string, workspaceName: string, options?: Models.IncidentsListOptionalParams): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param callback The callback + */ + list(resourceGroupName: string, workspaceName: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The optional parameters + * @param callback The callback + */ + list(resourceGroupName: string, workspaceName: string, options: Models.IncidentsListOptionalParams, callback: msRest.ServiceCallback): void; + list(resourceGroupName: string, workspaceName: string, options?: Models.IncidentsListOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + options + }, + listOperationSpec, + callback) as Promise; + } + + /** + * Gets a given incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param [options] The optional parameters + * @returns Promise + */ + get(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param callback The callback + */ + get(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The optional parameters + * @param callback The callback + */ + get(resourceGroupName: string, workspaceName: string, incidentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + get(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + options + }, + getOperationSpec, + callback) as Promise; + } + + /** + * Creates or updates an incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incident The incident + * @param [options] The optional parameters + * @returns Promise + */ + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Models.Incident, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incident The incident + * @param callback The callback + */ + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Models.Incident, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incident The incident + * @param options The optional parameters + * @param callback The callback + */ + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Models.Incident, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Models.Incident, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + incident, + options + }, + createOrUpdateOperationSpec, + callback) as Promise; + } + + /** + * Deletes a given incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param [options] The optional parameters + * @returns Promise + */ + deleteMethod(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The optional parameters + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, workspaceName: string, incidentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + deleteMethod(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + options + }, + deleteMethodOperationSpec, + callback); + } + + /** + * Gets all alerts for an incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param [options] The optional parameters + * @returns Promise + */ + listOfAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param callback The callback + */ + listOfAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The optional parameters + * @param callback The callback + */ + listOfAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + listOfAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + options + }, + listOfAlertsOperationSpec, + callback) as Promise; + } + + /** + * Gets all bookmarks for an incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param [options] The optional parameters + * @returns Promise + */ + listOfBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param callback The callback + */ + listOfBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The optional parameters + * @param callback The callback + */ + listOfBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + listOfBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + options + }, + listOfBookmarksOperationSpec, + callback) as Promise; + } + + /** + * Gets all entities for an incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param [options] The optional parameters + * @returns Promise + */ + listOfEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param callback The callback + */ + listOfEntities(resourceGroupName: string, workspaceName: string, incidentId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The optional parameters + * @param callback The callback + */ + listOfEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + listOfEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + options + }, + listOfEntitiesOperationSpec, + callback) as Promise; + } + + /** + * Gets all incidents. + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param [options] The optional parameters + * @returns Promise + */ + listNext(nextPageLink: string, options?: Models.IncidentsListNextOptionalParams): Promise; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param callback The callback + */ + listNext(nextPageLink: string, callback: msRest.ServiceCallback): void; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param options The optional parameters + * @param callback The callback + */ + listNext(nextPageLink: string, options: Models.IncidentsListNextOptionalParams, callback: msRest.ServiceCallback): void; + listNext(nextPageLink: string, options?: Models.IncidentsListNextOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + nextPageLink, + options + }, + listNextOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const listOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.IncidentList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const getOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.Incident + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const createOrUpdateOperationSpec: msRest.OperationSpec = { + httpMethod: "PUT", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "incident", + mapper: { + ...Mappers.Incident, + required: true + } + }, + responses: { + 200: { + bodyMapper: Mappers.Incident + }, + 201: { + bodyMapper: Mappers.Incident + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const deleteMethodOperationSpec: msRest.OperationSpec = { + httpMethod: "DELETE", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listOfAlertsOperationSpec: msRest.OperationSpec = { + httpMethod: "POST", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.IncidentAlertList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listOfBookmarksOperationSpec: msRest.OperationSpec = { + httpMethod: "POST", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.IncidentBookmarkList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listOfEntitiesOperationSpec: msRest.OperationSpec = { + httpMethod: "POST", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.IncidentEntitiesResponse + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listNextOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + baseUrl: "https://management.azure.com", + path: "{nextLink}", + urlParameters: [ + Parameters.nextPageLink + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.IncidentList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts new file mode 100644 index 000000000000..23f68a1ec4d1 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts @@ -0,0 +1,21 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +export * from "./incidents"; +export * from "./incidentComments"; +export * from "./incidentRelations"; +export * from "./threatIntelligenceIndicator"; +export * from "./threatIntelligenceIndicators"; +export * from "./threatIntelligenceIndicatorMetrics"; +export * from "./watchlists"; +export * from "./watchlistItems"; +export * from "./operations"; +export * from "./alertRules"; +export * from "./actions"; +export * from "./alertRuleTemplates"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/operations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/operations.ts new file mode 100644 index 000000000000..92dcd99d2f23 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/operations.ts @@ -0,0 +1,125 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/operationsMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a Operations. */ +export class Operations { + private readonly client: SecurityInsightsContext; + + /** + * Create a Operations. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Lists all operations available Azure Security Insights Resource Provider. + * @param [options] The optional parameters + * @returns Promise + */ + list(options?: msRest.RequestOptionsBase): Promise; + /** + * @param callback The callback + */ + list(callback: msRest.ServiceCallback): void; + /** + * @param options The optional parameters + * @param callback The callback + */ + list(options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + list(options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + options + }, + listOperationSpec, + callback) as Promise; + } + + /** + * Lists all operations available Azure Security Insights Resource Provider. + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param [options] The optional parameters + * @returns Promise + */ + listNext(nextPageLink: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param callback The callback + */ + listNext(nextPageLink: string, callback: msRest.ServiceCallback): void; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param options The optional parameters + * @param callback The callback + */ + listNext(nextPageLink: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + listNext(nextPageLink: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + nextPageLink, + options + }, + listNextOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const listOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "providers/Microsoft.SecurityInsights/operations", + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.OperationsList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listNextOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + baseUrl: "https://management.azure.com", + path: "{nextLink}", + urlParameters: [ + Parameters.nextPageLink + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.OperationsList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicator.ts b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicator.ts new file mode 100644 index 000000000000..277499adb890 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicator.ts @@ -0,0 +1,628 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/threatIntelligenceIndicatorMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a ThreatIntelligenceIndicator. */ +export class ThreatIntelligenceIndicator { + private readonly client: SecurityInsightsContext; + + /** + * Create a ThreatIntelligenceIndicator. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Create a new threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and + * update. + * @param [options] The optional parameters + * @returns Promise + */ + createIndicator(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, threatIntelligenceProperties: Models.ThreatIntelligenceIndicatorModelForRequestBody, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and + * update. + * @param callback The callback + */ + createIndicator(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, threatIntelligenceProperties: Models.ThreatIntelligenceIndicatorModelForRequestBody, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and + * update. + * @param options The optional parameters + * @param callback The callback + */ + createIndicator(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, threatIntelligenceProperties: Models.ThreatIntelligenceIndicatorModelForRequestBody, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + createIndicator(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, threatIntelligenceProperties: Models.ThreatIntelligenceIndicatorModelForRequestBody, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + threatIntelligenceProperties, + options + }, + createIndicatorOperationSpec, + callback) as Promise; + } + + /** + * View a threat intelligence indicator by name. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param [options] The optional parameters + * @returns Promise + */ + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param callback The callback + */ + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param options The optional parameters + * @param callback The callback + */ + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + name, + options + }, + getOperationSpec, + callback) as Promise; + } + + /** + * Update a threat Intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and + * update. + * @param [options] The optional parameters + * @returns Promise + */ + create(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceProperties: Models.ThreatIntelligenceIndicatorModelForRequestBody, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and + * update. + * @param callback The callback + */ + create(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceProperties: Models.ThreatIntelligenceIndicatorModelForRequestBody, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and + * update. + * @param options The optional parameters + * @param callback The callback + */ + create(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceProperties: Models.ThreatIntelligenceIndicatorModelForRequestBody, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + create(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceProperties: Models.ThreatIntelligenceIndicatorModelForRequestBody, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + name, + threatIntelligenceProperties, + options + }, + createOperationSpec, + callback) as Promise; + } + + /** + * Delete a threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param [options] The optional parameters + * @returns Promise + */ + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param options The optional parameters + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + name, + options + }, + deleteMethodOperationSpec, + callback); + } + + /** + * Query threat intelligence indicators as per filtering criteria. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceFilteringCriteria Filtering criteria for querying threat intelligence + * indicators. + * @param [options] The optional parameters + * @returns Promise + */ + queryIndicators(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, threatIntelligenceFilteringCriteria: Models.ThreatIntelligenceFilteringCriteria, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceFilteringCriteria Filtering criteria for querying threat intelligence + * indicators. + * @param callback The callback + */ + queryIndicators(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, threatIntelligenceFilteringCriteria: Models.ThreatIntelligenceFilteringCriteria, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceFilteringCriteria Filtering criteria for querying threat intelligence + * indicators. + * @param options The optional parameters + * @param callback The callback + */ + queryIndicators(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, threatIntelligenceFilteringCriteria: Models.ThreatIntelligenceFilteringCriteria, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + queryIndicators(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, threatIntelligenceFilteringCriteria: Models.ThreatIntelligenceFilteringCriteria, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + threatIntelligenceFilteringCriteria, + options + }, + queryIndicatorsOperationSpec, + callback) as Promise; + } + + /** + * Append tags to a threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceAppendTags The threat intelligence append tags request body + * @param [options] The optional parameters + * @returns Promise + */ + appendTags(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceAppendTags: Models.ThreatIntelligenceAppendTags, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceAppendTags The threat intelligence append tags request body + * @param callback The callback + */ + appendTags(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceAppendTags: Models.ThreatIntelligenceAppendTags, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceAppendTags The threat intelligence append tags request body + * @param options The optional parameters + * @param callback The callback + */ + appendTags(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceAppendTags: Models.ThreatIntelligenceAppendTags, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + appendTags(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceAppendTags: Models.ThreatIntelligenceAppendTags, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + name, + threatIntelligenceAppendTags, + options + }, + appendTagsOperationSpec, + callback); + } + + /** + * Replace tags added to a threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceReplaceTags Tags in the threat intelligence indicator to be replaced. + * @param [options] The optional parameters + * @returns Promise + */ + replaceTags(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceReplaceTags: Models.ThreatIntelligenceIndicatorModelForRequestBody, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceReplaceTags Tags in the threat intelligence indicator to be replaced. + * @param callback The callback + */ + replaceTags(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceReplaceTags: Models.ThreatIntelligenceIndicatorModelForRequestBody, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceReplaceTags Tags in the threat intelligence indicator to be replaced. + * @param options The optional parameters + * @param callback The callback + */ + replaceTags(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceReplaceTags: Models.ThreatIntelligenceIndicatorModelForRequestBody, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + replaceTags(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, name: string, threatIntelligenceReplaceTags: Models.ThreatIntelligenceIndicatorModelForRequestBody, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + name, + threatIntelligenceReplaceTags, + options + }, + replaceTagsOperationSpec, + callback) as Promise; + } + + /** + * Query threat intelligence indicators as per filtering criteria. + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param [options] The optional parameters + * @returns Promise + */ + queryIndicatorsNext(nextPageLink: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param callback The callback + */ + queryIndicatorsNext(nextPageLink: string, callback: msRest.ServiceCallback): void; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param options The optional parameters + * @param callback The callback + */ + queryIndicatorsNext(nextPageLink: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + queryIndicatorsNext(nextPageLink: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + nextPageLink, + options + }, + queryIndicatorsNextOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const createIndicatorOperationSpec: msRest.OperationSpec = { + httpMethod: "POST", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "threatIntelligenceProperties", + mapper: { + ...Mappers.ThreatIntelligenceIndicatorModelForRequestBody, + required: true + } + }, + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + 201: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const getOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.name + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const createOperationSpec: msRest.OperationSpec = { + httpMethod: "PUT", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.name + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "threatIntelligenceProperties", + mapper: { + ...Mappers.ThreatIntelligenceIndicatorModelForRequestBody, + required: true + } + }, + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + 201: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const deleteMethodOperationSpec: msRest.OperationSpec = { + httpMethod: "DELETE", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.name + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const queryIndicatorsOperationSpec: msRest.OperationSpec = { + httpMethod: "POST", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "threatIntelligenceFilteringCriteria", + mapper: { + ...Mappers.ThreatIntelligenceFilteringCriteria, + required: true + } + }, + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformationList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const appendTagsOperationSpec: msRest.OperationSpec = { + httpMethod: "POST", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.name + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "threatIntelligenceAppendTags", + mapper: { + ...Mappers.ThreatIntelligenceAppendTags, + required: true + } + }, + responses: { + 200: {}, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const replaceTagsOperationSpec: msRest.OperationSpec = { + httpMethod: "POST", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.name + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "threatIntelligenceReplaceTags", + mapper: { + ...Mappers.ThreatIntelligenceIndicatorModelForRequestBody, + required: true + } + }, + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const queryIndicatorsNextOperationSpec: msRest.OperationSpec = { + httpMethod: "POST", + baseUrl: "https://management.azure.com", + path: "{nextLink}", + urlParameters: [ + Parameters.nextPageLink + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformationList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicatorMetrics.ts b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicatorMetrics.ts new file mode 100644 index 000000000000..15b9712957a2 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicatorMetrics.ts @@ -0,0 +1,94 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/threatIntelligenceIndicatorMetricsMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a ThreatIntelligenceIndicatorMetrics. */ +export class ThreatIntelligenceIndicatorMetrics { + private readonly client: SecurityInsightsContext; + + /** + * Create a ThreatIntelligenceIndicatorMetrics. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param [options] The optional parameters + * @returns Promise + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param callback The callback + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param options The optional parameters + * @param callback The callback + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + options + }, + listOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const listOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceMetricsList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts new file mode 100644 index 000000000000..30120a45e050 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts @@ -0,0 +1,154 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/threatIntelligenceIndicatorsMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a ThreatIntelligenceIndicators. */ +export class ThreatIntelligenceIndicators { + private readonly client: SecurityInsightsContext; + + /** + * Create a ThreatIntelligenceIndicators. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Get all threat intelligence indicators. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param [options] The optional parameters + * @returns Promise + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, options?: Models.ThreatIntelligenceIndicatorsListOptionalParams): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param callback The callback + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param options The optional parameters + * @param callback The callback + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, options: Models.ThreatIntelligenceIndicatorsListOptionalParams, callback: msRest.ServiceCallback): void; + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, options?: Models.ThreatIntelligenceIndicatorsListOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + options + }, + listOperationSpec, + callback) as Promise; + } + + /** + * Get all threat intelligence indicators. + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param [options] The optional parameters + * @returns Promise + */ + listNext(nextPageLink: string, options?: Models.ThreatIntelligenceIndicatorsListNextOptionalParams): Promise; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param callback The callback + */ + listNext(nextPageLink: string, callback: msRest.ServiceCallback): void; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param options The optional parameters + * @param callback The callback + */ + listNext(nextPageLink: string, options: Models.ThreatIntelligenceIndicatorsListNextOptionalParams, callback: msRest.ServiceCallback): void; + listNext(nextPageLink: string, options?: Models.ThreatIntelligenceIndicatorsListNextOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + nextPageLink, + options + }, + listNextOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const listOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.top, + Parameters.skipToken, + Parameters.orderby + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformationList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listNextOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + baseUrl: "https://management.azure.com", + path: "{nextLink}", + urlParameters: [ + Parameters.nextPageLink + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.top, + Parameters.skipToken, + Parameters.orderby + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformationList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts b/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts new file mode 100644 index 000000000000..1f26c2300105 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts @@ -0,0 +1,391 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/watchlistItemsMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a WatchlistItems. */ +export class WatchlistItems { + private readonly client: SecurityInsightsContext; + + /** + * Create a WatchlistItems. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Get all watchlist Items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param [options] The optional parameters + * @returns Promise + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, options?: Models.WatchlistItemsListOptionalParams): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param callback The callback + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param options The optional parameters + * @param callback The callback + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, options: Models.WatchlistItemsListOptionalParams, callback: msRest.ServiceCallback): void; + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, options?: Models.WatchlistItemsListOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + watchlistAlias, + options + }, + listOperationSpec, + callback) as Promise; + } + + /** + * Get a watchlist item. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) + * @param [options] The optional parameters + * @returns Promise + */ + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) + * @param callback The callback + */ + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) + * @param options The optional parameters + * @param callback The callback + */ + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + watchlistAlias, + watchlistItemId, + options + }, + getOperationSpec, + callback) as Promise; + } + + /** + * Delete a watchlist item. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) + * @param [options] The optional parameters + * @returns Promise + */ + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) + * @param options The optional parameters + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + watchlistAlias, + watchlistItemId, + options + }, + deleteMethodOperationSpec, + callback); + } + + /** + * Create or update a watchlist item. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) + * @param watchlistItem The watchlist item + * @param [options] The optional parameters + * @returns Promise + */ + createOrUpdate(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, watchlistItem: Models.WatchlistItem, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) + * @param watchlistItem The watchlist item + * @param callback The callback + */ + createOrUpdate(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, watchlistItem: Models.WatchlistItem, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) + * @param watchlistItem The watchlist item + * @param options The optional parameters + * @param callback The callback + */ + createOrUpdate(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, watchlistItem: Models.WatchlistItem, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + createOrUpdate(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, watchlistItem: Models.WatchlistItem, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + watchlistAlias, + watchlistItemId, + watchlistItem, + options + }, + createOrUpdateOperationSpec, + callback) as Promise; + } + + /** + * Get all watchlist Items. + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param [options] The optional parameters + * @returns Promise + */ + listNext(nextPageLink: string, options?: Models.WatchlistItemsListNextOptionalParams): Promise; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param callback The callback + */ + listNext(nextPageLink: string, callback: msRest.ServiceCallback): void; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param options The optional parameters + * @param callback The callback + */ + listNext(nextPageLink: string, options: Models.WatchlistItemsListNextOptionalParams, callback: msRest.ServiceCallback): void; + listNext(nextPageLink: string, options?: Models.WatchlistItemsListNextOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + nextPageLink, + options + }, + listNextOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const listOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.watchlistAlias + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.skipToken + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.WatchlistItemList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const getOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.watchlistAlias, + Parameters.watchlistItemId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.WatchlistItem + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const deleteMethodOperationSpec: msRest.OperationSpec = { + httpMethod: "DELETE", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.watchlistAlias, + Parameters.watchlistItemId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const createOrUpdateOperationSpec: msRest.OperationSpec = { + httpMethod: "PUT", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.watchlistAlias, + Parameters.watchlistItemId + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "watchlistItem", + mapper: { + ...Mappers.WatchlistItem, + required: true + } + }, + responses: { + 200: { + bodyMapper: Mappers.WatchlistItem + }, + 201: { + bodyMapper: Mappers.WatchlistItem + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listNextOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + baseUrl: "https://management.azure.com", + path: "{nextLink}", + urlParameters: [ + Parameters.nextPageLink + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.skipToken + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.WatchlistItemList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts b/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts new file mode 100644 index 000000000000..7a5baa636fec --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts @@ -0,0 +1,373 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import * as Models from "../models"; +import * as Mappers from "../models/watchlistsMappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsightsContext } from "../securityInsightsContext"; + +/** Class representing a Watchlists. */ +export class Watchlists { + private readonly client: SecurityInsightsContext; + + /** + * Create a Watchlists. + * @param {SecurityInsightsContext} client Reference to the service client. + */ + constructor(client: SecurityInsightsContext) { + this.client = client; + } + + /** + * Get all watchlists, without watchlist items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param [options] The optional parameters + * @returns Promise + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, options?: Models.WatchlistsListOptionalParams): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param callback The callback + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param options The optional parameters + * @param callback The callback + */ + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, options: Models.WatchlistsListOptionalParams, callback: msRest.ServiceCallback): void; + list(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, options?: Models.WatchlistsListOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + options + }, + listOperationSpec, + callback) as Promise; + } + + /** + * Get a watchlist, without its watchlist items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param [options] The optional parameters + * @returns Promise + */ + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param callback The callback + */ + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param options The optional parameters + * @param callback The callback + */ + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + get(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + watchlistAlias, + options + }, + getOperationSpec, + callback) as Promise; + } + + /** + * Delete a watchlist. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param [options] The optional parameters + * @returns Promise + */ + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param options The optional parameters + * @param callback The callback + */ + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + deleteMethod(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + watchlistAlias, + options + }, + deleteMethodOperationSpec, + callback); + } + + /** + * Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv + * content type). To create a Watchlist and its Items, we should call this endpoint with rawContent + * and contentType properties. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlist The watchlist + * @param [options] The optional parameters + * @returns Promise + */ + createOrUpdate(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlist: Models.Watchlist, options?: msRest.RequestOptionsBase): Promise; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlist The watchlist + * @param callback The callback + */ + createOrUpdate(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlist: Models.Watchlist, callback: msRest.ServiceCallback): void; + /** + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param operationalInsightsResourceProvider The namespace of workspaces resource provider- + * Microsoft.OperationalInsights. + * @param workspaceName The name of the workspace. + * @param watchlistAlias The watchlist alias + * @param watchlist The watchlist + * @param options The optional parameters + * @param callback The callback + */ + createOrUpdate(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlist: Models.Watchlist, options: msRest.RequestOptionsBase, callback: msRest.ServiceCallback): void; + createOrUpdate(resourceGroupName: string, operationalInsightsResourceProvider: string, workspaceName: string, watchlistAlias: string, watchlist: Models.Watchlist, options?: msRest.RequestOptionsBase | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + operationalInsightsResourceProvider, + workspaceName, + watchlistAlias, + watchlist, + options + }, + createOrUpdateOperationSpec, + callback) as Promise; + } + + /** + * Get all watchlists, without watchlist items. + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param [options] The optional parameters + * @returns Promise + */ + listNext(nextPageLink: string, options?: Models.WatchlistsListNextOptionalParams): Promise; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param callback The callback + */ + listNext(nextPageLink: string, callback: msRest.ServiceCallback): void; + /** + * @param nextPageLink The NextLink from the previous successful call to List operation. + * @param options The optional parameters + * @param callback The callback + */ + listNext(nextPageLink: string, options: Models.WatchlistsListNextOptionalParams, callback: msRest.ServiceCallback): void; + listNext(nextPageLink: string, options?: Models.WatchlistsListNextOptionalParams | msRest.ServiceCallback, callback?: msRest.ServiceCallback): Promise { + return this.client.sendOperationRequest( + { + nextPageLink, + options + }, + listNextOperationSpec, + callback) as Promise; + } +} + +// Operation Specifications +const serializer = new msRest.Serializer(Mappers); +const listOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.skipToken + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.WatchlistList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const getOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.watchlistAlias + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.Watchlist + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const deleteMethodOperationSpec: msRest.OperationSpec = { + httpMethod: "DELETE", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.watchlistAlias + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const createOrUpdateOperationSpec: msRest.OperationSpec = { + httpMethod: "PUT", + path: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", + urlParameters: [ + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.operationalInsightsResourceProvider, + Parameters.workspaceName, + Parameters.watchlistAlias + ], + queryParameters: [ + Parameters.apiVersion + ], + headerParameters: [ + Parameters.acceptLanguage + ], + requestBody: { + parameterPath: "watchlist", + mapper: { + ...Mappers.Watchlist, + required: true + } + }, + responses: { + 200: { + bodyMapper: Mappers.Watchlist + }, + 201: { + bodyMapper: Mappers.Watchlist + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; + +const listNextOperationSpec: msRest.OperationSpec = { + httpMethod: "GET", + baseUrl: "https://management.azure.com", + path: "{nextLink}", + urlParameters: [ + Parameters.nextPageLink + ], + queryParameters: [ + Parameters.apiVersion, + Parameters.skipToken + ], + headerParameters: [ + Parameters.acceptLanguage + ], + responses: { + 200: { + bodyMapper: Mappers.WatchlistList + }, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts new file mode 100644 index 000000000000..7adb6c492660 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts @@ -0,0 +1,69 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as msRest from "@azure/ms-rest-js"; +import { TokenCredential } from "@azure/core-auth"; +import * as Models from "./models"; +import * as Mappers from "./models/mappers"; +import * as operations from "./operations"; +import { SecurityInsightsContext } from "./securityInsightsContext"; + + +class SecurityInsights extends SecurityInsightsContext { + // Operation groups + incidents: operations.Incidents; + incidentComments: operations.IncidentComments; + incidentRelations: operations.IncidentRelations; + threatIntelligenceIndicator: operations.ThreatIntelligenceIndicator; + threatIntelligenceIndicators: operations.ThreatIntelligenceIndicators; + threatIntelligenceIndicatorMetrics: operations.ThreatIntelligenceIndicatorMetrics; + watchlists: operations.Watchlists; + watchlistItems: operations.WatchlistItems; + operations: operations.Operations; + alertRules: operations.AlertRules; + actions: operations.Actions; + alertRuleTemplates: operations.AlertRuleTemplates; + + /** + * Initializes a new instance of the SecurityInsights class. + * @param credentials Credentials needed for the client to connect to Azure. Credentials + * implementing the TokenCredential interface from the @azure/identity package are recommended. For + * more information about these credentials, see + * {@link https://www.npmjs.com/package/@azure/identity}. Credentials implementing the + * ServiceClientCredentials interface from the older packages @azure/ms-rest-nodeauth and + * @azure/ms-rest-browserauth are also supported. + * @param subscriptionId The ID of the target subscription. + * @param [options] The parameter options + */ + constructor(credentials: msRest.ServiceClientCredentials | TokenCredential, subscriptionId: string, options?: Models.SecurityInsightsOptions) { + super(credentials, subscriptionId, options); + this.incidents = new operations.Incidents(this); + this.incidentComments = new operations.IncidentComments(this); + this.incidentRelations = new operations.IncidentRelations(this); + this.threatIntelligenceIndicator = new operations.ThreatIntelligenceIndicator(this); + this.threatIntelligenceIndicators = new operations.ThreatIntelligenceIndicators(this); + this.threatIntelligenceIndicatorMetrics = new operations.ThreatIntelligenceIndicatorMetrics(this); + this.watchlists = new operations.Watchlists(this); + this.watchlistItems = new operations.WatchlistItems(this); + this.operations = new operations.Operations(this); + this.alertRules = new operations.AlertRules(this); + this.actions = new operations.Actions(this); + this.alertRuleTemplates = new operations.AlertRuleTemplates(this); + } +} + +// Operation Specifications + +export { + SecurityInsights, + SecurityInsightsContext, + Models as SecurityInsightsModels, + Mappers as SecurityInsightsMappers +}; +export * from "./operations"; diff --git a/sdk/securityinsight/arm-securityinsight/src/securityInsightsContext.ts b/sdk/securityinsight/arm-securityinsight/src/securityInsightsContext.ts new file mode 100644 index 000000000000..c90bed58b3d5 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/securityInsightsContext.ts @@ -0,0 +1,67 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is + * regenerated. + */ + +import * as Models from "./models"; +import * as msRest from "@azure/ms-rest-js"; +import * as msRestAzure from "@azure/ms-rest-azure-js"; +import { TokenCredential } from "@azure/core-auth"; + +const packageName = "@azure/arm-securityinsight"; +const packageVersion = "1.0.0"; + +export class SecurityInsightsContext extends msRestAzure.AzureServiceClient { + credentials: msRest.ServiceClientCredentials | TokenCredential; + subscriptionId: string; + apiVersion?: string; + + /** + * Initializes a new instance of the SecurityInsights class. + * @param credentials Credentials needed for the client to connect to Azure. Credentials + * implementing the TokenCredential interface from the @azure/identity package are recommended. For + * more information about these credentials, see + * {@link https://www.npmjs.com/package/@azure/identity}. Credentials implementing the + * ServiceClientCredentials interface from the older packages @azure/ms-rest-nodeauth and + * @azure/ms-rest-browserauth are also supported. + * @param subscriptionId The ID of the target subscription. + * @param [options] The parameter options + */ + constructor(credentials: msRest.ServiceClientCredentials | TokenCredential, subscriptionId: string, options?: Models.SecurityInsightsOptions) { + if (credentials == undefined) { + throw new Error('\'credentials\' cannot be null.'); + } + if (subscriptionId == undefined) { + throw new Error('\'subscriptionId\' cannot be null.'); + } + + if (!options) { + options = {}; + } + if (!options.userAgent) { + const defaultUserAgent = msRestAzure.getDefaultUserAgentValue(); + options.userAgent = `${packageName}/${packageVersion} ${defaultUserAgent}`; + } + + super(credentials, options); + + this.apiVersion = '2021-10-01'; + this.acceptLanguage = 'en-US'; + this.longRunningOperationRetryTimeout = 30; + this.baseUri = options.baseUri || this.baseUri || "https://management.azure.com"; + this.requestContentType = "application/json; charset=utf-8"; + this.credentials = credentials; + this.subscriptionId = subscriptionId; + + if (options.acceptLanguage !== null && options.acceptLanguage !== undefined) { + this.acceptLanguage = options.acceptLanguage; + } + if (options.longRunningOperationRetryTimeout !== null && options.longRunningOperationRetryTimeout !== undefined) { + this.longRunningOperationRetryTimeout = options.longRunningOperationRetryTimeout; + } + } +} diff --git a/sdk/securityinsight/arm-securityinsight/tsconfig.json b/sdk/securityinsight/arm-securityinsight/tsconfig.json new file mode 100644 index 000000000000..422b584abd5e --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/tsconfig.json @@ -0,0 +1,19 @@ +{ + "compilerOptions": { + "module": "es6", + "moduleResolution": "node", + "strict": true, + "target": "es5", + "sourceMap": true, + "declarationMap": true, + "esModuleInterop": true, + "allowSyntheticDefaultImports": true, + "forceConsistentCasingInFileNames": true, + "lib": ["es6", "dom"], + "declaration": true, + "outDir": "./esm", + "importHelpers": true + }, + "include": ["./src/**/*.ts"], + "exclude": ["node_modules"] +}