From f8d640f3f5dc36219af346242ffed20ee48ca4dd Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Tue, 13 Aug 2019 06:02:13 +0000 Subject: [PATCH 1/5] Generated from d731243f4645a2df9c8389e10e93be04ea78a620 Add alertRuleTemplates endpoint to securityInsight --- .../mgmt/securityinsight/models.go | 312 +- .../securityinsightapi/models.go | 1 + .../securityinsight/alertruletemplates.go | 270 + .../securityinsight/entities.go | 99 - .../securityinsight/models.go | 5212 ++++------------- .../securityinsightapi/interfaces.go | 9 +- 6 files changed, 1534 insertions(+), 4369 deletions(-) create mode 100644 services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertruletemplates.go diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go index aaacda66d67a..6c290ccb11c4 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go @@ -38,6 +38,8 @@ const ( type AlertRuleKind = original.AlertRuleKind const ( + Filter AlertRuleKind = original.Filter + Fusion AlertRuleKind = original.Fusion Scheduled AlertRuleKind = original.Scheduled ) @@ -50,14 +52,20 @@ const ( Medium AlertSeverity = original.Medium ) -type AlertStatus = original.AlertStatus +type AttackTactic = original.AttackTactic const ( - AlertStatusDismissed AlertStatus = original.AlertStatusDismissed - AlertStatusInProgress AlertStatus = original.AlertStatusInProgress - AlertStatusNew AlertStatus = original.AlertStatusNew - AlertStatusResolved AlertStatus = original.AlertStatusResolved - AlertStatusUnknown AlertStatus = original.AlertStatusUnknown + Collection AttackTactic = original.Collection + CommandAndControl AttackTactic = original.CommandAndControl + CredentialAccess AttackTactic = original.CredentialAccess + DefenseEvasion AttackTactic = original.DefenseEvasion + Discovery AttackTactic = original.Discovery + Execution AttackTactic = original.Execution + Exfiltration AttackTactic = original.Exfiltration + InitialAccess AttackTactic = original.InitialAccess + LateralMovement AttackTactic = original.LateralMovement + Persistence AttackTactic = original.Persistence + PrivilegeEscalation AttackTactic = original.PrivilegeEscalation ) type CaseSeverity = original.CaseSeverity @@ -87,34 +95,14 @@ const ( Resolved CloseReason = original.Resolved ) -type ConfidenceLevel = original.ConfidenceLevel - -const ( - ConfidenceLevelHigh ConfidenceLevel = original.ConfidenceLevelHigh - ConfidenceLevelLow ConfidenceLevel = original.ConfidenceLevelLow - ConfidenceLevelUnknown ConfidenceLevel = original.ConfidenceLevelUnknown -) - -type ConfidenceScoreStatus = original.ConfidenceScoreStatus - -const ( - Final ConfidenceScoreStatus = original.Final - InProcess ConfidenceScoreStatus = original.InProcess - NotApplicable ConfidenceScoreStatus = original.NotApplicable - NotFinal ConfidenceScoreStatus = original.NotFinal -) - type DataConnectorKind = original.DataConnectorKind const ( - DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = original.DataConnectorKindAmazonWebServicesCloudTrail - DataConnectorKindAzureActiveDirectory DataConnectorKind = original.DataConnectorKindAzureActiveDirectory - DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = original.DataConnectorKindAzureAdvancedThreatProtection - DataConnectorKindAzureSecurityCenter DataConnectorKind = original.DataConnectorKindAzureSecurityCenter - DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = original.DataConnectorKindMicrosoftCloudAppSecurity - DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = original.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection - DataConnectorKindOffice365 DataConnectorKind = original.DataConnectorKindOffice365 - DataConnectorKindThreatIntelligence DataConnectorKind = original.DataConnectorKindThreatIntelligence + AzureActiveDirectory DataConnectorKind = original.AzureActiveDirectory + AzureSecurityCenter DataConnectorKind = original.AzureSecurityCenter + MicrosoftCloudAppSecurity DataConnectorKind = original.MicrosoftCloudAppSecurity + Office365 DataConnectorKind = original.Office365 + ThreatIntelligence DataConnectorKind = original.ThreatIntelligence ) type DataTypeState = original.DataTypeState @@ -124,83 +112,19 @@ const ( Enabled DataTypeState = original.Enabled ) -type ElevationToken = original.ElevationToken +type DataTypeStatus = original.DataTypeStatus const ( - Default ElevationToken = original.Default - Full ElevationToken = original.Full - Limited ElevationToken = original.Limited + Exist DataTypeStatus = original.Exist + NotExist DataTypeStatus = original.NotExist ) type EntityKind = original.EntityKind const ( - EntityKindAccount EntityKind = original.EntityKindAccount - EntityKindAzureResource EntityKind = original.EntityKindAzureResource - EntityKindBookmark EntityKind = original.EntityKindBookmark - EntityKindCloudApplication EntityKind = original.EntityKindCloudApplication - EntityKindDNSResolution EntityKind = original.EntityKindDNSResolution - EntityKindFile EntityKind = original.EntityKindFile - EntityKindFileHash EntityKind = original.EntityKindFileHash - EntityKindHost EntityKind = original.EntityKindHost - EntityKindIP EntityKind = original.EntityKindIP - EntityKindMalware EntityKind = original.EntityKindMalware - EntityKindProcess EntityKind = original.EntityKindProcess - EntityKindRegistryKey EntityKind = original.EntityKindRegistryKey - EntityKindRegistryValue EntityKind = original.EntityKindRegistryValue - EntityKindSecurityAlert EntityKind = original.EntityKindSecurityAlert - EntityKindSecurityGroup EntityKind = original.EntityKindSecurityGroup - EntityKindURL EntityKind = original.EntityKindURL -) - -type EntityType = original.EntityType - -const ( - EntityTypeAccount EntityType = original.EntityTypeAccount - EntityTypeAzureResource EntityType = original.EntityTypeAzureResource - EntityTypeCloudApplication EntityType = original.EntityTypeCloudApplication - EntityTypeDNS EntityType = original.EntityTypeDNS - EntityTypeFile EntityType = original.EntityTypeFile - EntityTypeFileHash EntityType = original.EntityTypeFileHash - EntityTypeHost EntityType = original.EntityTypeHost - EntityTypeHuntingBookmark EntityType = original.EntityTypeHuntingBookmark - EntityTypeIP EntityType = original.EntityTypeIP - EntityTypeMalware EntityType = original.EntityTypeMalware - EntityTypeProcess EntityType = original.EntityTypeProcess - EntityTypeRegistryKey EntityType = original.EntityTypeRegistryKey - EntityTypeRegistryValue EntityType = original.EntityTypeRegistryValue - EntityTypeSecurityAlert EntityType = original.EntityTypeSecurityAlert - EntityTypeSecurityGroup EntityType = original.EntityTypeSecurityGroup - EntityTypeURL EntityType = original.EntityTypeURL -) - -type FileHashAlgorithm = original.FileHashAlgorithm - -const ( - MD5 FileHashAlgorithm = original.MD5 - SHA1 FileHashAlgorithm = original.SHA1 - SHA256 FileHashAlgorithm = original.SHA256 - SHA256AC FileHashAlgorithm = original.SHA256AC - Unknown FileHashAlgorithm = original.Unknown -) - -type KillChainIntent = original.KillChainIntent - -const ( - KillChainIntentCollection KillChainIntent = original.KillChainIntentCollection - KillChainIntentCommandAndControl KillChainIntent = original.KillChainIntentCommandAndControl - KillChainIntentCredentialAccess KillChainIntent = original.KillChainIntentCredentialAccess - KillChainIntentDefenseEvasion KillChainIntent = original.KillChainIntentDefenseEvasion - KillChainIntentDiscovery KillChainIntent = original.KillChainIntentDiscovery - KillChainIntentExecution KillChainIntent = original.KillChainIntentExecution - KillChainIntentExfiltration KillChainIntent = original.KillChainIntentExfiltration - KillChainIntentExploitation KillChainIntent = original.KillChainIntentExploitation - KillChainIntentImpact KillChainIntent = original.KillChainIntentImpact - KillChainIntentLateralMovement KillChainIntent = original.KillChainIntentLateralMovement - KillChainIntentPersistence KillChainIntent = original.KillChainIntentPersistence - KillChainIntentPrivilegeEscalation KillChainIntent = original.KillChainIntentPrivilegeEscalation - KillChainIntentProbing KillChainIntent = original.KillChainIntentProbing - KillChainIntentUnknown KillChainIntent = original.KillChainIntentUnknown + Account EntityKind = original.Account + File EntityKind = original.File + Host EntityKind = original.Host ) type Kind = original.Kind @@ -217,39 +141,33 @@ const ( KindCasesAggregation KindBasicAggregations = original.KindCasesAggregation ) +type KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplate + +const ( + KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindAlertRuleTemplate + KindBasicAlertRuleTemplateKindFilter KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindFilter + KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindFusion + KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindScheduled +) + type KindBasicDataConnector = original.KindBasicDataConnector const ( - KindAmazonWebServicesCloudTrail KindBasicDataConnector = original.KindAmazonWebServicesCloudTrail - KindAzureActiveDirectory KindBasicDataConnector = original.KindAzureActiveDirectory - KindAzureAdvancedThreatProtection KindBasicDataConnector = original.KindAzureAdvancedThreatProtection - KindAzureSecurityCenter KindBasicDataConnector = original.KindAzureSecurityCenter - KindDataConnector KindBasicDataConnector = original.KindDataConnector - KindMicrosoftCloudAppSecurity KindBasicDataConnector = original.KindMicrosoftCloudAppSecurity - KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = original.KindMicrosoftDefenderAdvancedThreatProtection - KindOffice365 KindBasicDataConnector = original.KindOffice365 - KindThreatIntelligence KindBasicDataConnector = original.KindThreatIntelligence + KindAzureActiveDirectory KindBasicDataConnector = original.KindAzureActiveDirectory + KindAzureSecurityCenter KindBasicDataConnector = original.KindAzureSecurityCenter + KindDataConnector KindBasicDataConnector = original.KindDataConnector + KindMicrosoftCloudAppSecurity KindBasicDataConnector = original.KindMicrosoftCloudAppSecurity + KindOffice365 KindBasicDataConnector = original.KindOffice365 + KindThreatIntelligence KindBasicDataConnector = original.KindThreatIntelligence ) type KindBasicEntity = original.KindBasicEntity const ( - KindAccount KindBasicEntity = original.KindAccount - KindAzureResource KindBasicEntity = original.KindAzureResource - KindCloudApplication KindBasicEntity = original.KindCloudApplication - KindDNSResolution KindBasicEntity = original.KindDNSResolution - KindEntity KindBasicEntity = original.KindEntity - KindFile KindBasicEntity = original.KindFile - KindFileHash KindBasicEntity = original.KindFileHash - KindHost KindBasicEntity = original.KindHost - KindIP KindBasicEntity = original.KindIP - KindMalware KindBasicEntity = original.KindMalware - KindProcess KindBasicEntity = original.KindProcess - KindRegistryKey KindBasicEntity = original.KindRegistryKey - KindRegistryValue KindBasicEntity = original.KindRegistryValue - KindSecurityAlert KindBasicEntity = original.KindSecurityAlert - KindSecurityGroup KindBasicEntity = original.KindSecurityGroup - KindURL KindBasicEntity = original.KindURL + KindAccount KindBasicEntity = original.KindAccount + KindEntity KindBasicEntity = original.KindEntity + KindFile KindBasicEntity = original.KindFile + KindHost KindBasicEntity = original.KindHost ) type KindBasicSettings = original.KindBasicSettings @@ -276,34 +194,6 @@ const ( Windows OSFamily = original.Windows ) -type RegistryHive = original.RegistryHive - -const ( - HKEYA RegistryHive = original.HKEYA - HKEYCLASSESROOT RegistryHive = original.HKEYCLASSESROOT - HKEYCURRENTCONFIG RegistryHive = original.HKEYCURRENTCONFIG - HKEYCURRENTUSER RegistryHive = original.HKEYCURRENTUSER - HKEYCURRENTUSERLOCALSETTINGS RegistryHive = original.HKEYCURRENTUSERLOCALSETTINGS - HKEYLOCALMACHINE RegistryHive = original.HKEYLOCALMACHINE - HKEYPERFORMANCEDATA RegistryHive = original.HKEYPERFORMANCEDATA - HKEYPERFORMANCENLSTEXT RegistryHive = original.HKEYPERFORMANCENLSTEXT - HKEYPERFORMANCETEXT RegistryHive = original.HKEYPERFORMANCETEXT - HKEYUSERS RegistryHive = original.HKEYUSERS -) - -type RegistryValueKind = original.RegistryValueKind - -const ( - RegistryValueKindBinary RegistryValueKind = original.RegistryValueKindBinary - RegistryValueKindDWord RegistryValueKind = original.RegistryValueKindDWord - RegistryValueKindExpandString RegistryValueKind = original.RegistryValueKindExpandString - RegistryValueKindMultiString RegistryValueKind = original.RegistryValueKindMultiString - RegistryValueKindNone RegistryValueKind = original.RegistryValueKindNone - RegistryValueKindQWord RegistryValueKind = original.RegistryValueKindQWord - RegistryValueKindString RegistryValueKind = original.RegistryValueKindString - RegistryValueKindUnknown RegistryValueKind = original.RegistryValueKindUnknown -) - type SettingKind = original.SettingKind const ( @@ -318,6 +208,14 @@ const ( StatusInMcasEnabled StatusInMcas = original.StatusInMcasEnabled ) +type TemplateStatus = original.TemplateStatus + +const ( + Available TemplateStatus = original.Available + Installed TemplateStatus = original.Installed + NotAvailable TemplateStatus = original.NotAvailable +) + type TriggerOperator = original.TriggerOperator const ( @@ -329,8 +227,6 @@ const ( type AADDataConnector = original.AADDataConnector type AADDataConnectorProperties = original.AADDataConnectorProperties -type AATPDataConnector = original.AATPDataConnector -type AATPDataConnectorProperties = original.AATPDataConnectorProperties type ASCDataConnector = original.ASCDataConnector type ASCDataConnectorProperties = original.ASCDataConnectorProperties type AccountEntity = original.AccountEntity @@ -347,21 +243,23 @@ type AggregationsModel = original.AggregationsModel type AlertRule = original.AlertRule type AlertRuleKind1 = original.AlertRuleKind1 type AlertRuleModel = original.AlertRuleModel +type AlertRuleTemplate = original.AlertRuleTemplate +type AlertRuleTemplateModel = original.AlertRuleTemplateModel +type AlertRuleTemplatesClient = original.AlertRuleTemplatesClient +type AlertRuleTemplatesList = original.AlertRuleTemplatesList +type AlertRuleTemplatesListIterator = original.AlertRuleTemplatesListIterator +type AlertRuleTemplatesListPage = original.AlertRuleTemplatesListPage type AlertRulesClient = original.AlertRulesClient type AlertRulesList = original.AlertRulesList type AlertRulesListIterator = original.AlertRulesListIterator type AlertRulesListPage = original.AlertRulesListPage type AlertsDataTypeOfDataConnector = original.AlertsDataTypeOfDataConnector type AlertsDataTypeOfDataConnectorAlerts = original.AlertsDataTypeOfDataConnectorAlerts -type AwsCloudTrailDataConnector = original.AwsCloudTrailDataConnector -type AwsCloudTrailDataConnectorDataTypes = original.AwsCloudTrailDataConnectorDataTypes -type AwsCloudTrailDataConnectorDataTypesLogs = original.AwsCloudTrailDataConnectorDataTypesLogs -type AwsCloudTrailDataConnectorProperties = original.AwsCloudTrailDataConnectorProperties -type AzureResourceEntity = original.AzureResourceEntity -type AzureResourceEntityProperties = original.AzureResourceEntityProperties +type BaseAlertRuleTemplateProperties = original.BaseAlertRuleTemplateProperties type BaseClient = original.BaseClient type BasicAggregations = original.BasicAggregations type BasicAlertRule = original.BasicAlertRule +type BasicAlertRuleTemplate = original.BasicAlertRuleTemplate type BasicDataConnector = original.BasicDataConnector type BasicEntity = original.BasicEntity type BasicSettings = original.BasicSettings @@ -382,12 +280,8 @@ type CasesAggregationByStatusProperties = original.CasesAggregationByStatusPrope type CasesAggregationProperties = original.CasesAggregationProperties type CasesAggregationsClient = original.CasesAggregationsClient type CasesClient = original.CasesClient -type CloudApplicationEntity = original.CloudApplicationEntity -type CloudApplicationEntityProperties = original.CloudApplicationEntityProperties type CloudError = original.CloudError type CloudErrorBody = original.CloudErrorBody -type DNSEntity = original.DNSEntity -type DNSEntityProperties = original.DNSEntityProperties type DataConnector = original.DataConnector type DataConnectorDataTypeCommon = original.DataConnectorDataTypeCommon type DataConnectorKind1 = original.DataConnectorKind1 @@ -395,15 +289,12 @@ type DataConnectorList = original.DataConnectorList type DataConnectorListIterator = original.DataConnectorListIterator type DataConnectorListPage = original.DataConnectorListPage type DataConnectorModel = original.DataConnectorModel +type DataConnectorStatus = original.DataConnectorStatus type DataConnectorTenantID = original.DataConnectorTenantID type DataConnectorWithAlertsProperties = original.DataConnectorWithAlertsProperties type DataConnectorsClient = original.DataConnectorsClient type EntitiesClient = original.EntitiesClient type Entity = original.Entity -type EntityCommonProperties = original.EntityCommonProperties -type EntityExpandParameters = original.EntityExpandParameters -type EntityExpandResponse = original.EntityExpandResponse -type EntityExpandResponseValue = original.EntityExpandResponseValue type EntityKind1 = original.EntityKind1 type EntityList = original.EntityList type EntityListIterator = original.EntityListIterator @@ -415,25 +306,16 @@ type EntityQueryList = original.EntityQueryList type EntityQueryListIterator = original.EntityQueryListIterator type EntityQueryListPage = original.EntityQueryListPage type EntityQueryProperties = original.EntityQueryProperties -type ExpansionResultAggregation = original.ExpansionResultAggregation -type ExpansionResultsMetadata = original.ExpansionResultsMetadata type FileEntity = original.FileEntity type FileEntityProperties = original.FileEntityProperties -type FileHashEntity = original.FileHashEntity -type FileHashEntityProperties = original.FileHashEntityProperties -type GeoLocation = original.GeoLocation +type FilterAlertRuleTemplate = original.FilterAlertRuleTemplate +type FilterAlertRuleTemplateProperties = original.FilterAlertRuleTemplateProperties +type FilterAlertRuleTemplatePropertiesModel = original.FilterAlertRuleTemplatePropertiesModel +type FusionAlertRuleTemplate = original.FusionAlertRuleTemplate type HostEntity = original.HostEntity type HostEntityProperties = original.HostEntityProperties -type IPEntity = original.IPEntity -type IPEntityProperties = original.IPEntityProperties type MCASDataConnector = original.MCASDataConnector -type MCASDataConnectorDataTypes = original.MCASDataConnectorDataTypes -type MCASDataConnectorDataTypesDiscoveryLogs = original.MCASDataConnectorDataTypesDiscoveryLogs type MCASDataConnectorProperties = original.MCASDataConnectorProperties -type MDATPDataConnector = original.MDATPDataConnector -type MDATPDataConnectorProperties = original.MDATPDataConnectorProperties -type MalwareEntity = original.MalwareEntity -type MalwareEntityProperties = original.MalwareEntityProperties type OfficeConsent = original.OfficeConsent type OfficeConsentList = original.OfficeConsentList type OfficeConsentListIterator = original.OfficeConsentListIterator @@ -451,21 +333,13 @@ type OperationsClient = original.OperationsClient type OperationsList = original.OperationsList type OperationsListIterator = original.OperationsListIterator type OperationsListPage = original.OperationsListPage -type ProcessEntity = original.ProcessEntity -type ProcessEntityProperties = original.ProcessEntityProperties type ProductSettingsClient = original.ProductSettingsClient -type RegistryKeyEntity = original.RegistryKeyEntity -type RegistryKeyEntityProperties = original.RegistryKeyEntityProperties -type RegistryValueEntity = original.RegistryValueEntity -type RegistryValueEntityProperties = original.RegistryValueEntityProperties type Resource = original.Resource type ScheduledAlertRule = original.ScheduledAlertRule type ScheduledAlertRuleProperties = original.ScheduledAlertRuleProperties -type SecurityAlert = original.SecurityAlert -type SecurityAlertProperties = original.SecurityAlertProperties -type SecurityAlertPropertiesConfidenceReasonsItem = original.SecurityAlertPropertiesConfidenceReasonsItem -type SecurityGroupEntity = original.SecurityGroupEntity -type SecurityGroupEntityProperties = original.SecurityGroupEntityProperties +type ScheduledAlertRuleTemplate = original.ScheduledAlertRuleTemplate +type ScheduledAlertRuleTemplateProperties = original.ScheduledAlertRuleTemplateProperties +type ScheduledAlertRuleTemplatePropertiesModel = original.ScheduledAlertRuleTemplatePropertiesModel type Settings = original.Settings type SettingsKind = original.SettingsKind type SettingsModel = original.SettingsModel @@ -473,11 +347,8 @@ type TIDataConnector = original.TIDataConnector type TIDataConnectorDataTypes = original.TIDataConnectorDataTypes type TIDataConnectorDataTypesIndicators = original.TIDataConnectorDataTypesIndicators type TIDataConnectorProperties = original.TIDataConnectorProperties -type ThreatIntelligence = original.ThreatIntelligence type ToggleSettings = original.ToggleSettings type ToggleSettingsProperties = original.ToggleSettingsProperties -type URLEntity = original.URLEntity -type URLEntityProperties = original.URLEntityProperties type UebaSettings = original.UebaSettings type UebaSettingsProperties = original.UebaSettingsProperties type UserInfo = original.UserInfo @@ -497,6 +368,18 @@ func NewActionsListIterator(page ActionsListPage) ActionsListIterator { func NewActionsListPage(getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage { return original.NewActionsListPage(getNextPage) } +func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient { + return original.NewAlertRuleTemplatesClient(subscriptionID) +} +func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient { + return original.NewAlertRuleTemplatesClientWithBaseURI(baseURI, subscriptionID) +} +func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator { + return original.NewAlertRuleTemplatesListIterator(page) +} +func NewAlertRuleTemplatesListPage(getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage { + return original.NewAlertRuleTemplatesListPage(getNextPage) +} func NewAlertRulesClient(subscriptionID string) AlertRulesClient { return original.NewAlertRulesClient(subscriptionID) } @@ -617,8 +500,8 @@ func PossibleAlertRuleKindValues() []AlertRuleKind { func PossibleAlertSeverityValues() []AlertSeverity { return original.PossibleAlertSeverityValues() } -func PossibleAlertStatusValues() []AlertStatus { - return original.PossibleAlertStatusValues() +func PossibleAttackTacticValues() []AttackTactic { + return original.PossibleAttackTacticValues() } func PossibleCaseSeverityValues() []CaseSeverity { return original.PossibleCaseSeverityValues() @@ -629,36 +512,24 @@ func PossibleCaseStatusValues() []CaseStatus { func PossibleCloseReasonValues() []CloseReason { return original.PossibleCloseReasonValues() } -func PossibleConfidenceLevelValues() []ConfidenceLevel { - return original.PossibleConfidenceLevelValues() -} -func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { - return original.PossibleConfidenceScoreStatusValues() -} func PossibleDataConnectorKindValues() []DataConnectorKind { return original.PossibleDataConnectorKindValues() } func PossibleDataTypeStateValues() []DataTypeState { return original.PossibleDataTypeStateValues() } -func PossibleElevationTokenValues() []ElevationToken { - return original.PossibleElevationTokenValues() +func PossibleDataTypeStatusValues() []DataTypeStatus { + return original.PossibleDataTypeStatusValues() } func PossibleEntityKindValues() []EntityKind { return original.PossibleEntityKindValues() } -func PossibleEntityTypeValues() []EntityType { - return original.PossibleEntityTypeValues() -} -func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { - return original.PossibleFileHashAlgorithmValues() -} -func PossibleKillChainIntentValues() []KillChainIntent { - return original.PossibleKillChainIntentValues() -} func PossibleKindBasicAggregationsValues() []KindBasicAggregations { return original.PossibleKindBasicAggregationsValues() } +func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { + return original.PossibleKindBasicAlertRuleTemplateValues() +} func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { return original.PossibleKindBasicDataConnectorValues() } @@ -677,18 +548,15 @@ func PossibleLicenseStatusValues() []LicenseStatus { func PossibleOSFamilyValues() []OSFamily { return original.PossibleOSFamilyValues() } -func PossibleRegistryHiveValues() []RegistryHive { - return original.PossibleRegistryHiveValues() -} -func PossibleRegistryValueKindValues() []RegistryValueKind { - return original.PossibleRegistryValueKindValues() -} func PossibleSettingKindValues() []SettingKind { return original.PossibleSettingKindValues() } func PossibleStatusInMcasValues() []StatusInMcas { return original.PossibleStatusInMcasValues() } +func PossibleTemplateStatusValues() []TemplateStatus { + return original.PossibleTemplateStatusValues() +} func PossibleTriggerOperatorValues() []TriggerOperator { return original.PossibleTriggerOperatorValues() } diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go index 9bd2fc7dc959..cabd8e50561e 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go @@ -22,6 +22,7 @@ package securityinsightapi import original "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi" type ActionsClientAPI = original.ActionsClientAPI +type AlertRuleTemplatesClientAPI = original.AlertRuleTemplatesClientAPI type AlertRulesClientAPI = original.AlertRulesClientAPI type BookmarksClientAPI = original.BookmarksClientAPI type CasesAggregationsClientAPI = original.CasesAggregationsClientAPI diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertruletemplates.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertruletemplates.go new file mode 100644 index 000000000000..c9d00301a65b --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertruletemplates.go @@ -0,0 +1,270 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type AlertRuleTemplatesClient struct { + BaseClient +} + +// NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client. +func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient { + return NewAlertRuleTemplatesClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client. +func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient { + return AlertRuleTemplatesClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Get gets the alert rule template. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// alertRuleTemplateID - alert rule template ID +func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRuleTemplatesClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, alertRuleTemplateID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "alertRuleTemplateId": autorest.Encode("path", alertRuleTemplateID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all alert rule templates. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.List") + defer func() { + sc := -1 + if result.artl.Response.Response != nil { + sc = result.artl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRuleTemplatesClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.artl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", resp, "Failure sending request") + return + } + + result.artl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client AlertRuleTemplatesClient) listNextResults(ctx context.Context, lastResults AlertRuleTemplatesList) (result AlertRuleTemplatesList, err error) { + req, err := lastResults.alertRuleTemplatesListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go index f0e21ffe611a..e72cffc3e2c3 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go @@ -41,105 +41,6 @@ func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) Entitie return EntitiesClient{NewWithBaseURI(baseURI, subscriptionID)} } -// Expand expands an entity. -// Parameters: -// resourceGroupName - the name of the resource group within the user's subscription. The name is case -// insensitive. -// operationalInsightsResourceProvider - the namespace of workspaces resource provider- -// Microsoft.OperationalInsights. -// workspaceName - the name of the workspace. -// entityID - entity ID -// parameters - the parameters required to execute an expand operation on the given entity. -func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (result EntityExpandResponse, err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/EntitiesClient.Expand") - defer func() { - sc := -1 - if result.Response.Response != nil { - sc = result.Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - if err := validation.Validate([]validation.Validation{ - {TargetValue: client.SubscriptionID, - Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, - {TargetValue: resourceGroupName, - Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, - {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, - {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, - {TargetValue: workspaceName, - Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, - {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { - return result, validation.NewError("securityinsight.EntitiesClient", "Expand", err.Error()) - } - - req, err := client.ExpandPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, entityID, parameters) - if err != nil { - err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", nil, "Failure preparing request") - return - } - - resp, err := client.ExpandSender(req) - if err != nil { - result.Response = autorest.Response{Response: resp} - err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", resp, "Failure sending request") - return - } - - result, err = client.ExpandResponder(resp) - if err != nil { - err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", resp, "Failure responding to request") - } - - return -} - -// ExpandPreparer prepares the Expand request. -func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (*http.Request, error) { - pathParameters := map[string]interface{}{ - "entityId": autorest.Encode("path", entityID), - "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), - "resourceGroupName": autorest.Encode("path", resourceGroupName), - "subscriptionId": autorest.Encode("path", client.SubscriptionID), - "workspaceName": autorest.Encode("path", workspaceName), - } - - const APIVersion = "2019-01-01-preview" - queryParameters := map[string]interface{}{ - "api-version": APIVersion, - } - - preparer := autorest.CreatePreparer( - autorest.AsContentType("application/json; charset=utf-8"), - autorest.AsPost(), - autorest.WithBaseURL(client.BaseURI), - autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand", pathParameters), - autorest.WithJSON(parameters), - autorest.WithQueryParameters(queryParameters)) - return preparer.Prepare((&http.Request{}).WithContext(ctx)) -} - -// ExpandSender sends the Expand request. The method will close the -// http.Response Body if it receives an error. -func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error) { - sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) - return autorest.SendWithSender(client, req, sd...) -} - -// ExpandResponder handles the response to the Expand request. The method always -// closes the http.Response Body. -func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error) { - err = autorest.Respond( - resp, - client.ByInspecting(), - azure.WithErrorUnlessStatusCode(http.StatusOK), - autorest.ByUnmarshallingJSON(&result), - autorest.ByClosing()) - result.Response = autorest.Response{Response: resp} - return -} - // Get gets an entity. // Parameters: // resourceGroupName - the name of the resource group within the user's subscription. The name is case diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index 7f24440b5600..1d10bf60ff32 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -48,13 +48,17 @@ func PossibleAggregationsKindValues() []AggregationsKind { type AlertRuleKind string const ( + // Filter ... + Filter AlertRuleKind = "Filter" + // Fusion ... + Fusion AlertRuleKind = "Fusion" // Scheduled ... Scheduled AlertRuleKind = "Scheduled" ) // PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type. func PossibleAlertRuleKindValues() []AlertRuleKind { - return []AlertRuleKind{Scheduled} + return []AlertRuleKind{Filter, Fusion, Scheduled} } // AlertSeverity enumerates the values for alert severity. @@ -76,25 +80,37 @@ func PossibleAlertSeverityValues() []AlertSeverity { return []AlertSeverity{High, Informational, Low, Medium} } -// AlertStatus enumerates the values for alert status. -type AlertStatus string +// AttackTactic enumerates the values for attack tactic. +type AttackTactic string const ( - // AlertStatusDismissed Alert dismissed as false positive - AlertStatusDismissed AlertStatus = "Dismissed" - // AlertStatusInProgress Alert is being handled - AlertStatusInProgress AlertStatus = "InProgress" - // AlertStatusNew New alert - AlertStatusNew AlertStatus = "New" - // AlertStatusResolved Alert closed after handling - AlertStatusResolved AlertStatus = "Resolved" - // AlertStatusUnknown Unknown value - AlertStatusUnknown AlertStatus = "Unknown" + // Collection ... + Collection AttackTactic = "Collection" + // CommandAndControl ... + CommandAndControl AttackTactic = "CommandAndControl" + // CredentialAccess ... + CredentialAccess AttackTactic = "CredentialAccess" + // DefenseEvasion ... + DefenseEvasion AttackTactic = "DefenseEvasion" + // Discovery ... + Discovery AttackTactic = "Discovery" + // Execution ... + Execution AttackTactic = "Execution" + // Exfiltration ... + Exfiltration AttackTactic = "Exfiltration" + // InitialAccess ... + InitialAccess AttackTactic = "InitialAccess" + // LateralMovement ... + LateralMovement AttackTactic = "LateralMovement" + // Persistence ... + Persistence AttackTactic = "Persistence" + // PrivilegeEscalation ... + PrivilegeEscalation AttackTactic = "PrivilegeEscalation" ) -// PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type. -func PossibleAlertStatusValues() []AlertStatus { - return []AlertStatus{AlertStatusDismissed, AlertStatusInProgress, AlertStatusNew, AlertStatusResolved, AlertStatusUnknown} +// PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. +func PossibleAttackTacticValues() []AttackTactic { + return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation} } // CaseSeverity enumerates the values for case severity. @@ -154,69 +170,25 @@ func PossibleCloseReasonValues() []CloseReason { return []CloseReason{Dismissed, Other, Resolved} } -// ConfidenceLevel enumerates the values for confidence level. -type ConfidenceLevel string - -const ( - // ConfidenceLevelHigh High confidence that the alert is true positive malicious - ConfidenceLevelHigh ConfidenceLevel = "High" - // ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an - // attack - ConfidenceLevelLow ConfidenceLevel = "Low" - // ConfidenceLevelUnknown Unknown confidence, the is the default value - ConfidenceLevelUnknown ConfidenceLevel = "Unknown" -) - -// PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type. -func PossibleConfidenceLevelValues() []ConfidenceLevel { - return []ConfidenceLevel{ConfidenceLevelHigh, ConfidenceLevelLow, ConfidenceLevelUnknown} -} - -// ConfidenceScoreStatus enumerates the values for confidence score status. -type ConfidenceScoreStatus string - -const ( - // Final Final score was calculated and available - Final ConfidenceScoreStatus = "Final" - // InProcess No score was set yet and calculation is in progress - InProcess ConfidenceScoreStatus = "InProcess" - // NotApplicable Score will not be calculated for this alert as it is not supported by virtual analyst - NotApplicable ConfidenceScoreStatus = "NotApplicable" - // NotFinal Score is calculated and shown as part of the alert, but may be updated again at a later time - // following the processing of additional data - NotFinal ConfidenceScoreStatus = "NotFinal" -) - -// PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type. -func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { - return []ConfidenceScoreStatus{Final, InProcess, NotApplicable, NotFinal} -} - // DataConnectorKind enumerates the values for data connector kind. type DataConnectorKind string const ( - // DataConnectorKindAmazonWebServicesCloudTrail ... - DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" - // DataConnectorKindAzureActiveDirectory ... - DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" - // DataConnectorKindAzureAdvancedThreatProtection ... - DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" - // DataConnectorKindAzureSecurityCenter ... - DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" - // DataConnectorKindMicrosoftCloudAppSecurity ... - DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" - // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... - DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" - // DataConnectorKindOffice365 ... - DataConnectorKindOffice365 DataConnectorKind = "Office365" - // DataConnectorKindThreatIntelligence ... - DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" + // AzureActiveDirectory ... + AzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" + // AzureSecurityCenter ... + AzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" + // MicrosoftCloudAppSecurity ... + MicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" + // Office365 ... + Office365 DataConnectorKind = "Office365" + // ThreatIntelligence ... + ThreatIntelligence DataConnectorKind = "ThreatIntelligence" ) // PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. func PossibleDataConnectorKindValues() []DataConnectorKind { - return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence} + return []DataConnectorKind{AzureActiveDirectory, AzureSecurityCenter, MicrosoftCloudAppSecurity, Office365, ThreatIntelligence} } // DataTypeState enumerates the values for data type state. @@ -234,206 +206,36 @@ func PossibleDataTypeStateValues() []DataTypeState { return []DataTypeState{Disabled, Enabled} } -// ElevationToken enumerates the values for elevation token. -type ElevationToken string +// DataTypeStatus enumerates the values for data type status. +type DataTypeStatus string const ( - // Default Default elevation token - Default ElevationToken = "Default" - // Full Full elevation token - Full ElevationToken = "Full" - // Limited Limited elevation token - Limited ElevationToken = "Limited" + // Exist ... + Exist DataTypeStatus = "Exist" + // NotExist ... + NotExist DataTypeStatus = "NotExist" ) -// PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type. -func PossibleElevationTokenValues() []ElevationToken { - return []ElevationToken{Default, Full, Limited} +// PossibleDataTypeStatusValues returns an array of possible values for the DataTypeStatus const type. +func PossibleDataTypeStatusValues() []DataTypeStatus { + return []DataTypeStatus{Exist, NotExist} } // EntityKind enumerates the values for entity kind. type EntityKind string const ( - // EntityKindAccount Entity represents account in the system. - EntityKindAccount EntityKind = "Account" - // EntityKindAzureResource Entity represents azure resource in the system. - EntityKindAzureResource EntityKind = "AzureResource" - // EntityKindBookmark Entity represents bookmark in the system. - EntityKindBookmark EntityKind = "Bookmark" - // EntityKindCloudApplication Entity represents cloud application in the system. - EntityKindCloudApplication EntityKind = "CloudApplication" - // EntityKindDNSResolution Entity represents dns resolution in the system. - EntityKindDNSResolution EntityKind = "DnsResolution" - // EntityKindFile Entity represents file in the system. - EntityKindFile EntityKind = "File" - // EntityKindFileHash Entity represents file hash in the system. - EntityKindFileHash EntityKind = "FileHash" - // EntityKindHost Entity represents host in the system. - EntityKindHost EntityKind = "Host" - // EntityKindIP Entity represents ip in the system. - EntityKindIP EntityKind = "Ip" - // EntityKindMalware Entity represents malware in the system. - EntityKindMalware EntityKind = "Malware" - // EntityKindProcess Entity represents process in the system. - EntityKindProcess EntityKind = "Process" - // EntityKindRegistryKey Entity represents registry key in the system. - EntityKindRegistryKey EntityKind = "RegistryKey" - // EntityKindRegistryValue Entity represents registry value in the system. - EntityKindRegistryValue EntityKind = "RegistryValue" - // EntityKindSecurityAlert Entity represents security alert in the system. - EntityKindSecurityAlert EntityKind = "SecurityAlert" - // EntityKindSecurityGroup Entity represents security group in the system. - EntityKindSecurityGroup EntityKind = "SecurityGroup" - // EntityKindURL Entity represents url in the system. - EntityKindURL EntityKind = "Url" + // Account Entity represents account in the system. + Account EntityKind = "Account" + // File Entity represents file in the system. + File EntityKind = "File" + // Host Entity represents host in the system. + Host EntityKind = "Host" ) // PossibleEntityKindValues returns an array of possible values for the EntityKind const type. func PossibleEntityKindValues() []EntityKind { - return []EntityKind{EntityKindAccount, EntityKindAzureResource, EntityKindBookmark, EntityKindCloudApplication, EntityKindDNSResolution, EntityKindFile, EntityKindFileHash, EntityKindHost, EntityKindIP, EntityKindMalware, EntityKindProcess, EntityKindRegistryKey, EntityKindRegistryValue, EntityKindSecurityAlert, EntityKindSecurityGroup, EntityKindURL} -} - -// EntityType enumerates the values for entity type. -type EntityType string - -const ( - // EntityTypeAccount Entity represents account in the system. - EntityTypeAccount EntityType = "Account" - // EntityTypeAzureResource Entity represents azure resource in the system. - EntityTypeAzureResource EntityType = "AzureResource" - // EntityTypeCloudApplication Entity represents cloud application in the system. - EntityTypeCloudApplication EntityType = "CloudApplication" - // EntityTypeDNS Entity represents dns in the system. - EntityTypeDNS EntityType = "DNS" - // EntityTypeFile Entity represents file in the system. - EntityTypeFile EntityType = "File" - // EntityTypeFileHash Entity represents file hash in the system. - EntityTypeFileHash EntityType = "FileHash" - // EntityTypeHost Entity represents host in the system. - EntityTypeHost EntityType = "Host" - // EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system. - EntityTypeHuntingBookmark EntityType = "HuntingBookmark" - // EntityTypeIP Entity represents ip in the system. - EntityTypeIP EntityType = "IP" - // EntityTypeMalware Entity represents malware in the system. - EntityTypeMalware EntityType = "Malware" - // EntityTypeProcess Entity represents process in the system. - EntityTypeProcess EntityType = "Process" - // EntityTypeRegistryKey Entity represents registry key in the system. - EntityTypeRegistryKey EntityType = "RegistryKey" - // EntityTypeRegistryValue Entity represents registry value in the system. - EntityTypeRegistryValue EntityType = "RegistryValue" - // EntityTypeSecurityAlert Entity represents security alert in the system. - EntityTypeSecurityAlert EntityType = "SecurityAlert" - // EntityTypeSecurityGroup Entity represents security group in the system. - EntityTypeSecurityGroup EntityType = "SecurityGroup" - // EntityTypeURL Entity represents url in the system. - EntityTypeURL EntityType = "URL" -) - -// PossibleEntityTypeValues returns an array of possible values for the EntityType const type. -func PossibleEntityTypeValues() []EntityType { - return []EntityType{EntityTypeAccount, EntityTypeAzureResource, EntityTypeCloudApplication, EntityTypeDNS, EntityTypeFile, EntityTypeFileHash, EntityTypeHost, EntityTypeHuntingBookmark, EntityTypeIP, EntityTypeMalware, EntityTypeProcess, EntityTypeRegistryKey, EntityTypeRegistryValue, EntityTypeSecurityAlert, EntityTypeSecurityGroup, EntityTypeURL} -} - -// FileHashAlgorithm enumerates the values for file hash algorithm. -type FileHashAlgorithm string - -const ( - // MD5 MD5 hash type - MD5 FileHashAlgorithm = "MD5" - // SHA1 SHA1 hash type - SHA1 FileHashAlgorithm = "SHA1" - // SHA256 SHA256 hash type - SHA256 FileHashAlgorithm = "SHA256" - // SHA256AC SHA256 Authenticode hash type - SHA256AC FileHashAlgorithm = "SHA256AC" - // Unknown Unknown hash algorithm - Unknown FileHashAlgorithm = "Unknown" -) - -// PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type. -func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { - return []FileHashAlgorithm{MD5, SHA1, SHA256, SHA256AC, Unknown} -} - -// KillChainIntent enumerates the values for kill chain intent. -type KillChainIntent string - -const ( - // KillChainIntentCollection Collection consists of techniques used to identify and gather information, - // such as sensitive files, from a target network prior to exfiltration. This category also covers - // locations on a system or network where the adversary may look for information to exfiltrate. - KillChainIntentCollection KillChainIntent = "Collection" - // KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate - // with systems under their control within a target network. - KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" - // KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or - // control over system, domain, or service credentials that are used within an enterprise environment. - // Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts - // (local system administrator or domain users with administrator access) to use within the network. With - // sufficient access within a network, an adversary can create accounts for later use within the - // environment. - KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" - // KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade - // detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques - // in other categories that have the added benefit of subverting a particular defense or mitigation. - KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" - // KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge - // about the system and internal network. When adversaries gain access to a new system, they must orient - // themselves to what they now have control of and what benefits operating from that system give to their - // current objective or overall goals during the intrusion. The operating system provides many native tools - // that aid in this post-compromise information-gathering phase. - KillChainIntentDiscovery KillChainIntent = "Discovery" - // KillChainIntentExecution The execution tactic represents techniques that result in execution of - // adversary-controlled code on a local or remote system. This tactic is often used in conjunction with - // lateral movement to expand access to remote systems on a network. - KillChainIntentExecution KillChainIntent = "Execution" - // KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the - // adversary removing files and information from a target network. This category also covers locations on a - // system or network where the adversary may look for information to exfiltrate. - KillChainIntentExfiltration KillChainIntent = "Exfiltration" - // KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the - // attacked resource. This stage is applicable not only for compute hosts, but also for resources such as - // user accounts, certificates etc. Adversaries will often be able to control the resource after this - // stage. - KillChainIntentExploitation KillChainIntent = "Exploitation" - // KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or - // integrity of a system, service, or network; including manipulation of data to impact a business or - // operational process. This would often refer to techniques such as ransom-ware, defacement, data - // manipulation and others. - KillChainIntentImpact KillChainIntent = "Impact" - // KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to - // access and control remote systems on a network and could, but does not necessarily, include execution of - // tools on remote systems. The lateral movement techniques could allow an adversary to gather information - // from a system without needing additional tools, such as a remote access tool. An adversary can use - // lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, - // access to specific information or files, access to additional credentials, or to cause an effect. - KillChainIntentLateralMovement KillChainIntent = "LateralMovement" - // KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that - // gives an adversary a persistent presence on that system. Adversaries will often need to maintain access - // to systems through interruptions such as system restarts, loss of credentials, or other failures that - // would require a remote access tool to restart or alternate backdoor for them to regain access. - KillChainIntentPersistence KillChainIntent = "Persistence" - // KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary - // to obtain a higher level of permissions on a system or network. Certain tools or actions require a - // higher level of privilege to work and are likely necessary at many points throughout an operation. User - // accounts with permissions to access specific systems or perform specific functions necessary for - // adversaries to achieve their objective may also be considered an escalation of privilege. - KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" - // KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a - // malicious intent or a failed attempt to gain access to a target system to gather information prior to - // exploitation. This step is usually detected as an attempt originating from outside the network in - // attempt to scan the target system and find a way in. - KillChainIntentProbing KillChainIntent = "Probing" - // KillChainIntentUnknown The default value. - KillChainIntentUnknown KillChainIntent = "Unknown" -) - -// PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type. -func PossibleKillChainIntentValues() []KillChainIntent { - return []KillChainIntent{KillChainIntentCollection, KillChainIntentCommandAndControl, KillChainIntentCredentialAccess, KillChainIntentDefenseEvasion, KillChainIntentDiscovery, KillChainIntentExecution, KillChainIntentExfiltration, KillChainIntentExploitation, KillChainIntentImpact, KillChainIntentLateralMovement, KillChainIntentPersistence, KillChainIntentPrivilegeEscalation, KillChainIntentProbing, KillChainIntentUnknown} + return []EntityKind{Account, File, Host} } // Kind enumerates the values for kind. @@ -466,24 +268,37 @@ func PossibleKindBasicAggregationsValues() []KindBasicAggregations { return []KindBasicAggregations{KindAggregations, KindCasesAggregation} } +// KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. +type KindBasicAlertRuleTemplate string + +const ( + // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... + KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" + // KindBasicAlertRuleTemplateKindFilter ... + KindBasicAlertRuleTemplateKindFilter KindBasicAlertRuleTemplate = "Filter" + // KindBasicAlertRuleTemplateKindFusion ... + KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" + // KindBasicAlertRuleTemplateKindScheduled ... + KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" +) + +// PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type. +func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { + return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFilter, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindScheduled} +} + // KindBasicDataConnector enumerates the values for kind basic data connector. type KindBasicDataConnector string const ( - // KindAmazonWebServicesCloudTrail ... - KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail" // KindAzureActiveDirectory ... KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory" - // KindAzureAdvancedThreatProtection ... - KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection" // KindAzureSecurityCenter ... KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter" // KindDataConnector ... KindDataConnector KindBasicDataConnector = "DataConnector" // KindMicrosoftCloudAppSecurity ... KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity" - // KindMicrosoftDefenderAdvancedThreatProtection ... - KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" // KindOffice365 ... KindOffice365 KindBasicDataConnector = "Office365" // KindThreatIntelligence ... @@ -492,7 +307,7 @@ const ( // PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { - return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindThreatIntelligence} + return []KindBasicDataConnector{KindAzureActiveDirectory, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindOffice365, KindThreatIntelligence} } // KindBasicEntity enumerates the values for kind basic entity. @@ -501,41 +316,17 @@ type KindBasicEntity string const ( // KindAccount ... KindAccount KindBasicEntity = "Account" - // KindAzureResource ... - KindAzureResource KindBasicEntity = "AzureResource" - // KindCloudApplication ... - KindCloudApplication KindBasicEntity = "CloudApplication" - // KindDNSResolution ... - KindDNSResolution KindBasicEntity = "DnsResolution" // KindEntity ... KindEntity KindBasicEntity = "Entity" // KindFile ... KindFile KindBasicEntity = "File" - // KindFileHash ... - KindFileHash KindBasicEntity = "FileHash" // KindHost ... KindHost KindBasicEntity = "Host" - // KindIP ... - KindIP KindBasicEntity = "Ip" - // KindMalware ... - KindMalware KindBasicEntity = "Malware" - // KindProcess ... - KindProcess KindBasicEntity = "Process" - // KindRegistryKey ... - KindRegistryKey KindBasicEntity = "RegistryKey" - // KindRegistryValue ... - KindRegistryValue KindBasicEntity = "RegistryValue" - // KindSecurityAlert ... - KindSecurityAlert KindBasicEntity = "SecurityAlert" - // KindSecurityGroup ... - KindSecurityGroup KindBasicEntity = "SecurityGroup" - // KindURL ... - KindURL KindBasicEntity = "Url" ) // PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type. func PossibleKindBasicEntityValues() []KindBasicEntity { - return []KindBasicEntity{KindAccount, KindAzureResource, KindCloudApplication, KindDNSResolution, KindEntity, KindFile, KindFileHash, KindHost, KindIP, KindMalware, KindProcess, KindRegistryKey, KindRegistryValue, KindSecurityAlert, KindSecurityGroup, KindURL} + return []KindBasicEntity{KindAccount, KindEntity, KindFile, KindHost} } // KindBasicSettings enumerates the values for kind basic settings. @@ -589,64 +380,6 @@ func PossibleOSFamilyValues() []OSFamily { return []OSFamily{Android, IOS, Linux, Windows} } -// RegistryHive enumerates the values for registry hive. -type RegistryHive string - -const ( - // HKEYA HKEY_A - HKEYA RegistryHive = "HKEY_A" - // HKEYCLASSESROOT HKEY_CLASSES_ROOT - HKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT" - // HKEYCURRENTCONFIG HKEY_CURRENT_CONFIG - HKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG" - // HKEYCURRENTUSER HKEY_CURRENT_USER - HKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER" - // HKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS - HKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS" - // HKEYLOCALMACHINE HKEY_LOCAL_MACHINE - HKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE" - // HKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA - HKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA" - // HKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT - HKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT" - // HKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT - HKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT" - // HKEYUSERS HKEY_USERS - HKEYUSERS RegistryHive = "HKEY_USERS" -) - -// PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type. -func PossibleRegistryHiveValues() []RegistryHive { - return []RegistryHive{HKEYA, HKEYCLASSESROOT, HKEYCURRENTCONFIG, HKEYCURRENTUSER, HKEYCURRENTUSERLOCALSETTINGS, HKEYLOCALMACHINE, HKEYPERFORMANCEDATA, HKEYPERFORMANCENLSTEXT, HKEYPERFORMANCETEXT, HKEYUSERS} -} - -// RegistryValueKind enumerates the values for registry value kind. -type RegistryValueKind string - -const ( - // RegistryValueKindBinary Binary value type - RegistryValueKindBinary RegistryValueKind = "Binary" - // RegistryValueKindDWord DWord value type - RegistryValueKindDWord RegistryValueKind = "DWord" - // RegistryValueKindExpandString ExpandString value type - RegistryValueKindExpandString RegistryValueKind = "ExpandString" - // RegistryValueKindMultiString MultiString value type - RegistryValueKindMultiString RegistryValueKind = "MultiString" - // RegistryValueKindNone None - RegistryValueKindNone RegistryValueKind = "None" - // RegistryValueKindQWord QWord value type - RegistryValueKindQWord RegistryValueKind = "QWord" - // RegistryValueKindString String value type - RegistryValueKindString RegistryValueKind = "String" - // RegistryValueKindUnknown Unknown value type - RegistryValueKindUnknown RegistryValueKind = "Unknown" -) - -// PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type. -func PossibleRegistryValueKindValues() []RegistryValueKind { - return []RegistryValueKind{RegistryValueKindBinary, RegistryValueKindDWord, RegistryValueKindExpandString, RegistryValueKindMultiString, RegistryValueKindNone, RegistryValueKindQWord, RegistryValueKindString, RegistryValueKindUnknown} -} - // SettingKind enumerates the values for setting kind. type SettingKind string @@ -677,6 +410,23 @@ func PossibleStatusInMcasValues() []StatusInMcas { return []StatusInMcas{StatusInMcasDisabled, StatusInMcasEnabled} } +// TemplateStatus enumerates the values for template status. +type TemplateStatus string + +const ( + // Available Alert rule template is available. + Available TemplateStatus = "Available" + // Installed Alert rule template installed. and cann't use more then once + Installed TemplateStatus = "Installed" + // NotAvailable Alert rule template is not available + NotAvailable TemplateStatus = "NotAvailable" +) + +// PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type. +func PossibleTemplateStatusValues() []TemplateStatus { + return []TemplateStatus{Available, Installed, NotAvailable} +} + // TriggerOperator enumerates the values for trigger operator. type TriggerOperator string @@ -708,7 +458,7 @@ type AADDataConnector struct { Name *string `json:"name,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -738,11 +488,6 @@ func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false -} - // AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector. func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return &adc, true @@ -758,16 +503,6 @@ func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false -} - -// AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return nil, false -} - // AsDataConnector is the BasicDataConnector implementation for AADDataConnector. func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -855,165 +590,6 @@ type AADDataConnectorProperties struct { DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } -// AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector. -type AATPDataConnector struct { - // AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties. - *AATPDataConnectorProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' - Kind KindBasicDataConnector `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for AATPDataConnector. -func (adc AATPDataConnector) MarshalJSON() ([]byte, error) { - adc.Kind = KindAzureAdvancedThreatProtection - objectMap := make(map[string]interface{}) - if adc.AATPDataConnectorProperties != nil { - objectMap["properties"] = adc.AATPDataConnectorProperties - } - if adc.Etag != nil { - objectMap["etag"] = adc.Etag - } - if adc.Kind != "" { - objectMap["kind"] = adc.Kind - } - return json.Marshal(objectMap) -} - -// AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false -} - -// AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return nil, false -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false -} - -// AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return nil, false -} - -// AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { - return nil, false -} - -// AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return nil, false -} - -// AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return &adc, true -} - -// AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return nil, false -} - -// AsDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool) { - return nil, false -} - -// AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &adc, true -} - -// UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct. -func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var aATPDataConnectorProperties AATPDataConnectorProperties - err = json.Unmarshal(*v, &aATPDataConnectorProperties) - if err != nil { - return err - } - adc.AATPDataConnectorProperties = &aATPDataConnectorProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - adc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - adc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - adc.Name = &name - } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - adc.Etag = &etag - } - case "kind": - if v != nil { - var kind KindBasicDataConnector - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - adc.Kind = kind - } - } - } - - return nil -} - -// AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties. -type AATPDataConnectorProperties struct { - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` - // DataTypes - The available data types for the connector. - DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` -} - // AccountEntity represents an account entity. type AccountEntity struct { // AccountEntityProperties - Account entity properties @@ -1024,7 +600,7 @@ type AccountEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -1056,66 +632,6 @@ func (ae AccountEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for AccountEntity. func (ae AccountEntity) AsEntity() (*Entity, bool) { return nil, false @@ -1204,22 +720,8 @@ type AccountEntityProperties struct { Puid *string `json:"puid,omitempty"` // IsDomainJoined - READ-ONLY; Determines whether this is a domain account. IsDomainJoined *bool `json:"isDomainJoined,omitempty"` - // DisplayName - READ-ONLY; The display name of the account. - DisplayName *string `json:"displayName,omitempty"` // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` - // HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined) - HostEntityID *string `json:"hostEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for AccountEntityProperties. -func (aep AccountEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) } // Action action for alert rule. @@ -1653,7 +1155,7 @@ func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { // AlertRuleKind1 describes an Azure resource with kind. type AlertRuleKind1 struct { - // Kind - The kind of the alert rule. Possible values include: 'Scheduled' + // Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'Filter', 'Fusion' Kind AlertRuleKind `json:"kind,omitempty"` } @@ -1852,43 +1354,344 @@ func NewAlertRulesListPage(getNextPage func(context.Context, AlertRulesList) (Al return AlertRulesListPage{fn: getNextPage} } -// AlertsDataTypeOfDataConnector alerts data type for data connectors. -type AlertsDataTypeOfDataConnector struct { - // Alerts - Alerts data type connection. - Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` -} - -// AlertsDataTypeOfDataConnectorAlerts alerts data type connection. -type AlertsDataTypeOfDataConnectorAlerts struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` +// BasicAlertRuleTemplate alert rule template. +type BasicAlertRuleTemplate interface { + AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) + AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) + AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) + AsAlertRuleTemplate() (*AlertRuleTemplate, bool) } -// ASCDataConnector represents ASC (Azure Security Center) data connector. -type ASCDataConnector struct { - // ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties. - *ASCDataConnectorProperties `json:"properties,omitempty"` +// AlertRuleTemplate alert rule template. +type AlertRuleTemplate struct { + autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for ASCDataConnector. -func (adc ASCDataConnector) MarshalJSON() ([]byte, error) { - adc.Kind = KindAzureSecurityCenter - objectMap := make(map[string]interface{}) - if adc.ASCDataConnectorProperties != nil { - objectMap["properties"] = adc.ASCDataConnectorProperties +func unmarshalBasicAlertRuleTemplate(body []byte) (BasicAlertRuleTemplate, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err } - if adc.Etag != nil { - objectMap["etag"] = adc.Etag + + switch m["kind"] { + case string(KindBasicAlertRuleTemplateKindScheduled): + var sart ScheduledAlertRuleTemplate + err := json.Unmarshal(body, &sart) + return sart, err + case string(KindBasicAlertRuleTemplateKindFilter): + var fart FilterAlertRuleTemplate + err := json.Unmarshal(body, &fart) + return fart, err + case string(KindBasicAlertRuleTemplateKindFusion): + var fart FusionAlertRuleTemplate + err := json.Unmarshal(body, &fart) + return fart, err + default: + var art AlertRuleTemplate + err := json.Unmarshal(body, &art) + return art, err + } +} +func unmarshalBasicAlertRuleTemplateArray(body []byte) ([]BasicAlertRuleTemplate, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + artArray := make([]BasicAlertRuleTemplate, len(rawMessages)) + + for index, rawMessage := range rawMessages { + art, err := unmarshalBasicAlertRuleTemplate(*rawMessage) + if err != nil { + return nil, err + } + artArray[index] = art + } + return artArray, nil +} + +// MarshalJSON is the custom marshaler for AlertRuleTemplate. +func (art AlertRuleTemplate) MarshalJSON() ([]byte, error) { + art.Kind = KindBasicAlertRuleTemplateKindAlertRuleTemplate + objectMap := make(map[string]interface{}) + if art.Etag != nil { + objectMap["etag"] = art.Etag + } + if art.Kind != "" { + objectMap["kind"] = art.Kind + } + return json.Marshal(objectMap) +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { + return nil, false +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return &art, true +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &art, true +} + +// AlertRuleTemplateModel ... +type AlertRuleTemplateModel struct { + autorest.Response `json:"-"` + Value BasicAlertRuleTemplate `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct. +func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error { + art, err := unmarshalBasicAlertRuleTemplate(body) + if err != nil { + return err + } + artm.Value = art + + return nil +} + +// AlertRuleTemplatesList list all the alert rule templates. +type AlertRuleTemplatesList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of alert rule templates. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of alert rule templates. + Value *[]BasicAlertRuleTemplate `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct. +func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "nextLink": + if v != nil { + var nextLink string + err = json.Unmarshal(*v, &nextLink) + if err != nil { + return err + } + artl.NextLink = &nextLink + } + case "value": + if v != nil { + value, err := unmarshalBasicAlertRuleTemplateArray(*v) + if err != nil { + return err + } + artl.Value = &value + } + } + } + + return nil +} + +// AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values. +type AlertRuleTemplatesListIterator struct { + i int + page AlertRuleTemplatesListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *AlertRuleTemplatesListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter AlertRuleTemplatesListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate { + if !iter.page.NotDone() { + return AlertRuleTemplate{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the AlertRuleTemplatesListIterator type. +func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator { + return AlertRuleTemplatesListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (artl AlertRuleTemplatesList) IsEmpty() bool { + return artl.Value == nil || len(*artl.Value) == 0 +} + +// alertRuleTemplatesListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (artl AlertRuleTemplatesList) alertRuleTemplatesListPreparer(ctx context.Context) (*http.Request, error) { + if artl.NextLink == nil || len(to.String(artl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(artl.NextLink))) +} + +// AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values. +type AlertRuleTemplatesListPage struct { + fn func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error) + artl AlertRuleTemplatesList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.artl) + if err != nil { + return err + } + page.artl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *AlertRuleTemplatesListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page AlertRuleTemplatesListPage) NotDone() bool { + return !page.artl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList { + return page.artl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate { + if page.artl.IsEmpty() { + return nil + } + return *page.artl.Value +} + +// Creates a new instance of the AlertRuleTemplatesListPage type. +func NewAlertRuleTemplatesListPage(getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage { + return AlertRuleTemplatesListPage{fn: getNextPage} +} + +// AlertsDataTypeOfDataConnector alerts data type for data connectors. +type AlertsDataTypeOfDataConnector struct { + // Alerts - Alerts data type connection. + Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` +} + +// AlertsDataTypeOfDataConnectorAlerts alerts data type connection. +type AlertsDataTypeOfDataConnectorAlerts struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// ASCDataConnector represents ASC (Azure Security Center) data connector. +type ASCDataConnector struct { + // ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties. + *ASCDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ASCDataConnector. +func (adc ASCDataConnector) MarshalJSON() ([]byte, error) { + adc.Kind = KindAzureSecurityCenter + objectMap := make(map[string]interface{}) + if adc.ASCDataConnectorProperties != nil { + objectMap["properties"] = adc.ASCDataConnectorProperties + } + if adc.Etag != nil { + objectMap["etag"] = adc.Etag } if adc.Kind != "" { objectMap["kind"] = adc.Kind @@ -1906,11 +1709,6 @@ func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false -} - // AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false @@ -1926,16 +1724,6 @@ func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false -} - -// AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return nil, false -} - // AsDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -2023,389 +1811,47 @@ type ASCDataConnectorProperties struct { DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } -// AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector. -type AwsCloudTrailDataConnector struct { - // AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties. - *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"` +// BaseAlertRuleTemplateProperties base alert rule template property bag. +type BaseAlertRuleTemplateProperties struct { + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that was created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` +} + +// Bookmark represents a bookmark in Azure Security Insights. +type Bookmark struct { + autorest.Response `json:"-"` + // Etag - Etag of the bookmark. + Etag *string `json:"etag,omitempty"` + // BookmarkProperties - Bookmark properties + *BookmarkProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' - Kind KindBasicDataConnector `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { - actdc.Kind = KindAmazonWebServicesCloudTrail +// MarshalJSON is the custom marshaler for Bookmark. +func (b Bookmark) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - if actdc.AwsCloudTrailDataConnectorProperties != nil { - objectMap["properties"] = actdc.AwsCloudTrailDataConnectorProperties - } - if actdc.Etag != nil { - objectMap["etag"] = actdc.Etag + if b.Etag != nil { + objectMap["etag"] = b.Etag } - if actdc.Kind != "" { - objectMap["kind"] = actdc.Kind - } - return json.Marshal(objectMap) -} - -// AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false -} - -// AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return nil, false -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return &actdc, true -} - -// AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return nil, false -} - -// AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { - return nil, false -} - -// AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return nil, false -} - -// AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false -} - -// AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return nil, false -} - -// AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool) { - return nil, false -} - -// AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &actdc, true -} - -// UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct. -func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var awsCloudTrailDataConnectorProperties AwsCloudTrailDataConnectorProperties - err = json.Unmarshal(*v, &awsCloudTrailDataConnectorProperties) - if err != nil { - return err - } - actdc.AwsCloudTrailDataConnectorProperties = &awsCloudTrailDataConnectorProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - actdc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - actdc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - actdc.Name = &name - } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - actdc.Etag = &etag - } - case "kind": - if v != nil { - var kind KindBasicDataConnector - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - actdc.Kind = kind - } - } - } - - return nil -} - -// AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data -// connector. -type AwsCloudTrailDataConnectorDataTypes struct { - // Logs - Logs data type. - Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"` -} - -// AwsCloudTrailDataConnectorDataTypesLogs logs data type. -type AwsCloudTrailDataConnectorDataTypesLogs struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` -} - -// AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties. -type AwsCloudTrailDataConnectorProperties struct { - // AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. - AwsRoleArn *string `json:"awsRoleArn,omitempty"` - // DataTypes - The available data types for the connector. - DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"` -} - -// AzureResourceEntity represents an azure resource entity. -type AzureResourceEntity struct { - // AzureResourceEntityProperties - AzureResource entity properties - *AzureResourceEntityProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for AzureResourceEntity. -func (are AzureResourceEntity) MarshalJSON() ([]byte, error) { - are.Kind = KindAzureResource - objectMap := make(map[string]interface{}) - if are.AzureResourceEntityProperties != nil { - objectMap["properties"] = are.AzureResourceEntityProperties - } - if are.Kind != "" { - objectMap["kind"] = are.Kind - } - return json.Marshal(objectMap) -} - -// AsAccountEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return &are, true -} - -// AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - -// AsEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsEntity() (*Entity, bool) { - return nil, false -} - -// AsBasicEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool) { - return &are, true -} - -// UnmarshalJSON is the custom unmarshaler for AzureResourceEntity struct. -func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var azureResourceEntityProperties AzureResourceEntityProperties - err = json.Unmarshal(*v, &azureResourceEntityProperties) - if err != nil { - return err - } - are.AzureResourceEntityProperties = &azureResourceEntityProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - are.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - are.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - are.Name = &name - } - case "kind": - if v != nil { - var kind KindBasicEntity - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - are.Kind = kind - } - } - } - - return nil -} - -// AzureResourceEntityProperties azureResource entity property bag. -type AzureResourceEntityProperties struct { - // ResourceID - READ-ONLY; The azure resource id of the resource - ResourceID *string `json:"resourceId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for AzureResourceEntityProperties. -func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) -} - -// Bookmark represents a bookmark in Azure Security Insights. -type Bookmark struct { - autorest.Response `json:"-"` - // Etag - Etag of the bookmark. - Etag *string `json:"etag,omitempty"` - // BookmarkProperties - Bookmark properties - *BookmarkProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` -} - -// MarshalJSON is the custom marshaler for Bookmark. -func (b Bookmark) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - if b.Etag != nil { - objectMap["etag"] = b.Etag - } - if b.BookmarkProperties != nil { - objectMap["properties"] = b.BookmarkProperties + if b.BookmarkProperties != nil { + objectMap["properties"] = b.BookmarkProperties } return json.Marshal(objectMap) } @@ -3031,209 +2477,17 @@ type CasesAggregationProperties struct { AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"` } -// CloudApplicationEntity represents a cloud application entity. -type CloudApplicationEntity struct { - // CloudApplicationEntityProperties - CloudApplication entity properties - *CloudApplicationEntityProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` +// CloudError error response structure. +type CloudError struct { + // CloudErrorBody - Error data + *CloudErrorBody `json:"error,omitempty"` } -// MarshalJSON is the custom marshaler for CloudApplicationEntity. -func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error) { - cae.Kind = KindCloudApplication +// MarshalJSON is the custom marshaler for CloudError. +func (ce CloudError) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - if cae.CloudApplicationEntityProperties != nil { - objectMap["properties"] = cae.CloudApplicationEntityProperties - } - if cae.Kind != "" { - objectMap["kind"] = cae.Kind - } - return json.Marshal(objectMap) -} - -// AsAccountEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return &cae, true -} - -// AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - -// AsEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsEntity() (*Entity, bool) { - return nil, false -} - -// AsBasicEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool) { - return &cae, true -} - -// UnmarshalJSON is the custom unmarshaler for CloudApplicationEntity struct. -func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var cloudApplicationEntityProperties CloudApplicationEntityProperties - err = json.Unmarshal(*v, &cloudApplicationEntityProperties) - if err != nil { - return err - } - cae.CloudApplicationEntityProperties = &cloudApplicationEntityProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - cae.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - cae.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - cae.Name = &name - } - case "kind": - if v != nil { - var kind KindBasicEntity - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - cae.Kind = kind - } - } - } - - return nil -} - -// CloudApplicationEntityProperties cloudApplication entity property bag. -type CloudApplicationEntityProperties struct { - // AppID - READ-ONLY; The technical identifier of the application. - AppID *int32 `json:"appId,omitempty"` - // AppName - READ-ONLY; The name of the related cloud application. - AppName *string `json:"appName,omitempty"` - // InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. - InstanceName *string `json:"instanceName,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for CloudApplicationEntityProperties. -func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) -} - -// CloudError error response structure. -type CloudError struct { - // CloudErrorBody - Error data - *CloudErrorBody `json:"error,omitempty"` -} - -// MarshalJSON is the custom marshaler for CloudError. -func (ce CloudError) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - if ce.CloudErrorBody != nil { - objectMap["error"] = ce.CloudErrorBody + if ce.CloudErrorBody != nil { + objectMap["error"] = ce.CloudErrorBody } return json.Marshal(objectMap) } @@ -3274,12 +2528,9 @@ type CloudErrorBody struct { type BasicDataConnector interface { AsOfficeDataConnector() (*OfficeDataConnector, bool) AsTIDataConnector() (*TIDataConnector, bool) - AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsAADDataConnector() (*AADDataConnector, bool) AsASCDataConnector() (*ASCDataConnector, bool) AsMCASDataConnector() (*MCASDataConnector, bool) - AsAATPDataConnector() (*AATPDataConnector, bool) - AsMDATPDataConnector() (*MDATPDataConnector, bool) AsDataConnector() (*DataConnector, bool) } @@ -3294,7 +2545,7 @@ type DataConnector struct { Name *string `json:"name,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -3314,10 +2565,6 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { var tdc TIDataConnector err := json.Unmarshal(body, &tdc) return tdc, err - case string(KindAmazonWebServicesCloudTrail): - var actdc AwsCloudTrailDataConnector - err := json.Unmarshal(body, &actdc) - return actdc, err case string(KindAzureActiveDirectory): var adc AADDataConnector err := json.Unmarshal(body, &adc) @@ -3330,14 +2577,6 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { var mdc MCASDataConnector err := json.Unmarshal(body, &mdc) return mdc, err - case string(KindAzureAdvancedThreatProtection): - var adc AATPDataConnector - err := json.Unmarshal(body, &adc) - return adc, err - case string(KindMicrosoftDefenderAdvancedThreatProtection): - var mdc MDATPDataConnector - err := json.Unmarshal(body, &mdc) - return mdc, err default: var dc DataConnector err := json.Unmarshal(body, &dc) @@ -3386,11 +2625,6 @@ func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false -} - // AsAADDataConnector is the BasicDataConnector implementation for DataConnector. func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false @@ -3406,16 +2640,6 @@ func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false -} - -// AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return nil, false -} - // AsDataConnector is the BasicDataConnector implementation for DataConnector. func (dc DataConnector) AsDataConnector() (*DataConnector, bool) { return &dc, true @@ -3434,7 +2658,7 @@ type DataConnectorDataTypeCommon struct { // DataConnectorKind1 describes an Azure resource with kind. type DataConnectorKind1 struct { - // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + // Kind - The kind of the data connector. Possible values include: 'AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSecurity', 'ThreatIntelligence', 'Office365' Kind DataConnectorKind `json:"kind,omitempty"` } @@ -3633,210 +2857,36 @@ func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error { return nil } -// DataConnectorTenantID properties data connector on tenant level. -type DataConnectorTenantID struct { - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` -} - -// DataConnectorWithAlertsProperties data connector properties. -type DataConnectorWithAlertsProperties struct { - // DataTypes - The available data types for the connector. - DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` -} - -// DNSEntity represents a dns entity. -type DNSEntity struct { - // DNSEntityProperties - Dns entity properties - *DNSEntityProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` +// DataConnectorStatus alert rule template data connector status +type DataConnectorStatus struct { + // ConnectorID - the connector id + ConnectorID *string `json:"connectorId,omitempty"` + // DataTypes - The data types availability map + DataTypes map[string]*DataTypeStatus `json:"dataTypes"` } -// MarshalJSON is the custom marshaler for DNSEntity. -func (de DNSEntity) MarshalJSON() ([]byte, error) { - de.Kind = KindDNSResolution +// MarshalJSON is the custom marshaler for DataConnectorStatus. +func (dcs DataConnectorStatus) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - if de.DNSEntityProperties != nil { - objectMap["properties"] = de.DNSEntityProperties + if dcs.ConnectorID != nil { + objectMap["connectorId"] = dcs.ConnectorID } - if de.Kind != "" { - objectMap["kind"] = de.Kind + if dcs.DataTypes != nil { + objectMap["dataTypes"] = dcs.DataTypes } return json.Marshal(objectMap) } -// AsAccountEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool) { - return &de, true -} - -// AsIPEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - -// AsEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsEntity() (*Entity, bool) { - return nil, false -} - -// AsBasicEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsBasicEntity() (BasicEntity, bool) { - return &de, true -} - -// UnmarshalJSON is the custom unmarshaler for DNSEntity struct. -func (de *DNSEntity) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var DNSEntityProperties DNSEntityProperties - err = json.Unmarshal(*v, &DNSEntityProperties) - if err != nil { - return err - } - de.DNSEntityProperties = &DNSEntityProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - de.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - de.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - de.Name = &name - } - case "kind": - if v != nil { - var kind KindBasicEntity - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - de.Kind = kind - } - } - } - - return nil +// DataConnectorTenantID properties data connector on tenant level. +type DataConnectorTenantID struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` } -// DNSEntityProperties dns entity property bag. -type DNSEntityProperties struct { - // DomainName - READ-ONLY; The name of the dns record associated with the alert - DomainName *string `json:"domainName,omitempty"` - // IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address. - IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"` - // DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request - DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"` - // HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client - HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for DNSEntityProperties. -func (dep DNSEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) +// DataConnectorWithAlertsProperties data connector properties. +type DataConnectorWithAlertsProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } // BasicEntity specific entity. @@ -3844,18 +2894,6 @@ type BasicEntity interface { AsAccountEntity() (*AccountEntity, bool) AsHostEntity() (*HostEntity, bool) AsFileEntity() (*FileEntity, bool) - AsSecurityAlert() (*SecurityAlert, bool) - AsFileHashEntity() (*FileHashEntity, bool) - AsMalwareEntity() (*MalwareEntity, bool) - AsSecurityGroupEntity() (*SecurityGroupEntity, bool) - AsAzureResourceEntity() (*AzureResourceEntity, bool) - AsCloudApplicationEntity() (*CloudApplicationEntity, bool) - AsProcessEntity() (*ProcessEntity, bool) - AsDNSEntity() (*DNSEntity, bool) - AsIPEntity() (*IPEntity, bool) - AsRegistryKeyEntity() (*RegistryKeyEntity, bool) - AsRegistryValueEntity() (*RegistryValueEntity, bool) - AsURLEntity() (*URLEntity, bool) AsEntity() (*Entity, bool) } @@ -3868,7 +2906,7 @@ type Entity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -3892,54 +2930,6 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var fe FileEntity err := json.Unmarshal(body, &fe) return fe, err - case string(KindSecurityAlert): - var sa SecurityAlert - err := json.Unmarshal(body, &sa) - return sa, err - case string(KindFileHash): - var fhe FileHashEntity - err := json.Unmarshal(body, &fhe) - return fhe, err - case string(KindMalware): - var me MalwareEntity - err := json.Unmarshal(body, &me) - return me, err - case string(KindSecurityGroup): - var sge SecurityGroupEntity - err := json.Unmarshal(body, &sge) - return sge, err - case string(KindAzureResource): - var are AzureResourceEntity - err := json.Unmarshal(body, &are) - return are, err - case string(KindCloudApplication): - var cae CloudApplicationEntity - err := json.Unmarshal(body, &cae) - return cae, err - case string(KindProcess): - var peVar ProcessEntity - err := json.Unmarshal(body, &peVar) - return peVar, err - case string(KindDNSResolution): - var de DNSEntity - err := json.Unmarshal(body, &de) - return de, err - case string(KindIP): - var ie IPEntity - err := json.Unmarshal(body, &ie) - return ie, err - case string(KindRegistryKey): - var rke RegistryKeyEntity - err := json.Unmarshal(body, &rke) - return rke, err - case string(KindRegistryValue): - var rve RegistryValueEntity - err := json.Unmarshal(body, &rve) - return rve, err - case string(KindURL): - var ue URLEntity - err := json.Unmarshal(body, &ue) - return ue, err default: var e Entity err := json.Unmarshal(body, &e) @@ -3990,66 +2980,6 @@ func (e Entity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for Entity. -func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for Entity. -func (e Entity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for Entity. -func (e Entity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for Entity. -func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for Entity. -func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for Entity. -func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for Entity. -func (e Entity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for Entity. -func (e Entity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for Entity. -func (e Entity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for Entity. -func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for Entity. -func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for Entity. -func (e Entity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for Entity. func (e Entity) AsEntity() (*Entity, bool) { return &e, true @@ -4060,71 +2990,9 @@ func (e Entity) AsBasicEntity() (BasicEntity, bool) { return &e, true } -// EntityCommonProperties entity common property bag. -type EntityCommonProperties struct { - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for EntityCommonProperties. -func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) -} - -// EntityExpandParameters the parameters required to execute an expand operation on the given entity. -type EntityExpandParameters struct { - // ExpansionID - The Id of the expansion to perform. - ExpansionID *uuid.UUID `json:"expansionId,omitempty"` - // StartTime - The start date filter, so the only expansion results returned are after this date. - StartTime *date.Time `json:"startTime,omitempty"` - // EndTime - The end date filter, so the only expansion results returned are before this date. - EndTime *date.Time `json:"endTime,omitempty"` -} - -// EntityExpandResponse the entity expansion result operation response. -type EntityExpandResponse struct { - autorest.Response `json:"-"` - // Value - The expansion result values. - Value *EntityExpandResponseValue `json:"value,omitempty"` - // MetaData - The metadata from the expansion operation results. - MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` -} - -// EntityExpandResponseValue the expansion result values. -type EntityExpandResponseValue struct { - // Entities - Array of the expansion result entities. - Entities *[]BasicEntity `json:"entities,omitempty"` -} - -// UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct. -func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "entities": - if v != nil { - entities, err := unmarshalBasicEntityArray(*v) - if err != nil { - return err - } - eer.Entities = &entities - } - } - } - - return nil -} - -// EntityKind1 describes an entity with kind. +// EntityKind1 describes an Azure resource with kind. type EntityKind1 struct { - // Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' + // Kind - The kind of the entity. Possible values include: 'Account', 'Host', 'File' Kind EntityKind `json:"kind,omitempty"` } @@ -4546,36 +3414,18 @@ func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) ( type EntityQueryProperties struct { // QueryTemplate - The template query string to be parsed and formatted QueryTemplate *string `json:"queryTemplate,omitempty"` - // InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark' - InputEntityType EntityType `json:"inputEntityType,omitempty"` + // InputEntityType - The type of the query's source entity + InputEntityType *string `json:"inputEntityType,omitempty"` // InputFields - List of the fields of the source entity that are required to run the query InputFields *[]string `json:"inputFields,omitempty"` // OutputEntityTypes - List of the desired output types to be constructed from the result - OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"` + OutputEntityTypes *[]string `json:"outputEntityTypes,omitempty"` // DataSources - List of the data sources that are required to run the query DataSources *[]string `json:"dataSources,omitempty"` // DisplayName - The query display name DisplayName *string `json:"displayName,omitempty"` } -// ExpansionResultAggregation information of a specific aggregation in the expansion result. -type ExpansionResultAggregation struct { - // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' - EntityKind EntityKind `json:"entityKind,omitempty"` - // Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. - Count *int32 `json:"count,omitempty"` - // AggregationType - The common type of the aggregation. (for e.g. entity field name) - AggregationType *string `json:"aggregationType,omitempty"` - // DisplayName - The display name of the aggregation by type. - DisplayName *string `json:"displayName,omitempty"` -} - -// ExpansionResultsMetadata expansion result metadata. -type ExpansionResultsMetadata struct { - // Aggregations - Information of the aggregated nodes in the expansion result. - Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"` -} - // FileEntity represents a file entity. type FileEntity struct { // FileEntityProperties - File entity properties @@ -4586,7 +3436,7 @@ type FileEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -4618,66 +3468,6 @@ func (fe FileEntity) AsFileEntity() (*FileEntity, bool) { return &fe, true } -// AsSecurityAlert is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for FileEntity. func (fe FileEntity) AsEntity() (*Entity, bool) { return nil, false @@ -4754,136 +3544,227 @@ type FileEntityProperties struct { Directory *string `json:"directory,omitempty"` // FileName - READ-ONLY; The file name without path (some alerts might not include path). FileName *string `json:"fileName,omitempty"` - // HostEntityID - READ-ONLY; The Host entity id which the file belongs to - HostEntityID *string `json:"hostEntityId,omitempty"` - // FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file - FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for FileEntityProperties. -func (fep FileEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) } -// FileHashEntity represents a file hash entity. -type FileHashEntity struct { - // FileHashEntityProperties - FileHash entity properties - *FileHashEntityProperties `json:"properties,omitempty"` +// FilterAlertRuleTemplate represents filter alert rule template. +type FilterAlertRuleTemplate struct { + // FilterAlertRuleTemplateProperties - Filter alert rule template properties + *FilterAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for FileHashEntity. -func (fhe FileHashEntity) MarshalJSON() ([]byte, error) { - fhe.Kind = KindFileHash +// MarshalJSON is the custom marshaler for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) MarshalJSON() ([]byte, error) { + fart.Kind = KindBasicAlertRuleTemplateKindFilter objectMap := make(map[string]interface{}) - if fhe.FileHashEntityProperties != nil { - objectMap["properties"] = fhe.FileHashEntityProperties + if fart.FilterAlertRuleTemplateProperties != nil { + objectMap["properties"] = fart.FilterAlertRuleTemplateProperties } - if fhe.Kind != "" { - objectMap["kind"] = fhe.Kind + if fart.Etag != nil { + objectMap["etag"] = fart.Etag + } + if fart.Kind != "" { + objectMap["kind"] = fart.Kind } return json.Marshal(objectMap) } -// AsAccountEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return &fhe, true +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { + return &fart, true } -// AsMalwareEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &fart, true } -// AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} +// UnmarshalJSON is the custom unmarshaler for FilterAlertRuleTemplate struct. +func (fart *FilterAlertRuleTemplate) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var filterAlertRuleTemplateProperties FilterAlertRuleTemplateProperties + err = json.Unmarshal(*v, &filterAlertRuleTemplateProperties) + if err != nil { + return err + } + fart.FilterAlertRuleTemplateProperties = &filterAlertRuleTemplateProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + fart.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + fart.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + fart.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + fart.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicAlertRuleTemplate + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + fart.Kind = kind + } + } + } -// AsProcessEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false + return nil } -// AsDNSEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false +// FilterAlertRuleTemplateProperties filter alert rule template properties +type FilterAlertRuleTemplateProperties struct { + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that was created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // FilterProduct - The filter prodact name for this template rule. + FilterProduct *string `json:"filterProduct,omitempty"` + // FilterSeverities - the alert’s severities on which the cases will be generated + FilterSeverities *[]AlertSeverity `json:"filterSeverities,omitempty"` + // FilterTitles - the alert’s titles on which the cases will be generated + FilterTitles *[]string `json:"filterTitles,omitempty"` +} + +// FilterAlertRuleTemplatePropertiesModel filter alert rule template property bag. +type FilterAlertRuleTemplatePropertiesModel struct { + // FilterProduct - The filter prodact name for this template rule. + FilterProduct *string `json:"filterProduct,omitempty"` + // FilterSeverities - the alert’s severities on which the cases will be generated + FilterSeverities *[]AlertSeverity `json:"filterSeverities,omitempty"` + // FilterTitles - the alert’s titles on which the cases will be generated + FilterTitles *[]string `json:"filterTitles,omitempty"` +} + +// FusionAlertRuleTemplate represents fusion alert rule template. +type FusionAlertRuleTemplate struct { + // BaseAlertRuleTemplateProperties - Fusion alert rule template properties + *BaseAlertRuleTemplateProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } -// AsIPEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false +// MarshalJSON is the custom marshaler for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { + fart.Kind = KindBasicAlertRuleTemplateKindFusion + objectMap := make(map[string]interface{}) + if fart.BaseAlertRuleTemplateProperties != nil { + objectMap["properties"] = fart.BaseAlertRuleTemplateProperties + } + if fart.Etag != nil { + objectMap["etag"] = fart.Etag + } + if fart.Kind != "" { + objectMap["kind"] = fart.Kind + } + return json.Marshal(objectMap) } -// AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { return nil, false } -// AsURLEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return &fart, true } -// AsEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsEntity() (*Entity, bool) { +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { return nil, false } -// AsBasicEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool) { - return &fhe, true +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &fart, true } -// UnmarshalJSON is the custom unmarshaler for FileHashEntity struct. -func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct. +func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -4893,12 +3774,12 @@ func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var fileHashEntityProperties FileHashEntityProperties - err = json.Unmarshal(*v, &fileHashEntityProperties) + var baseAlertRuleTemplateProperties BaseAlertRuleTemplateProperties + err = json.Unmarshal(*v, &baseAlertRuleTemplateProperties) if err != nil { return err } - fhe.FileHashEntityProperties = &fileHashEntityProperties + fart.BaseAlertRuleTemplateProperties = &baseAlertRuleTemplateProperties } case "id": if v != nil { @@ -4907,7 +3788,7 @@ func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - fhe.ID = &ID + fart.ID = &ID } case "type": if v != nil { @@ -4916,7 +3797,7 @@ func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - fhe.Type = &typeVar + fart.Type = &typeVar } case "name": if v != nil { @@ -4925,16 +3806,25 @@ func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - fhe.Name = &name + fart.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + fart.Etag = &etag } case "kind": if v != nil { - var kind KindBasicEntity + var kind KindBasicAlertRuleTemplate err = json.Unmarshal(*v, &kind) if err != nil { return err } - fhe.Kind = kind + fart.Kind = kind } } } @@ -4942,42 +3832,6 @@ func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { return nil } -// FileHashEntityProperties fileHash entity property bag. -type FileHashEntityProperties struct { - // HashValue - READ-ONLY; The file hash value. - HashValue *string `json:"hashValue,omitempty"` - // Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC' - Algorithm FileHashAlgorithm `json:"algorithm,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for FileHashEntityProperties. -func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) -} - -// GeoLocation the geo-location context attached to the ip entity -type GeoLocation struct { - // CountryCode - READ-ONLY; The country code according to ISO 3166 format - CountryCode *string `json:"countryCode,omitempty"` - // CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name - CountryName *string `json:"countryName,omitempty"` - // State - READ-ONLY; State name - State *string `json:"state,omitempty"` - // City - READ-ONLY; City name - City *string `json:"city,omitempty"` - // Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. - Longitude *float64 `json:"longitude,omitempty"` - // Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. - Latitude *float64 `json:"latitude,omitempty"` - // Asn - READ-ONLY; Autonomous System Number - Asn *int32 `json:"asn,omitempty"` -} - // HostEntity represents a host entity. type HostEntity struct { // HostEntityProperties - Host entity properties @@ -4988,7 +3842,7 @@ type HostEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5020,66 +3874,6 @@ func (he HostEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - // AsEntity is the BasicEntity implementation for HostEntity. func (he HostEntity) AsEntity() (*Entity, bool) { return nil, false @@ -5170,135 +3964,77 @@ type HostEntityProperties struct { OsVersion *string `json:"osVersion,omitempty"` // IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain. IsDomainJoined *bool `json:"isDomainJoined,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for HostEntityProperties. -func (hep HostEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - if hep.OsFamily != "" { - objectMap["osFamily"] = hep.OsFamily - } - return json.Marshal(objectMap) } -// IPEntity represents an ip entity. -type IPEntity struct { - // IPEntityProperties - Ip entity properties - *IPEntityProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id +// MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector. +type MCASDataConnector struct { + // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. + *MCASDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' + Kind KindBasicDataConnector `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for IPEntity. -func (ie IPEntity) MarshalJSON() ([]byte, error) { - ie.Kind = KindIP +// MarshalJSON is the custom marshaler for MCASDataConnector. +func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftCloudAppSecurity objectMap := make(map[string]interface{}) - if ie.IPEntityProperties != nil { - objectMap["properties"] = ie.IPEntityProperties + if mdc.MCASDataConnectorProperties != nil { + objectMap["properties"] = mdc.MCASDataConnectorProperties + } + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag } - if ie.Kind != "" { - objectMap["kind"] = ie.Kind + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind } return json.Marshal(objectMap) } -// AsAccountEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsIPEntity() (*IPEntity, bool) { - return &ie, true -} - -// AsRegistryKeyEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsURLEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false +// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return &mdc, true } -// AsEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsEntity() (*Entity, bool) { +// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false } -// AsBasicEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsBasicEntity() (BasicEntity, bool) { - return &ie, true +// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true } -// UnmarshalJSON is the custom unmarshaler for IPEntity struct. -func (ie *IPEntity) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. +func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -5308,12 +4044,12 @@ func (ie *IPEntity) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var IPEntityProperties IPEntityProperties - err = json.Unmarshal(*v, &IPEntityProperties) + var mCASDataConnectorProperties MCASDataConnectorProperties + err = json.Unmarshal(*v, &mCASDataConnectorProperties) if err != nil { return err } - ie.IPEntityProperties = &IPEntityProperties + mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties } case "id": if v != nil { @@ -5322,7 +4058,7 @@ func (ie *IPEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - ie.ID = &ID + mdc.ID = &ID } case "type": if v != nil { @@ -5331,7 +4067,7 @@ func (ie *IPEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - ie.Type = &typeVar + mdc.Type = &typeVar } case "name": if v != nil { @@ -5340,16 +4076,25 @@ func (ie *IPEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - ie.Name = &name + mdc.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag } case "kind": if v != nil { - var kind KindBasicEntity + var kind KindBasicDataConnector err = json.Unmarshal(*v, &kind) if err != nil { return err } - ie.Kind = kind + mdc.Kind = kind } } } @@ -5357,143 +4102,38 @@ func (ie *IPEntity) UnmarshalJSON(body []byte) error { return nil } -// IPEntityProperties ip entity property bag. -type IPEntityProperties struct { - // Address - READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) - Address *string `json:"address,omitempty"` - // Location - The geo-location context attached to the ip entity - Location *GeoLocation `json:"location,omitempty"` - // ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity. - ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for IPEntityProperties. -func (iep IPEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - if iep.Location != nil { - objectMap["location"] = iep.Location - } - return json.Marshal(objectMap) +// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. +type MCASDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } -// MalwareEntity represents a malware entity. -type MalwareEntity struct { - // MalwareEntityProperties - File entity properties - *MalwareEntityProperties `json:"properties,omitempty"` +// OfficeConsent consent for Office365 tenant that already made. +type OfficeConsent struct { + autorest.Response `json:"-"` + // OfficeConsentProperties - Office consent properties + *OfficeConsentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for MalwareEntity. -func (me MalwareEntity) MarshalJSON() ([]byte, error) { - me.Kind = KindMalware +// MarshalJSON is the custom marshaler for OfficeConsent. +func (oc OfficeConsent) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - if me.MalwareEntityProperties != nil { - objectMap["properties"] = me.MalwareEntityProperties - } - if me.Kind != "" { - objectMap["kind"] = me.Kind + if oc.OfficeConsentProperties != nil { + objectMap["properties"] = oc.OfficeConsentProperties } return json.Marshal(objectMap) } -// AsAccountEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return &me, true -} - -// AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - -// AsEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsEntity() (*Entity, bool) { - return nil, false -} - -// AsBasicEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool) { - return &me, true -} - -// UnmarshalJSON is the custom unmarshaler for MalwareEntity struct. -func (me *MalwareEntity) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. +func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -5503,12 +4143,12 @@ func (me *MalwareEntity) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var malwareEntityProperties MalwareEntityProperties - err = json.Unmarshal(*v, &malwareEntityProperties) + var officeConsentProperties OfficeConsentProperties + err = json.Unmarshal(*v, &officeConsentProperties) if err != nil { return err } - me.MalwareEntityProperties = &malwareEntityProperties + oc.OfficeConsentProperties = &officeConsentProperties } case "id": if v != nil { @@ -5517,7 +4157,7 @@ func (me *MalwareEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - me.ID = &ID + oc.ID = &ID } case "type": if v != nil { @@ -5526,7 +4166,7 @@ func (me *MalwareEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - me.Type = &typeVar + oc.Type = &typeVar } case "name": if v != nil { @@ -5535,16 +4175,7 @@ func (me *MalwareEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - me.Name = &name - } - case "kind": - if v != nil { - var kind KindBasicEntity - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - me.Kind = kind + oc.Name = &name } } } @@ -5552,206 +4183,164 @@ func (me *MalwareEntity) UnmarshalJSON(body []byte) error { return nil } -// MalwareEntityProperties malware entity property bag. -type MalwareEntityProperties struct { - // MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn - MalwareName *string `json:"malwareName,omitempty"` - // Category - READ-ONLY; The malware category by the vendor, e.g. Trojan - Category *string `json:"category,omitempty"` - // FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found - FileEntityIds *[]string `json:"fileEntityIds,omitempty"` - // ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found. - ProcessEntityIds *[]string `json:"processEntityIds,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for MalwareEntityProperties. -func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) +// OfficeConsentList list of all the office365 consents. +type OfficeConsentList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of office consents. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of the consents. + Value *[]OfficeConsent `json:"value,omitempty"` } -// MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector. -type MCASDataConnector struct { - // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. - *MCASDataConnectorProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' - Kind KindBasicDataConnector `json:"kind,omitempty"` +// OfficeConsentListIterator provides access to a complete listing of OfficeConsent values. +type OfficeConsentListIterator struct { + i int + page OfficeConsentListPage } -// MarshalJSON is the custom marshaler for MCASDataConnector. -func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { - mdc.Kind = KindMicrosoftCloudAppSecurity - objectMap := make(map[string]interface{}) - if mdc.MCASDataConnectorProperties != nil { - objectMap["properties"] = mdc.MCASDataConnectorProperties +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() } - if mdc.Etag != nil { - objectMap["etag"] = mdc.Etag + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil } - if mdc.Kind != "" { - objectMap["kind"] = mdc.Kind + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err } - return json.Marshal(objectMap) -} - -// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false + iter.i = 0 + return nil } -// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return nil, false +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *OfficeConsentListIterator) Next() error { + return iter.NextWithContext(context.Background()) } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter OfficeConsentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) } -// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return nil, false +// Response returns the raw server response from the last page request. +func (iter OfficeConsentListIterator) Response() OfficeConsentList { + return iter.page.Response() } -// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { - return nil, false -} - -// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return &mdc, true +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter OfficeConsentListIterator) Value() OfficeConsent { + if !iter.page.NotDone() { + return OfficeConsent{} + } + return iter.page.Values()[iter.i] } -// AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false +// Creates a new instance of the OfficeConsentListIterator type. +func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator { + return OfficeConsentListIterator{page: page} } -// AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return nil, false +// IsEmpty returns true if the ListResult contains no values. +func (ocl OfficeConsentList) IsEmpty() bool { + return ocl.Value == nil || len(*ocl.Value) == 0 } -// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { - return nil, false +// officeConsentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (ocl OfficeConsentList) officeConsentListPreparer(ctx context.Context) (*http.Request, error) { + if ocl.NextLink == nil || len(to.String(ocl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(ocl.NextLink))) } -// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &mdc, true +// OfficeConsentListPage contains a page of OfficeConsent values. +type OfficeConsentListPage struct { + fn func(context.Context, OfficeConsentList) (OfficeConsentList, error) + ocl OfficeConsentList } -// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. -func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.ocl) if err != nil { return err } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var mCASDataConnectorProperties MCASDataConnectorProperties - err = json.Unmarshal(*v, &mCASDataConnectorProperties) - if err != nil { - return err - } - mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - mdc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - mdc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - mdc.Name = &name - } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - mdc.Etag = &etag - } - case "kind": - if v != nil { - var kind KindBasicDataConnector - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - mdc.Kind = kind - } - } - } - + page.ocl = next return nil } -// MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data -// connector. -type MCASDataConnectorDataTypes struct { - // DiscoveryLogs - Discovery log data type connection. - DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"` - // Alerts - Alerts data type connection. - Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *OfficeConsentListPage) Next() error { + return page.NextWithContext(context.Background()) } -// MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection. -type MCASDataConnectorDataTypesDiscoveryLogs struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page OfficeConsentListPage) NotDone() bool { + return !page.ocl.IsEmpty() } -// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. -type MCASDataConnectorProperties struct { - // DataTypes - The available data types for the connector. - DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` - // TenantID - The tenant id to connect to, and get the data from. +// Response returns the raw server response from the last page request. +func (page OfficeConsentListPage) Response() OfficeConsentList { + return page.ocl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page OfficeConsentListPage) Values() []OfficeConsent { + if page.ocl.IsEmpty() { + return nil + } + return *page.ocl.Value +} + +// Creates a new instance of the OfficeConsentListPage type. +func NewOfficeConsentListPage(getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage { + return OfficeConsentListPage{fn: getNextPage} +} + +// OfficeConsentProperties consent property bag. +type OfficeConsentProperties struct { + // TenantID - The tenantId of the Office365 with the consent. TenantID *string `json:"tenantId,omitempty"` + // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. + TenantName *string `json:"tenantName,omitempty"` } -// MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. -type MDATPDataConnector struct { - // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. - *MDATPDataConnectorProperties `json:"properties,omitempty"` +// OfficeDataConnector represents office data connector. +type OfficeDataConnector struct { + // OfficeDataConnectorProperties - Office data connector properties. + *OfficeDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type @@ -5760,78 +4349,63 @@ type MDATPDataConnector struct { Name *string `json:"name,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' Kind KindBasicDataConnector `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for MDATPDataConnector. -func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error) { - mdc.Kind = KindMicrosoftDefenderAdvancedThreatProtection +// MarshalJSON is the custom marshaler for OfficeDataConnector. +func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { + odc.Kind = KindOffice365 objectMap := make(map[string]interface{}) - if mdc.MDATPDataConnectorProperties != nil { - objectMap["properties"] = mdc.MDATPDataConnectorProperties + if odc.OfficeDataConnectorProperties != nil { + objectMap["properties"] = odc.OfficeDataConnectorProperties } - if mdc.Etag != nil { - objectMap["etag"] = mdc.Etag + if odc.Etag != nil { + objectMap["etag"] = odc.Etag } - if mdc.Kind != "" { - objectMap["kind"] = mdc.Kind + if odc.Kind != "" { + objectMap["kind"] = odc.Kind } return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false -} - -// AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return nil, false -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false +// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return &odc, true } -// AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return &mdc, true -} - -// AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &mdc, true +// AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &odc, true } -// UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct. -func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct. +func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -5841,12 +4415,12 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var mDATPDataConnectorProperties MDATPDataConnectorProperties - err = json.Unmarshal(*v, &mDATPDataConnectorProperties) + var officeDataConnectorProperties OfficeDataConnectorProperties + err = json.Unmarshal(*v, &officeDataConnectorProperties) if err != nil { return err } - mdc.MDATPDataConnectorProperties = &mDATPDataConnectorProperties + odc.OfficeDataConnectorProperties = &officeDataConnectorProperties } case "id": if v != nil { @@ -5855,7 +4429,7 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.ID = &ID + odc.ID = &ID } case "type": if v != nil { @@ -5864,7 +4438,7 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Type = &typeVar + odc.Type = &typeVar } case "name": if v != nil { @@ -5873,7 +4447,7 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Name = &name + odc.Name = &name } case "etag": if v != nil { @@ -5882,7 +4456,7 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Etag = &etag + odc.Etag = &etag } case "kind": if v != nil { @@ -5891,7 +4465,7 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Kind = kind + odc.Kind = kind } } } @@ -5899,108 +4473,74 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { return nil } -// MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector -// properties. -type MDATPDataConnectorProperties struct { - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` - // DataTypes - The available data types for the connector. - DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +// OfficeDataConnectorDataTypes the available data types for office data connector. +type OfficeDataConnectorDataTypes struct { + // SharePoint - SharePoint data type connection. + SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` + // Exchange - Exchange data type connection. + Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` } -// OfficeConsent consent for Office365 tenant that already made. -type OfficeConsent struct { - autorest.Response `json:"-"` - // OfficeConsentProperties - Office consent properties - *OfficeConsentProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` +// OfficeDataConnectorDataTypesExchange exchange data type connection. +type OfficeDataConnectorDataTypesExchange struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` } -// MarshalJSON is the custom marshaler for OfficeConsent. -func (oc OfficeConsent) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - if oc.OfficeConsentProperties != nil { - objectMap["properties"] = oc.OfficeConsentProperties - } - return json.Marshal(objectMap) +// OfficeDataConnectorDataTypesSharePoint sharePoint data type connection. +type OfficeDataConnectorDataTypesSharePoint struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` } -// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. -func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var officeConsentProperties OfficeConsentProperties - err = json.Unmarshal(*v, &officeConsentProperties) - if err != nil { - return err - } - oc.OfficeConsentProperties = &officeConsentProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - oc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - oc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - oc.Name = &name - } - } - } +// OfficeDataConnectorProperties office data connector properties. +type OfficeDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} - return nil +// Operation operation provided by provider +type Operation struct { + // Name - Name of the operation + Name *string `json:"name,omitempty"` + // Display - Properties of the operation + Display *OperationDisplay `json:"display,omitempty"` } -// OfficeConsentList list of all the office365 consents. -type OfficeConsentList struct { +// OperationDisplay properties of the operation +type OperationDisplay struct { + // Provider - Provider name + Provider *string `json:"provider,omitempty"` + // Resource - Resource name + Resource *string `json:"resource,omitempty"` + // Operation - Operation name + Operation *string `json:"operation,omitempty"` + // Description - Description of the operation + Description *string `json:"description,omitempty"` +} + +// OperationsList lists the operations available in the SecurityInsights RP. +type OperationsList struct { autorest.Response `json:"-"` - // NextLink - READ-ONLY; URL to fetch the next set of office consents. + // NextLink - URL to fetch the next set of operations. NextLink *string `json:"nextLink,omitempty"` - // Value - Array of the consents. - Value *[]OfficeConsent `json:"value,omitempty"` + // Value - Array of operations + Value *[]Operation `json:"value,omitempty"` } -// OfficeConsentListIterator provides access to a complete listing of OfficeConsent values. -type OfficeConsentListIterator struct { +// OperationsListIterator provides access to a complete listing of Operation values. +type OperationsListIterator struct { i int - page OfficeConsentListPage + page OperationsListPage } // NextWithContext advances to the next value. If there was an error making // the request the iterator does not advance and the error is returned. -func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error) { +func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error) { if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListIterator.NextWithContext") + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListIterator.NextWithContext") defer func() { sc := -1 if iter.Response().Response.Response != nil { @@ -6025,62 +4565,62 @@ func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err // Next advances to the next value. If there was an error making // the request the iterator does not advance and the error is returned. // Deprecated: Use NextWithContext() instead. -func (iter *OfficeConsentListIterator) Next() error { +func (iter *OperationsListIterator) Next() error { return iter.NextWithContext(context.Background()) } // NotDone returns true if the enumeration should be started or is not yet complete. -func (iter OfficeConsentListIterator) NotDone() bool { +func (iter OperationsListIterator) NotDone() bool { return iter.page.NotDone() && iter.i < len(iter.page.Values()) } // Response returns the raw server response from the last page request. -func (iter OfficeConsentListIterator) Response() OfficeConsentList { +func (iter OperationsListIterator) Response() OperationsList { return iter.page.Response() } // Value returns the current value or a zero-initialized value if the // iterator has advanced beyond the end of the collection. -func (iter OfficeConsentListIterator) Value() OfficeConsent { +func (iter OperationsListIterator) Value() Operation { if !iter.page.NotDone() { - return OfficeConsent{} + return Operation{} } return iter.page.Values()[iter.i] } -// Creates a new instance of the OfficeConsentListIterator type. -func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator { - return OfficeConsentListIterator{page: page} +// Creates a new instance of the OperationsListIterator type. +func NewOperationsListIterator(page OperationsListPage) OperationsListIterator { + return OperationsListIterator{page: page} } // IsEmpty returns true if the ListResult contains no values. -func (ocl OfficeConsentList) IsEmpty() bool { - return ocl.Value == nil || len(*ocl.Value) == 0 +func (ol OperationsList) IsEmpty() bool { + return ol.Value == nil || len(*ol.Value) == 0 } -// officeConsentListPreparer prepares a request to retrieve the next set of results. +// operationsListPreparer prepares a request to retrieve the next set of results. // It returns nil if no more results exist. -func (ocl OfficeConsentList) officeConsentListPreparer(ctx context.Context) (*http.Request, error) { - if ocl.NextLink == nil || len(to.String(ocl.NextLink)) < 1 { +func (ol OperationsList) operationsListPreparer(ctx context.Context) (*http.Request, error) { + if ol.NextLink == nil || len(to.String(ol.NextLink)) < 1 { return nil, nil } return autorest.Prepare((&http.Request{}).WithContext(ctx), autorest.AsJSON(), autorest.AsGet(), - autorest.WithBaseURL(to.String(ocl.NextLink))) + autorest.WithBaseURL(to.String(ol.NextLink))) } -// OfficeConsentListPage contains a page of OfficeConsent values. -type OfficeConsentListPage struct { - fn func(context.Context, OfficeConsentList) (OfficeConsentList, error) - ocl OfficeConsentList +// OperationsListPage contains a page of Operation values. +type OperationsListPage struct { + fn func(context.Context, OperationsList) (OperationsList, error) + ol OperationsList } // NextWithContext advances to the next page of values. If there was an error making // the request the page does not advance and the error is returned. -func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error) { +func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) { if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListPage.NextWithContext") + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListPage.NextWithContext") defer func() { sc := -1 if page.Response().Response.Response != nil { @@ -6089,136 +4629,103 @@ func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err err tracing.EndSpan(ctx, sc, err) }() } - next, err := page.fn(ctx, page.ocl) + next, err := page.fn(ctx, page.ol) if err != nil { return err } - page.ocl = next + page.ol = next return nil } // Next advances to the next page of values. If there was an error making // the request the page does not advance and the error is returned. // Deprecated: Use NextWithContext() instead. -func (page *OfficeConsentListPage) Next() error { +func (page *OperationsListPage) Next() error { return page.NextWithContext(context.Background()) } // NotDone returns true if the page enumeration should be started or is not yet complete. -func (page OfficeConsentListPage) NotDone() bool { - return !page.ocl.IsEmpty() +func (page OperationsListPage) NotDone() bool { + return !page.ol.IsEmpty() } // Response returns the raw server response from the last page request. -func (page OfficeConsentListPage) Response() OfficeConsentList { - return page.ocl +func (page OperationsListPage) Response() OperationsList { + return page.ol } // Values returns the slice of values for the current page or nil if there are no values. -func (page OfficeConsentListPage) Values() []OfficeConsent { - if page.ocl.IsEmpty() { +func (page OperationsListPage) Values() []Operation { + if page.ol.IsEmpty() { return nil } - return *page.ocl.Value + return *page.ol.Value } -// Creates a new instance of the OfficeConsentListPage type. -func NewOfficeConsentListPage(getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage { - return OfficeConsentListPage{fn: getNextPage} +// Creates a new instance of the OperationsListPage type. +func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { + return OperationsListPage{fn: getNextPage} } -// OfficeConsentProperties consent property bag. -type OfficeConsentProperties struct { - // TenantID - The tenantId of the Office365 with the consent. - TenantID *string `json:"tenantId,omitempty"` - // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. - TenantName *string `json:"tenantName,omitempty"` +// Resource an azure resource object +type Resource struct { + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` } -// OfficeDataConnector represents office data connector. -type OfficeDataConnector struct { - // OfficeDataConnectorProperties - Office data connector properties. - *OfficeDataConnectorProperties `json:"properties,omitempty"` +// ScheduledAlertRule represents scheduled alert rule. +type ScheduledAlertRule struct { + // ScheduledAlertRuleProperties - Scheduled alert rule properties + *ScheduledAlertRuleProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' + Kind Kind `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for OfficeDataConnector. -func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { - odc.Kind = KindOffice365 +// MarshalJSON is the custom marshaler for ScheduledAlertRule. +func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) { + sar.Kind = KindScheduled objectMap := make(map[string]interface{}) - if odc.OfficeDataConnectorProperties != nil { - objectMap["properties"] = odc.OfficeDataConnectorProperties + if sar.ScheduledAlertRuleProperties != nil { + objectMap["properties"] = sar.ScheduledAlertRuleProperties } - if odc.Etag != nil { - objectMap["etag"] = odc.Etag + if sar.Etag != nil { + objectMap["etag"] = sar.Etag } - if odc.Kind != "" { - objectMap["kind"] = odc.Kind + if sar.Kind != "" { + objectMap["kind"] = sar.Kind } return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return &odc, true -} - -// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return nil, false -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false -} - -// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return nil, false -} - -// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { - return nil, false -} - -// AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return nil, false -} - -// AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false -} - -// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return nil, false +// AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return &sar, true } -// AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &odc, true +// AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &sar, true } -// UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct. -func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct. +func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -6228,923 +4735,12 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var officeDataConnectorProperties OfficeDataConnectorProperties - err = json.Unmarshal(*v, &officeDataConnectorProperties) + var scheduledAlertRuleProperties ScheduledAlertRuleProperties + err = json.Unmarshal(*v, &scheduledAlertRuleProperties) if err != nil { return err } - odc.OfficeDataConnectorProperties = &officeDataConnectorProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - odc.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - odc.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - odc.Name = &name - } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - odc.Etag = &etag - } - case "kind": - if v != nil { - var kind KindBasicDataConnector - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - odc.Kind = kind - } - } - } - - return nil -} - -// OfficeDataConnectorDataTypes the available data types for office data connector. -type OfficeDataConnectorDataTypes struct { - // SharePoint - SharePoint data type connection. - SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` - // Exchange - Exchange data type connection. - Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` -} - -// OfficeDataConnectorDataTypesExchange exchange data type connection. -type OfficeDataConnectorDataTypesExchange struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` -} - -// OfficeDataConnectorDataTypesSharePoint sharePoint data type connection. -type OfficeDataConnectorDataTypesSharePoint struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` -} - -// OfficeDataConnectorProperties office data connector properties. -type OfficeDataConnectorProperties struct { - // DataTypes - The available data types for the connector. - DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` -} - -// Operation operation provided by provider -type Operation struct { - // Name - Name of the operation - Name *string `json:"name,omitempty"` - // Display - Properties of the operation - Display *OperationDisplay `json:"display,omitempty"` -} - -// OperationDisplay properties of the operation -type OperationDisplay struct { - // Provider - Provider name - Provider *string `json:"provider,omitempty"` - // Resource - Resource name - Resource *string `json:"resource,omitempty"` - // Operation - Operation name - Operation *string `json:"operation,omitempty"` - // Description - Description of the operation - Description *string `json:"description,omitempty"` -} - -// OperationsList lists the operations available in the SecurityInsights RP. -type OperationsList struct { - autorest.Response `json:"-"` - // NextLink - URL to fetch the next set of operations. - NextLink *string `json:"nextLink,omitempty"` - // Value - Array of operations - Value *[]Operation `json:"value,omitempty"` -} - -// OperationsListIterator provides access to a complete listing of Operation values. -type OperationsListIterator struct { - i int - page OperationsListPage -} - -// NextWithContext advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListIterator.NextWithContext") - defer func() { - sc := -1 - if iter.Response().Response.Response != nil { - sc = iter.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - iter.i++ - if iter.i < len(iter.page.Values()) { - return nil - } - err = iter.page.NextWithContext(ctx) - if err != nil { - iter.i-- - return err - } - iter.i = 0 - return nil -} - -// Next advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (iter *OperationsListIterator) Next() error { - return iter.NextWithContext(context.Background()) -} - -// NotDone returns true if the enumeration should be started or is not yet complete. -func (iter OperationsListIterator) NotDone() bool { - return iter.page.NotDone() && iter.i < len(iter.page.Values()) -} - -// Response returns the raw server response from the last page request. -func (iter OperationsListIterator) Response() OperationsList { - return iter.page.Response() -} - -// Value returns the current value or a zero-initialized value if the -// iterator has advanced beyond the end of the collection. -func (iter OperationsListIterator) Value() Operation { - if !iter.page.NotDone() { - return Operation{} - } - return iter.page.Values()[iter.i] -} - -// Creates a new instance of the OperationsListIterator type. -func NewOperationsListIterator(page OperationsListPage) OperationsListIterator { - return OperationsListIterator{page: page} -} - -// IsEmpty returns true if the ListResult contains no values. -func (ol OperationsList) IsEmpty() bool { - return ol.Value == nil || len(*ol.Value) == 0 -} - -// operationsListPreparer prepares a request to retrieve the next set of results. -// It returns nil if no more results exist. -func (ol OperationsList) operationsListPreparer(ctx context.Context) (*http.Request, error) { - if ol.NextLink == nil || len(to.String(ol.NextLink)) < 1 { - return nil, nil - } - return autorest.Prepare((&http.Request{}).WithContext(ctx), - autorest.AsJSON(), - autorest.AsGet(), - autorest.WithBaseURL(to.String(ol.NextLink))) -} - -// OperationsListPage contains a page of Operation values. -type OperationsListPage struct { - fn func(context.Context, OperationsList) (OperationsList, error) - ol OperationsList -} - -// NextWithContext advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListPage.NextWithContext") - defer func() { - sc := -1 - if page.Response().Response.Response != nil { - sc = page.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - next, err := page.fn(ctx, page.ol) - if err != nil { - return err - } - page.ol = next - return nil -} - -// Next advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (page *OperationsListPage) Next() error { - return page.NextWithContext(context.Background()) -} - -// NotDone returns true if the page enumeration should be started or is not yet complete. -func (page OperationsListPage) NotDone() bool { - return !page.ol.IsEmpty() -} - -// Response returns the raw server response from the last page request. -func (page OperationsListPage) Response() OperationsList { - return page.ol -} - -// Values returns the slice of values for the current page or nil if there are no values. -func (page OperationsListPage) Values() []Operation { - if page.ol.IsEmpty() { - return nil - } - return *page.ol.Value -} - -// Creates a new instance of the OperationsListPage type. -func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { - return OperationsListPage{fn: getNextPage} -} - -// ProcessEntity represents a process entity. -type ProcessEntity struct { - // ProcessEntityProperties - Process entity properties - *ProcessEntityProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for ProcessEntity. -func (peVar ProcessEntity) MarshalJSON() ([]byte, error) { - peVar.Kind = KindProcess - objectMap := make(map[string]interface{}) - if peVar.ProcessEntityProperties != nil { - objectMap["properties"] = peVar.ProcessEntityProperties - } - if peVar.Kind != "" { - objectMap["kind"] = peVar.Kind - } - return json.Marshal(objectMap) -} - -// AsAccountEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool) { - return &peVar, true -} - -// AsDNSEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - -// AsEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsEntity() (*Entity, bool) { - return nil, false -} - -// AsBasicEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool) { - return &peVar, true -} - -// UnmarshalJSON is the custom unmarshaler for ProcessEntity struct. -func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var processEntityProperties ProcessEntityProperties - err = json.Unmarshal(*v, &processEntityProperties) - if err != nil { - return err - } - peVar.ProcessEntityProperties = &processEntityProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - peVar.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - peVar.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - peVar.Name = &name - } - case "kind": - if v != nil { - var kind KindBasicEntity - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - peVar.Kind = kind - } - } - } - - return nil -} - -// ProcessEntityProperties process entity property bag. -type ProcessEntityProperties struct { - // ProcessID - READ-ONLY; The process ID - ProcessID *string `json:"processId,omitempty"` - // CommandLine - READ-ONLY; The command line used to create the process - CommandLine *string `json:"commandLine,omitempty"` - // ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited' - ElevationToken ElevationToken `json:"elevationToken,omitempty"` - // CreationTimeUtc - READ-ONLY; The time when the process started to run - CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"` - // ImageFileEntityID - READ-ONLY; Image file entity id - ImageFileEntityID *string `json:"imageFileEntityId,omitempty"` - // AccountEntityID - READ-ONLY; The account entity id running the processes. - AccountEntityID *string `json:"accountEntityId,omitempty"` - // ParentProcessEntityID - READ-ONLY; The parent process entity id. - ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"` - // HostEntityID - READ-ONLY; The host entity id on which the process was running - HostEntityID *string `json:"hostEntityId,omitempty"` - // HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running - HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for ProcessEntityProperties. -func (pep ProcessEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - if pep.ElevationToken != "" { - objectMap["elevationToken"] = pep.ElevationToken - } - return json.Marshal(objectMap) -} - -// RegistryKeyEntity represents a registry key entity. -type RegistryKeyEntity struct { - // RegistryKeyEntityProperties - RegistryKey entity properties - *RegistryKeyEntityProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for RegistryKeyEntity. -func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error) { - rke.Kind = KindRegistryKey - objectMap := make(map[string]interface{}) - if rke.RegistryKeyEntityProperties != nil { - objectMap["properties"] = rke.RegistryKeyEntityProperties - } - if rke.Kind != "" { - objectMap["kind"] = rke.Kind - } - return json.Marshal(objectMap) -} - -// AsAccountEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return &rke, true -} - -// AsRegistryValueEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - -// AsEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsEntity() (*Entity, bool) { - return nil, false -} - -// AsBasicEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool) { - return &rke, true -} - -// UnmarshalJSON is the custom unmarshaler for RegistryKeyEntity struct. -func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var registryKeyEntityProperties RegistryKeyEntityProperties - err = json.Unmarshal(*v, ®istryKeyEntityProperties) - if err != nil { - return err - } - rke.RegistryKeyEntityProperties = ®istryKeyEntityProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - rke.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - rke.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - rke.Name = &name - } - case "kind": - if v != nil { - var kind KindBasicEntity - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - rke.Kind = kind - } - } - } - - return nil -} - -// RegistryKeyEntityProperties registryKey entity property bag. -type RegistryKeyEntityProperties struct { - // Hive - READ-ONLY; the hive that holds the registry key. Possible values include: 'HKEYLOCALMACHINE', 'HKEYCLASSESROOT', 'HKEYCURRENTCONFIG', 'HKEYUSERS', 'HKEYCURRENTUSERLOCALSETTINGS', 'HKEYPERFORMANCEDATA', 'HKEYPERFORMANCENLSTEXT', 'HKEYPERFORMANCETEXT', 'HKEYA', 'HKEYCURRENTUSER' - Hive RegistryHive `json:"hive,omitempty"` - // Key - READ-ONLY; The registry key path. - Key *string `json:"key,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for RegistryKeyEntityProperties. -func (rkep RegistryKeyEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) -} - -// RegistryValueEntity represents a registry value entity. -type RegistryValueEntity struct { - // RegistryValueEntityProperties - RegistryKey entity properties - *RegistryValueEntityProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for RegistryValueEntity. -func (rve RegistryValueEntity) MarshalJSON() ([]byte, error) { - rve.Kind = KindRegistryValue - objectMap := make(map[string]interface{}) - if rve.RegistryValueEntityProperties != nil { - objectMap["properties"] = rve.RegistryValueEntityProperties - } - if rve.Kind != "" { - objectMap["kind"] = rve.Kind - } - return json.Marshal(objectMap) -} - -// AsAccountEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return &rve, true -} - -// AsURLEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - -// AsEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsEntity() (*Entity, bool) { - return nil, false -} - -// AsBasicEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool) { - return &rve, true -} - -// UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct. -func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var registryValueEntityProperties RegistryValueEntityProperties - err = json.Unmarshal(*v, ®istryValueEntityProperties) - if err != nil { - return err - } - rve.RegistryValueEntityProperties = ®istryValueEntityProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - rve.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - rve.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - rve.Name = &name - } - case "kind": - if v != nil { - var kind KindBasicEntity - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - rve.Kind = kind - } - } - } - - return nil -} - -// RegistryValueEntityProperties registryValue entity property bag. -type RegistryValueEntityProperties struct { - // ValueName - READ-ONLY; The registry value name. - ValueName *string `json:"valueName,omitempty"` - // ValueData - READ-ONLY; String formatted representation of the value data. - ValueData *string `json:"valueData,omitempty"` - // ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord' - ValueType RegistryValueKind `json:"valueType,omitempty"` - // KeyEntityID - READ-ONLY; The registry key entity id. - KeyEntityID *string `json:"keyEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for RegistryValueEntityProperties. -func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) -} - -// Resource an azure resource object -type Resource struct { - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` -} - -// ScheduledAlertRule represents scheduled alert rule. -type ScheduledAlertRule struct { - // ScheduledAlertRuleProperties - Scheduled alert rule properties - *ScheduledAlertRuleProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' - Kind Kind `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for ScheduledAlertRule. -func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) { - sar.Kind = KindScheduled - objectMap := make(map[string]interface{}) - if sar.ScheduledAlertRuleProperties != nil { - objectMap["properties"] = sar.ScheduledAlertRuleProperties - } - if sar.Etag != nil { - objectMap["etag"] = sar.Etag - } - if sar.Kind != "" { - objectMap["kind"] = sar.Kind - } - return json.Marshal(objectMap) -} - -// AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { - return &sar, true -} - -// AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool) { - return nil, false -} - -// AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { - return &sar, true -} - -// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct. -func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var scheduledAlertRuleProperties ScheduledAlertRuleProperties - err = json.Unmarshal(*v, &scheduledAlertRuleProperties) - if err != nil { - return err - } - sar.ScheduledAlertRuleProperties = &scheduledAlertRuleProperties + sar.ScheduledAlertRuleProperties = &scheduledAlertRuleProperties } case "id": if v != nil { @@ -7162,216 +4758,7 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { if err != nil { return err } - sar.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - sar.Name = &name - } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - sar.Etag = &etag - } - case "kind": - if v != nil { - var kind Kind - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - sar.Kind = kind - } - } - } - - return nil -} - -// ScheduledAlertRuleProperties alert rule property bag. -type ScheduledAlertRuleProperties struct { - // DisplayName - The display name for alerts created by this alert rule. - DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule. - Description *string `json:"description,omitempty"` - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` - // Enabled - Determines whether this alert rule is enabled or disabled. - Enabled *bool `json:"enabled,omitempty"` - // Query - The query that creates alerts for this rule. - Query *string `json:"query,omitempty"` - // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. - QueryFrequency *string `json:"queryFrequency,omitempty"` - // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. - QueryPeriod *string `json:"queryPeriod,omitempty"` - // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' - TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` - // TriggerThreshold - The threshold triggers this alert rule. - TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` - // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. - SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` - // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. - SuppressionDuration *string `json:"suppressionDuration,omitempty"` - // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` -} - -// SecurityAlert represents a security alert entity. -type SecurityAlert struct { - // SecurityAlertProperties - SecurityAlert entity properties - *SecurityAlertProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for SecurityAlert. -func (sa SecurityAlert) MarshalJSON() ([]byte, error) { - sa.Kind = KindSecurityAlert - objectMap := make(map[string]interface{}) - if sa.SecurityAlertProperties != nil { - objectMap["properties"] = sa.SecurityAlertProperties - } - if sa.Kind != "" { - objectMap["kind"] = sa.Kind - } - return json.Marshal(objectMap) -} - -// AsAccountEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { - return &sa, true -} - -// AsFileHashEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - -// AsEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsEntity() (*Entity, bool) { - return nil, false -} - -// AsBasicEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool) { - return &sa, true -} - -// UnmarshalJSON is the custom unmarshaler for SecurityAlert struct. -func (sa *SecurityAlert) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var securityAlertProperties SecurityAlertProperties - err = json.Unmarshal(*v, &securityAlertProperties) - if err != nil { - return err - } - sa.SecurityAlertProperties = &securityAlertProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - sa.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - sa.Type = &typeVar + sar.Type = &typeVar } case "name": if v != nil { @@ -7380,16 +4767,25 @@ func (sa *SecurityAlert) UnmarshalJSON(body []byte) error { if err != nil { return err } - sa.Name = &name + sar.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + sar.Etag = &etag } case "kind": if v != nil { - var kind KindBasicEntity + var kind Kind err = json.Unmarshal(*v, &kind) if err != nil { return err } - sa.Kind = kind + sar.Kind = kind } } } @@ -7397,187 +4793,93 @@ func (sa *SecurityAlert) UnmarshalJSON(body []byte) error { return nil } -// SecurityAlertProperties securityAlert entity property bag. -type SecurityAlertProperties struct { - // SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product. - SystemAlertID *string `json:"systemAlertId,omitempty"` - // ConfidenceReasons - READ-ONLY; The confidence reasons - ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"` - // ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final' - ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` - // Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact' - Intent KillChainIntent `json:"intent,omitempty"` - // ConfidenceScore - READ-ONLY; The confidence score of the alert. - ConfidenceScore *float64 `json:"confidenceScore,omitempty"` - // AlertDisplayName - READ-ONLY; The display name of the alert. - AlertDisplayName *string `json:"alertDisplayName,omitempty"` - // Description - READ-ONLY; Alert description. +// ScheduledAlertRuleProperties alert rule property bag. +type ScheduledAlertRuleProperties struct { + // DisplayName - The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule. Description *string `json:"description,omitempty"` - // RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert. - RemediationSteps *[]string `json:"remediationSteps,omitempty"` - // ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh' - ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"` - // Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational' + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` - // VendorName - READ-ONLY; The name of the vendor that raise the alert. - VendorName *string `json:"vendorName,omitempty"` - // ProductName - READ-ONLY; The name of the product which published this alert. - ProductName *string `json:"productName,omitempty"` - // ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert. - ProductComponentName *string `json:"productComponentName,omitempty"` - // AlertType - READ-ONLY; The type name of the alert. - AlertType *string `json:"alertType,omitempty"` - // ProductVersion - READ-ONLY; The version of the product generating the alert. - ProductVersion *string `json:"productVersion,omitempty"` - // ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption. - ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"` - // Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress' - Status AlertStatus `json:"status,omitempty"` - // EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert). - EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` - // StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert). - StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` - // TimeGenerated - READ-ONLY; The time the alert was generated. - TimeGenerated *date.Time `json:"timeGenerated,omitempty"` - // CompromisedEntity - READ-ONLY; Display name of the main entity being reported on. - CompromisedEntity *string `json:"compromisedEntity,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for SecurityAlertProperties. -func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - if sap.Severity != "" { - objectMap["severity"] = sap.Severity - } - return json.Marshal(objectMap) -} - -// SecurityAlertPropertiesConfidenceReasonsItem confidence reason item -type SecurityAlertPropertiesConfidenceReasonsItem struct { - // ReasonType - READ-ONLY; The type (category) of the reason - ReasonType *string `json:"reasonType,omitempty"` - // Reason - READ-ONLY; The reason's description - Reason *string `json:"reason,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. + SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` + // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. + SuppressionDuration *string `json:"suppressionDuration,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. + LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` } -// SecurityGroupEntity represents a security group entity. -type SecurityGroupEntity struct { - // SecurityGroupEntityProperties - SecurityGroup entity properties - *SecurityGroupEntityProperties `json:"properties,omitempty"` +// ScheduledAlertRuleTemplate represents scheduled alert rule template. +type ScheduledAlertRuleTemplate struct { + // ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties + *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for SecurityGroupEntity. -func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error) { - sge.Kind = KindSecurityGroup +// MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) { + sart.Kind = KindBasicAlertRuleTemplateKindScheduled objectMap := make(map[string]interface{}) - if sge.SecurityGroupEntityProperties != nil { - objectMap["properties"] = sge.SecurityGroupEntityProperties + if sart.ScheduledAlertRuleTemplateProperties != nil { + objectMap["properties"] = sart.ScheduledAlertRuleTemplateProperties } - if sge.Kind != "" { - objectMap["kind"] = sge.Kind + if sart.Etag != nil { + objectMap["etag"] = sart.Etag + } + if sart.Kind != "" { + objectMap["kind"] = sart.Kind } return json.Marshal(objectMap) } -// AsAccountEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return &sge, true -} - -// AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return &sart, true } -// AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { return nil, false } -// AsURLEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool) { +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { return nil, false } -// AsEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsEntity() (*Entity, bool) { +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { return nil, false } -// AsBasicEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool) { - return &sge, true +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &sart, true } -// UnmarshalJSON is the custom unmarshaler for SecurityGroupEntity struct. -func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct. +func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -7587,12 +4889,12 @@ func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var securityGroupEntityProperties SecurityGroupEntityProperties - err = json.Unmarshal(*v, &securityGroupEntityProperties) + var scheduledAlertRuleTemplateProperties ScheduledAlertRuleTemplateProperties + err = json.Unmarshal(*v, &scheduledAlertRuleTemplateProperties) if err != nil { return err } - sge.SecurityGroupEntityProperties = &securityGroupEntityProperties + sart.ScheduledAlertRuleTemplateProperties = &scheduledAlertRuleTemplateProperties } case "id": if v != nil { @@ -7601,7 +4903,7 @@ func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - sge.ID = &ID + sart.ID = &ID } case "type": if v != nil { @@ -7610,7 +4912,7 @@ func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - sge.Type = &typeVar + sart.Type = &typeVar } case "name": if v != nil { @@ -7619,16 +4921,25 @@ func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - sge.Name = &name + sart.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + sart.Etag = &etag } case "kind": if v != nil { - var kind KindBasicEntity + var kind KindBasicAlertRuleTemplate err = json.Unmarshal(*v, &kind) if err != nil { return err } - sge.Kind = kind + sart.Kind = kind } } } @@ -7636,24 +4947,50 @@ func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { return nil } -// SecurityGroupEntityProperties securityGroup entity property bag. -type SecurityGroupEntityProperties struct { - // DistinguishedName - READ-ONLY; The group distinguished name - DistinguishedName *string `json:"distinguishedName,omitempty"` - // Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group - Sid *string `json:"sid,omitempty"` - // ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory. - ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` +// ScheduledAlertRuleTemplateProperties scheduled alert rule template properties +type ScheduledAlertRuleTemplateProperties struct { + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that was created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` } -// MarshalJSON is the custom marshaler for SecurityGroupEntityProperties. -func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) +// ScheduledAlertRuleTemplatePropertiesModel schedule alert rule template property bag. +type ScheduledAlertRuleTemplatePropertiesModel struct { + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` } // BasicSettings the Setting. @@ -7775,22 +5112,6 @@ func (sm *SettingsModel) UnmarshalJSON(body []byte) error { return nil } -// ThreatIntelligence threatIntelligence property bag. -type ThreatIntelligence struct { - // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received - ProviderName *string `json:"providerName,omitempty"` - // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") - ThreatType *string `json:"threatType,omitempty"` - // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") - ThreatName *string `json:"threatName,omitempty"` - // Confidence - READ-ONLY; Confidence (must be between 0 and 1) - Confidence *float64 `json:"confidence,omitempty"` - // ReportLink - READ-ONLY; Report link - ReportLink *string `json:"reportLink,omitempty"` - // ThreatDescription - READ-ONLY; Threat description (free text) - ThreatDescription *string `json:"threatDescription,omitempty"` -} - // TIDataConnector represents threat intelligence data connector. type TIDataConnector struct { // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. @@ -7803,7 +5124,7 @@ type TIDataConnector struct { Name *string `json:"name,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -7833,11 +5154,6 @@ func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return &tdc, true } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false -} - // AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false @@ -7853,16 +5169,6 @@ func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false -} - -// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return nil, false -} - // AsDataConnector is the BasicDataConnector implementation for TIDataConnector. func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -8220,194 +5526,6 @@ type UebaSettingsProperties struct { AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` } -// URLEntity represents a url entity. -type URLEntity struct { - // URLEntityProperties - Url entity properties - *URLEntityProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' - Kind KindBasicEntity `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for URLEntity. -func (ue URLEntity) MarshalJSON() ([]byte, error) { - ue.Kind = KindURL - objectMap := make(map[string]interface{}) - if ue.URLEntityProperties != nil { - objectMap["properties"] = ue.URLEntityProperties - } - if ue.Kind != "" { - objectMap["kind"] = ue.Kind - } - return json.Marshal(objectMap) -} - -// AsAccountEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsURLEntity() (*URLEntity, bool) { - return &ue, true -} - -// AsEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsEntity() (*Entity, bool) { - return nil, false -} - -// AsBasicEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsBasicEntity() (BasicEntity, bool) { - return &ue, true -} - -// UnmarshalJSON is the custom unmarshaler for URLEntity struct. -func (ue *URLEntity) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var URLEntityProperties URLEntityProperties - err = json.Unmarshal(*v, &URLEntityProperties) - if err != nil { - return err - } - ue.URLEntityProperties = &URLEntityProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - ue.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - ue.Type = &typeVar - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - ue.Name = &name - } - case "kind": - if v != nil { - var kind KindBasicEntity - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - ue.Kind = kind - } - } - } - - return nil -} - -// URLEntityProperties url entity property bag. -type URLEntityProperties struct { - // URL - READ-ONLY; A full URL the entity points to - URL *string `json:"url,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` -} - -// MarshalJSON is the custom marshaler for URLEntityProperties. -func (uep URLEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) -} - // UserInfo user information that made some action type UserInfo struct { // ObjectID - The object id of the user. diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go index df4305769a17..61f75efb106a 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go @@ -50,6 +50,14 @@ type ActionsClientAPI interface { var _ ActionsClientAPI = (*securityinsight.ActionsClient)(nil) +// AlertRuleTemplatesClientAPI contains the set of methods on the AlertRuleTemplatesClient type. +type AlertRuleTemplatesClientAPI interface { + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result securityinsight.AlertRuleTemplateModel, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.AlertRuleTemplatesListPage, err error) +} + +var _ AlertRuleTemplatesClientAPI = (*securityinsight.AlertRuleTemplatesClient)(nil) + // CasesClientAPI contains the set of methods on the CasesClient type. type CasesClientAPI interface { CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter securityinsight.Case) (result securityinsight.Case, err error) @@ -82,7 +90,6 @@ var _ DataConnectorsClientAPI = (*securityinsight.DataConnectorsClient)(nil) // EntitiesClientAPI contains the set of methods on the EntitiesClient type. type EntitiesClientAPI interface { - Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters securityinsight.EntityExpandParameters) (result securityinsight.EntityExpandResponse, err error) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (result securityinsight.EntityModel, err error) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.EntityListPage, err error) } From 856b10a25aa8886488175a6f9385cd28b25067c6 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Tue, 13 Aug 2019 12:11:10 +0000 Subject: [PATCH 2/5] Generated from d09f26c587fddd31fa13cb3d94d7a9bbe8d58ec8 fix merge conflict --- .../mgmt/securityinsight/models.go | 283 +- .../securityinsightapi/models.go | 2 + .../securityinsight/bookmarks.go | 4 + .../securityinsight/casecomments.go | 149 + .../securityinsight/cases.go | 132 +- .../securityinsight/comments.go | 194 + .../securityinsight/entities.go | 99 + .../securityinsight/models.go | 5180 +++++++++++++++-- .../securityinsightapi/interfaces.go | 18 +- 9 files changed, 5448 insertions(+), 613 deletions(-) create mode 100644 services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/casecomments.go create mode 100644 services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/comments.go diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go index 6c290ccb11c4..bfb892c74af5 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go @@ -52,6 +52,16 @@ const ( Medium AlertSeverity = original.Medium ) +type AlertStatus = original.AlertStatus + +const ( + AlertStatusDismissed AlertStatus = original.AlertStatusDismissed + AlertStatusInProgress AlertStatus = original.AlertStatusInProgress + AlertStatusNew AlertStatus = original.AlertStatusNew + AlertStatusResolved AlertStatus = original.AlertStatusResolved + AlertStatusUnknown AlertStatus = original.AlertStatusUnknown +) + type AttackTactic = original.AttackTactic const ( @@ -90,19 +100,41 @@ const ( type CloseReason = original.CloseReason const ( - Dismissed CloseReason = original.Dismissed - Other CloseReason = original.Other - Resolved CloseReason = original.Resolved + Dismissed CloseReason = original.Dismissed + FalsePositive CloseReason = original.FalsePositive + Other CloseReason = original.Other + Resolved CloseReason = original.Resolved + TruePositive CloseReason = original.TruePositive +) + +type ConfidenceLevel = original.ConfidenceLevel + +const ( + ConfidenceLevelHigh ConfidenceLevel = original.ConfidenceLevelHigh + ConfidenceLevelLow ConfidenceLevel = original.ConfidenceLevelLow + ConfidenceLevelUnknown ConfidenceLevel = original.ConfidenceLevelUnknown +) + +type ConfidenceScoreStatus = original.ConfidenceScoreStatus + +const ( + Final ConfidenceScoreStatus = original.Final + InProcess ConfidenceScoreStatus = original.InProcess + NotApplicable ConfidenceScoreStatus = original.NotApplicable + NotFinal ConfidenceScoreStatus = original.NotFinal ) type DataConnectorKind = original.DataConnectorKind const ( - AzureActiveDirectory DataConnectorKind = original.AzureActiveDirectory - AzureSecurityCenter DataConnectorKind = original.AzureSecurityCenter - MicrosoftCloudAppSecurity DataConnectorKind = original.MicrosoftCloudAppSecurity - Office365 DataConnectorKind = original.Office365 - ThreatIntelligence DataConnectorKind = original.ThreatIntelligence + DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = original.DataConnectorKindAmazonWebServicesCloudTrail + DataConnectorKindAzureActiveDirectory DataConnectorKind = original.DataConnectorKindAzureActiveDirectory + DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = original.DataConnectorKindAzureAdvancedThreatProtection + DataConnectorKindAzureSecurityCenter DataConnectorKind = original.DataConnectorKindAzureSecurityCenter + DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = original.DataConnectorKindMicrosoftCloudAppSecurity + DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = original.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection + DataConnectorKindOffice365 DataConnectorKind = original.DataConnectorKindOffice365 + DataConnectorKindThreatIntelligence DataConnectorKind = original.DataConnectorKindThreatIntelligence ) type DataTypeState = original.DataTypeState @@ -119,12 +151,83 @@ const ( NotExist DataTypeStatus = original.NotExist ) +type ElevationToken = original.ElevationToken + +const ( + Default ElevationToken = original.Default + Full ElevationToken = original.Full + Limited ElevationToken = original.Limited +) + type EntityKind = original.EntityKind const ( - Account EntityKind = original.Account - File EntityKind = original.File - Host EntityKind = original.Host + EntityKindAccount EntityKind = original.EntityKindAccount + EntityKindAzureResource EntityKind = original.EntityKindAzureResource + EntityKindBookmark EntityKind = original.EntityKindBookmark + EntityKindCloudApplication EntityKind = original.EntityKindCloudApplication + EntityKindDNSResolution EntityKind = original.EntityKindDNSResolution + EntityKindFile EntityKind = original.EntityKindFile + EntityKindFileHash EntityKind = original.EntityKindFileHash + EntityKindHost EntityKind = original.EntityKindHost + EntityKindIP EntityKind = original.EntityKindIP + EntityKindMalware EntityKind = original.EntityKindMalware + EntityKindProcess EntityKind = original.EntityKindProcess + EntityKindRegistryKey EntityKind = original.EntityKindRegistryKey + EntityKindRegistryValue EntityKind = original.EntityKindRegistryValue + EntityKindSecurityAlert EntityKind = original.EntityKindSecurityAlert + EntityKindSecurityGroup EntityKind = original.EntityKindSecurityGroup + EntityKindURL EntityKind = original.EntityKindURL +) + +type EntityType = original.EntityType + +const ( + EntityTypeAccount EntityType = original.EntityTypeAccount + EntityTypeAzureResource EntityType = original.EntityTypeAzureResource + EntityTypeCloudApplication EntityType = original.EntityTypeCloudApplication + EntityTypeDNS EntityType = original.EntityTypeDNS + EntityTypeFile EntityType = original.EntityTypeFile + EntityTypeFileHash EntityType = original.EntityTypeFileHash + EntityTypeHost EntityType = original.EntityTypeHost + EntityTypeHuntingBookmark EntityType = original.EntityTypeHuntingBookmark + EntityTypeIP EntityType = original.EntityTypeIP + EntityTypeMalware EntityType = original.EntityTypeMalware + EntityTypeProcess EntityType = original.EntityTypeProcess + EntityTypeRegistryKey EntityType = original.EntityTypeRegistryKey + EntityTypeRegistryValue EntityType = original.EntityTypeRegistryValue + EntityTypeSecurityAlert EntityType = original.EntityTypeSecurityAlert + EntityTypeSecurityGroup EntityType = original.EntityTypeSecurityGroup + EntityTypeURL EntityType = original.EntityTypeURL +) + +type FileHashAlgorithm = original.FileHashAlgorithm + +const ( + MD5 FileHashAlgorithm = original.MD5 + SHA1 FileHashAlgorithm = original.SHA1 + SHA256 FileHashAlgorithm = original.SHA256 + SHA256AC FileHashAlgorithm = original.SHA256AC + Unknown FileHashAlgorithm = original.Unknown +) + +type KillChainIntent = original.KillChainIntent + +const ( + KillChainIntentCollection KillChainIntent = original.KillChainIntentCollection + KillChainIntentCommandAndControl KillChainIntent = original.KillChainIntentCommandAndControl + KillChainIntentCredentialAccess KillChainIntent = original.KillChainIntentCredentialAccess + KillChainIntentDefenseEvasion KillChainIntent = original.KillChainIntentDefenseEvasion + KillChainIntentDiscovery KillChainIntent = original.KillChainIntentDiscovery + KillChainIntentExecution KillChainIntent = original.KillChainIntentExecution + KillChainIntentExfiltration KillChainIntent = original.KillChainIntentExfiltration + KillChainIntentExploitation KillChainIntent = original.KillChainIntentExploitation + KillChainIntentImpact KillChainIntent = original.KillChainIntentImpact + KillChainIntentLateralMovement KillChainIntent = original.KillChainIntentLateralMovement + KillChainIntentPersistence KillChainIntent = original.KillChainIntentPersistence + KillChainIntentPrivilegeEscalation KillChainIntent = original.KillChainIntentPrivilegeEscalation + KillChainIntentProbing KillChainIntent = original.KillChainIntentProbing + KillChainIntentUnknown KillChainIntent = original.KillChainIntentUnknown ) type Kind = original.Kind @@ -153,21 +256,36 @@ const ( type KindBasicDataConnector = original.KindBasicDataConnector const ( - KindAzureActiveDirectory KindBasicDataConnector = original.KindAzureActiveDirectory - KindAzureSecurityCenter KindBasicDataConnector = original.KindAzureSecurityCenter - KindDataConnector KindBasicDataConnector = original.KindDataConnector - KindMicrosoftCloudAppSecurity KindBasicDataConnector = original.KindMicrosoftCloudAppSecurity - KindOffice365 KindBasicDataConnector = original.KindOffice365 - KindThreatIntelligence KindBasicDataConnector = original.KindThreatIntelligence + KindAmazonWebServicesCloudTrail KindBasicDataConnector = original.KindAmazonWebServicesCloudTrail + KindAzureActiveDirectory KindBasicDataConnector = original.KindAzureActiveDirectory + KindAzureAdvancedThreatProtection KindBasicDataConnector = original.KindAzureAdvancedThreatProtection + KindAzureSecurityCenter KindBasicDataConnector = original.KindAzureSecurityCenter + KindDataConnector KindBasicDataConnector = original.KindDataConnector + KindMicrosoftCloudAppSecurity KindBasicDataConnector = original.KindMicrosoftCloudAppSecurity + KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = original.KindMicrosoftDefenderAdvancedThreatProtection + KindOffice365 KindBasicDataConnector = original.KindOffice365 + KindThreatIntelligence KindBasicDataConnector = original.KindThreatIntelligence ) type KindBasicEntity = original.KindBasicEntity const ( - KindAccount KindBasicEntity = original.KindAccount - KindEntity KindBasicEntity = original.KindEntity - KindFile KindBasicEntity = original.KindFile - KindHost KindBasicEntity = original.KindHost + KindAccount KindBasicEntity = original.KindAccount + KindAzureResource KindBasicEntity = original.KindAzureResource + KindCloudApplication KindBasicEntity = original.KindCloudApplication + KindDNSResolution KindBasicEntity = original.KindDNSResolution + KindEntity KindBasicEntity = original.KindEntity + KindFile KindBasicEntity = original.KindFile + KindFileHash KindBasicEntity = original.KindFileHash + KindHost KindBasicEntity = original.KindHost + KindIP KindBasicEntity = original.KindIP + KindMalware KindBasicEntity = original.KindMalware + KindProcess KindBasicEntity = original.KindProcess + KindRegistryKey KindBasicEntity = original.KindRegistryKey + KindRegistryValue KindBasicEntity = original.KindRegistryValue + KindSecurityAlert KindBasicEntity = original.KindSecurityAlert + KindSecurityGroup KindBasicEntity = original.KindSecurityGroup + KindURL KindBasicEntity = original.KindURL ) type KindBasicSettings = original.KindBasicSettings @@ -194,6 +312,34 @@ const ( Windows OSFamily = original.Windows ) +type RegistryHive = original.RegistryHive + +const ( + HKEYA RegistryHive = original.HKEYA + HKEYCLASSESROOT RegistryHive = original.HKEYCLASSESROOT + HKEYCURRENTCONFIG RegistryHive = original.HKEYCURRENTCONFIG + HKEYCURRENTUSER RegistryHive = original.HKEYCURRENTUSER + HKEYCURRENTUSERLOCALSETTINGS RegistryHive = original.HKEYCURRENTUSERLOCALSETTINGS + HKEYLOCALMACHINE RegistryHive = original.HKEYLOCALMACHINE + HKEYPERFORMANCEDATA RegistryHive = original.HKEYPERFORMANCEDATA + HKEYPERFORMANCENLSTEXT RegistryHive = original.HKEYPERFORMANCENLSTEXT + HKEYPERFORMANCETEXT RegistryHive = original.HKEYPERFORMANCETEXT + HKEYUSERS RegistryHive = original.HKEYUSERS +) + +type RegistryValueKind = original.RegistryValueKind + +const ( + RegistryValueKindBinary RegistryValueKind = original.RegistryValueKindBinary + RegistryValueKindDWord RegistryValueKind = original.RegistryValueKindDWord + RegistryValueKindExpandString RegistryValueKind = original.RegistryValueKindExpandString + RegistryValueKindMultiString RegistryValueKind = original.RegistryValueKindMultiString + RegistryValueKindNone RegistryValueKind = original.RegistryValueKindNone + RegistryValueKindQWord RegistryValueKind = original.RegistryValueKindQWord + RegistryValueKindString RegistryValueKind = original.RegistryValueKindString + RegistryValueKindUnknown RegistryValueKind = original.RegistryValueKindUnknown +) + type SettingKind = original.SettingKind const ( @@ -227,6 +373,8 @@ const ( type AADDataConnector = original.AADDataConnector type AADDataConnectorProperties = original.AADDataConnectorProperties +type AATPDataConnector = original.AATPDataConnector +type AATPDataConnectorProperties = original.AATPDataConnectorProperties type ASCDataConnector = original.ASCDataConnector type ASCDataConnectorProperties = original.ASCDataConnectorProperties type AccountEntity = original.AccountEntity @@ -255,6 +403,12 @@ type AlertRulesListIterator = original.AlertRulesListIterator type AlertRulesListPage = original.AlertRulesListPage type AlertsDataTypeOfDataConnector = original.AlertsDataTypeOfDataConnector type AlertsDataTypeOfDataConnectorAlerts = original.AlertsDataTypeOfDataConnectorAlerts +type AwsCloudTrailDataConnector = original.AwsCloudTrailDataConnector +type AwsCloudTrailDataConnectorDataTypes = original.AwsCloudTrailDataConnectorDataTypes +type AwsCloudTrailDataConnectorDataTypesLogs = original.AwsCloudTrailDataConnectorDataTypesLogs +type AwsCloudTrailDataConnectorProperties = original.AwsCloudTrailDataConnectorProperties +type AzureResourceEntity = original.AzureResourceEntity +type AzureResourceEntityProperties = original.AzureResourceEntityProperties type BaseAlertRuleTemplateProperties = original.BaseAlertRuleTemplateProperties type BaseClient = original.BaseClient type BasicAggregations = original.BasicAggregations @@ -270,6 +424,12 @@ type BookmarkListPage = original.BookmarkListPage type BookmarkProperties = original.BookmarkProperties type BookmarksClient = original.BookmarksClient type Case = original.Case +type CaseComment = original.CaseComment +type CaseCommentList = original.CaseCommentList +type CaseCommentListIterator = original.CaseCommentListIterator +type CaseCommentListPage = original.CaseCommentListPage +type CaseCommentProperties = original.CaseCommentProperties +type CaseCommentsClient = original.CaseCommentsClient type CaseList = original.CaseList type CaseListIterator = original.CaseListIterator type CaseListPage = original.CaseListPage @@ -280,8 +440,13 @@ type CasesAggregationByStatusProperties = original.CasesAggregationByStatusPrope type CasesAggregationProperties = original.CasesAggregationProperties type CasesAggregationsClient = original.CasesAggregationsClient type CasesClient = original.CasesClient +type CloudApplicationEntity = original.CloudApplicationEntity +type CloudApplicationEntityProperties = original.CloudApplicationEntityProperties type CloudError = original.CloudError type CloudErrorBody = original.CloudErrorBody +type CommentsClient = original.CommentsClient +type DNSEntity = original.DNSEntity +type DNSEntityProperties = original.DNSEntityProperties type DataConnector = original.DataConnector type DataConnectorDataTypeCommon = original.DataConnectorDataTypeCommon type DataConnectorKind1 = original.DataConnectorKind1 @@ -295,6 +460,10 @@ type DataConnectorWithAlertsProperties = original.DataConnectorWithAlertsPropert type DataConnectorsClient = original.DataConnectorsClient type EntitiesClient = original.EntitiesClient type Entity = original.Entity +type EntityCommonProperties = original.EntityCommonProperties +type EntityExpandParameters = original.EntityExpandParameters +type EntityExpandResponse = original.EntityExpandResponse +type EntityExpandResponseValue = original.EntityExpandResponseValue type EntityKind1 = original.EntityKind1 type EntityList = original.EntityList type EntityListIterator = original.EntityListIterator @@ -306,16 +475,29 @@ type EntityQueryList = original.EntityQueryList type EntityQueryListIterator = original.EntityQueryListIterator type EntityQueryListPage = original.EntityQueryListPage type EntityQueryProperties = original.EntityQueryProperties +type ExpansionResultAggregation = original.ExpansionResultAggregation +type ExpansionResultsMetadata = original.ExpansionResultsMetadata type FileEntity = original.FileEntity type FileEntityProperties = original.FileEntityProperties +type FileHashEntity = original.FileHashEntity +type FileHashEntityProperties = original.FileHashEntityProperties type FilterAlertRuleTemplate = original.FilterAlertRuleTemplate type FilterAlertRuleTemplateProperties = original.FilterAlertRuleTemplateProperties type FilterAlertRuleTemplatePropertiesModel = original.FilterAlertRuleTemplatePropertiesModel type FusionAlertRuleTemplate = original.FusionAlertRuleTemplate +type GeoLocation = original.GeoLocation type HostEntity = original.HostEntity type HostEntityProperties = original.HostEntityProperties +type IPEntity = original.IPEntity +type IPEntityProperties = original.IPEntityProperties type MCASDataConnector = original.MCASDataConnector +type MCASDataConnectorDataTypes = original.MCASDataConnectorDataTypes +type MCASDataConnectorDataTypesDiscoveryLogs = original.MCASDataConnectorDataTypesDiscoveryLogs type MCASDataConnectorProperties = original.MCASDataConnectorProperties +type MDATPDataConnector = original.MDATPDataConnector +type MDATPDataConnectorProperties = original.MDATPDataConnectorProperties +type MalwareEntity = original.MalwareEntity +type MalwareEntityProperties = original.MalwareEntityProperties type OfficeConsent = original.OfficeConsent type OfficeConsentList = original.OfficeConsentList type OfficeConsentListIterator = original.OfficeConsentListIterator @@ -333,13 +515,24 @@ type OperationsClient = original.OperationsClient type OperationsList = original.OperationsList type OperationsListIterator = original.OperationsListIterator type OperationsListPage = original.OperationsListPage +type ProcessEntity = original.ProcessEntity +type ProcessEntityProperties = original.ProcessEntityProperties type ProductSettingsClient = original.ProductSettingsClient +type RegistryKeyEntity = original.RegistryKeyEntity +type RegistryKeyEntityProperties = original.RegistryKeyEntityProperties +type RegistryValueEntity = original.RegistryValueEntity +type RegistryValueEntityProperties = original.RegistryValueEntityProperties type Resource = original.Resource type ScheduledAlertRule = original.ScheduledAlertRule type ScheduledAlertRuleProperties = original.ScheduledAlertRuleProperties type ScheduledAlertRuleTemplate = original.ScheduledAlertRuleTemplate type ScheduledAlertRuleTemplateProperties = original.ScheduledAlertRuleTemplateProperties type ScheduledAlertRuleTemplatePropertiesModel = original.ScheduledAlertRuleTemplatePropertiesModel +type SecurityAlert = original.SecurityAlert +type SecurityAlertProperties = original.SecurityAlertProperties +type SecurityAlertPropertiesConfidenceReasonsItem = original.SecurityAlertPropertiesConfidenceReasonsItem +type SecurityGroupEntity = original.SecurityGroupEntity +type SecurityGroupEntityProperties = original.SecurityGroupEntityProperties type Settings = original.Settings type SettingsKind = original.SettingsKind type SettingsModel = original.SettingsModel @@ -347,8 +540,11 @@ type TIDataConnector = original.TIDataConnector type TIDataConnectorDataTypes = original.TIDataConnectorDataTypes type TIDataConnectorDataTypesIndicators = original.TIDataConnectorDataTypesIndicators type TIDataConnectorProperties = original.TIDataConnectorProperties +type ThreatIntelligence = original.ThreatIntelligence type ToggleSettings = original.ToggleSettings type ToggleSettingsProperties = original.ToggleSettingsProperties +type URLEntity = original.URLEntity +type URLEntityProperties = original.URLEntityProperties type UebaSettings = original.UebaSettings type UebaSettingsProperties = original.UebaSettingsProperties type UserInfo = original.UserInfo @@ -404,6 +600,18 @@ func NewBookmarksClient(subscriptionID string) BookmarksClient { func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient { return original.NewBookmarksClientWithBaseURI(baseURI, subscriptionID) } +func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator { + return original.NewCaseCommentListIterator(page) +} +func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage { + return original.NewCaseCommentListPage(getNextPage) +} +func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient { + return original.NewCaseCommentsClient(subscriptionID) +} +func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient { + return original.NewCaseCommentsClientWithBaseURI(baseURI, subscriptionID) +} func NewCaseListIterator(page CaseListPage) CaseListIterator { return original.NewCaseListIterator(page) } @@ -422,6 +630,12 @@ func NewCasesClient(subscriptionID string) CasesClient { func NewCasesClientWithBaseURI(baseURI string, subscriptionID string) CasesClient { return original.NewCasesClientWithBaseURI(baseURI, subscriptionID) } +func NewCommentsClient(subscriptionID string) CommentsClient { + return original.NewCommentsClient(subscriptionID) +} +func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient { + return original.NewCommentsClientWithBaseURI(baseURI, subscriptionID) +} func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator { return original.NewDataConnectorListIterator(page) } @@ -500,6 +714,9 @@ func PossibleAlertRuleKindValues() []AlertRuleKind { func PossibleAlertSeverityValues() []AlertSeverity { return original.PossibleAlertSeverityValues() } +func PossibleAlertStatusValues() []AlertStatus { + return original.PossibleAlertStatusValues() +} func PossibleAttackTacticValues() []AttackTactic { return original.PossibleAttackTacticValues() } @@ -512,6 +729,12 @@ func PossibleCaseStatusValues() []CaseStatus { func PossibleCloseReasonValues() []CloseReason { return original.PossibleCloseReasonValues() } +func PossibleConfidenceLevelValues() []ConfidenceLevel { + return original.PossibleConfidenceLevelValues() +} +func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { + return original.PossibleConfidenceScoreStatusValues() +} func PossibleDataConnectorKindValues() []DataConnectorKind { return original.PossibleDataConnectorKindValues() } @@ -521,9 +744,21 @@ func PossibleDataTypeStateValues() []DataTypeState { func PossibleDataTypeStatusValues() []DataTypeStatus { return original.PossibleDataTypeStatusValues() } +func PossibleElevationTokenValues() []ElevationToken { + return original.PossibleElevationTokenValues() +} func PossibleEntityKindValues() []EntityKind { return original.PossibleEntityKindValues() } +func PossibleEntityTypeValues() []EntityType { + return original.PossibleEntityTypeValues() +} +func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { + return original.PossibleFileHashAlgorithmValues() +} +func PossibleKillChainIntentValues() []KillChainIntent { + return original.PossibleKillChainIntentValues() +} func PossibleKindBasicAggregationsValues() []KindBasicAggregations { return original.PossibleKindBasicAggregationsValues() } @@ -548,6 +783,12 @@ func PossibleLicenseStatusValues() []LicenseStatus { func PossibleOSFamilyValues() []OSFamily { return original.PossibleOSFamilyValues() } +func PossibleRegistryHiveValues() []RegistryHive { + return original.PossibleRegistryHiveValues() +} +func PossibleRegistryValueKindValues() []RegistryValueKind { + return original.PossibleRegistryValueKindValues() +} func PossibleSettingKindValues() []SettingKind { return original.PossibleSettingKindValues() } diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go index cabd8e50561e..8ab6cea80eac 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go @@ -25,8 +25,10 @@ type ActionsClientAPI = original.ActionsClientAPI type AlertRuleTemplatesClientAPI = original.AlertRuleTemplatesClientAPI type AlertRulesClientAPI = original.AlertRulesClientAPI type BookmarksClientAPI = original.BookmarksClientAPI +type CaseCommentsClientAPI = original.CaseCommentsClientAPI type CasesAggregationsClientAPI = original.CasesAggregationsClientAPI type CasesClientAPI = original.CasesClientAPI +type CommentsClientAPI = original.CommentsClientAPI type DataConnectorsClientAPI = original.DataConnectorsClientAPI type EntitiesClientAPI = original.EntitiesClientAPI type EntityQueriesClientAPI = original.EntityQueriesClientAPI diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go index 6b2677e3e20f..d324696ba926 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go @@ -74,6 +74,10 @@ func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupN {TargetValue: bookmark, Constraints: []validation.Constraint{{Target: "bookmark.BookmarkProperties", Name: validation.Null, Rule: false, Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "bookmark.BookmarkProperties.CreatedBy", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + {Target: "bookmark.BookmarkProperties.UpdatedBy", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.UpdatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, {Target: "bookmark.BookmarkProperties.Query", Name: validation.Null, Rule: true, Chain: nil}, }}}}}); err != nil { return result, validation.NewError("securityinsight.BookmarksClient", "CreateOrUpdate", err.Error()) diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/casecomments.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/casecomments.go new file mode 100644 index 000000000000..897d9d02fa33 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/casecomments.go @@ -0,0 +1,149 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// CaseCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type CaseCommentsClient struct { + BaseClient +} + +// NewCaseCommentsClient creates an instance of the CaseCommentsClient client. +func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient { + return NewCaseCommentsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewCaseCommentsClientWithBaseURI creates an instance of the CaseCommentsClient client. +func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient { + return CaseCommentsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateComment creates the case comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// caseCommentID - case comment ID +// caseComment - the case comment +func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (result CaseComment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseCommentsClient.CreateComment") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: caseComment, + Constraints: []validation.Constraint{{Target: "caseComment.CaseCommentProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "caseComment.CaseCommentProperties.Message", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "caseComment.CaseCommentProperties.UserInfo", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "caseComment.CaseCommentProperties.UserInfo.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + }}}}}); err != nil { + return result, validation.NewError("securityinsight.CaseCommentsClient", "CreateComment", err.Error()) + } + + req, err := client.CreateCommentPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, caseCommentID, caseComment) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseCommentsClient", "CreateComment", nil, "Failure preparing request") + return + } + + resp, err := client.CreateCommentSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CaseCommentsClient", "CreateComment", resp, "Failure sending request") + return + } + + result, err = client.CreateCommentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseCommentsClient", "CreateComment", resp, "Failure responding to request") + } + + return +} + +// CreateCommentPreparer prepares the CreateComment request. +func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseCommentId": autorest.Encode("path", caseCommentID), + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}", pathParameters), + autorest.WithJSON(caseComment), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateCommentSender sends the CreateComment request. The method will close the +// http.Response Body if it receives an error. +func (client CaseCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// CreateCommentResponder handles the response to the CreateComment request. The method always +// closes the http.Response Body. +func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go index 9a4eb0d79790..5f4bc4d1c106 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go @@ -73,7 +73,11 @@ func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, {TargetValue: caseParameter, Constraints: []validation.Constraint{{Target: "caseParameter.CaseProperties", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.StartTimeUtc", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "caseParameter.CaseProperties.Owner", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Owner.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + }}}}}); err != nil { return result, validation.NewError("securityinsight.CasesClient", "CreateOrUpdate", err.Error()) } @@ -334,6 +338,104 @@ func (client CasesClient) GetResponder(resp *http.Response) (result Case, err er return } +// GetComment gets a case comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// caseCommentID - case comment ID +func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result CaseComment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CasesClient.GetComment") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.CasesClient", "GetComment", err.Error()) + } + + req, err := client.GetCommentPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, caseCommentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "GetComment", nil, "Failure preparing request") + return + } + + resp, err := client.GetCommentSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "GetComment", resp, "Failure sending request") + return + } + + result, err = client.GetCommentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "GetComment", resp, "Failure responding to request") + } + + return +} + +// GetCommentPreparer prepares the GetComment request. +func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseCommentId": autorest.Encode("path", caseCommentID), + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetCommentSender sends the GetComment request. The method will close the +// http.Response Body if it receives an error. +func (client CasesClient) GetCommentSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetCommentResponder handles the response to the GetComment request. The method always +// closes the http.Response Body. +func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + // List gets all cases. // Parameters: // resourceGroupName - the name of the resource group within the user's subscription. The name is case @@ -341,7 +443,13 @@ func (client CasesClient) GetResponder(resp *http.Response) (result Case, err er // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result CaseListPage, err error) { +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListPage, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/CasesClient.List") defer func() { @@ -366,7 +474,7 @@ func (client CasesClient) List(ctx context.Context, resourceGroupName string, op } result.fn = client.listNextResults - req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, orderby, top, skipToken) if err != nil { err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "List", nil, "Failure preparing request") return @@ -388,7 +496,7 @@ func (client CasesClient) List(ctx context.Context, resourceGroupName string, op } // ListPreparer prepares the List request. -func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) { +func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { pathParameters := map[string]interface{}{ "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), "resourceGroupName": autorest.Encode("path", resourceGroupName), @@ -400,6 +508,18 @@ func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName st queryParameters := map[string]interface{}{ "api-version": APIVersion, } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } preparer := autorest.CreatePreparer( autorest.AsGet(), @@ -451,7 +571,7 @@ func (client CasesClient) listNextResults(ctx context.Context, lastResults CaseL } // ListComplete enumerates all values, automatically crossing page boundaries as required. -func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result CaseListIterator, err error) { +func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListIterator, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/CasesClient.List") defer func() { @@ -462,6 +582,6 @@ func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName st tracing.EndSpan(ctx, sc, err) }() } - result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, orderby, top, skipToken) return } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/comments.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/comments.go new file mode 100644 index 000000000000..c9d4578f02c0 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/comments.go @@ -0,0 +1,194 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// CommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type CommentsClient struct { + BaseClient +} + +// NewCommentsClient creates an instance of the CommentsClient client. +func NewCommentsClient(subscriptionID string) CommentsClient { + return NewCommentsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewCommentsClientWithBaseURI creates an instance of the CommentsClient client. +func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient { + return CommentsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// ListByCase gets all case comments. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CommentsClient.ListByCase") + defer func() { + sc := -1 + if result.ccl.Response.Response != nil { + sc = result.ccl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.CommentsClient", "ListByCase", err.Error()) + } + + result.fn = client.listByCaseNextResults + req, err := client.ListByCasePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, filter, orderby, top, skipToken) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "ListByCase", nil, "Failure preparing request") + return + } + + resp, err := client.ListByCaseSender(req) + if err != nil { + result.ccl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "ListByCase", resp, "Failure sending request") + return + } + + result.ccl, err = client.ListByCaseResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "ListByCase", resp, "Failure responding to request") + } + + return +} + +// ListByCasePreparer prepares the ListByCase request. +func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListByCaseSender sends the ListByCase request. The method will close the +// http.Response Body if it receives an error. +func (client CommentsClient) ListByCaseSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListByCaseResponder handles the response to the ListByCase request. The method always +// closes the http.Response Body. +func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listByCaseNextResults retrieves the next set of results, if any. +func (client CommentsClient) listByCaseNextResults(ctx context.Context, lastResults CaseCommentList) (result CaseCommentList, err error) { + req, err := lastResults.caseCommentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "listByCaseNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListByCaseSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "listByCaseNextResults", resp, "Failure sending next results request") + } + result, err = client.ListByCaseResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "listByCaseNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListByCaseComplete enumerates all values, automatically crossing page boundaries as required. +func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CommentsClient.ListByCase") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListByCase(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, filter, orderby, top, skipToken) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go index e72cffc3e2c3..f0e21ffe611a 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go @@ -41,6 +41,105 @@ func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) Entitie return EntitiesClient{NewWithBaseURI(baseURI, subscriptionID)} } +// Expand expands an entity. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// entityID - entity ID +// parameters - the parameters required to execute an expand operation on the given entity. +func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (result EntityExpandResponse, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/EntitiesClient.Expand") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.EntitiesClient", "Expand", err.Error()) + } + + req, err := client.ExpandPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, entityID, parameters) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", nil, "Failure preparing request") + return + } + + resp, err := client.ExpandSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", resp, "Failure sending request") + return + } + + result, err = client.ExpandResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", resp, "Failure responding to request") + } + + return +} + +// ExpandPreparer prepares the Expand request. +func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "entityId": autorest.Encode("path", entityID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand", pathParameters), + autorest.WithJSON(parameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ExpandSender sends the Expand request. The method will close the +// http.Response Body if it receives an error. +func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ExpandResponder handles the response to the Expand request. The method always +// closes the http.Response Body. +func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + // Get gets an entity. // Parameters: // resourceGroupName - the name of the resource group within the user's subscription. The name is case diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index 1d10bf60ff32..387661973bb4 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -80,6 +80,27 @@ func PossibleAlertSeverityValues() []AlertSeverity { return []AlertSeverity{High, Informational, Low, Medium} } +// AlertStatus enumerates the values for alert status. +type AlertStatus string + +const ( + // AlertStatusDismissed Alert dismissed as false positive + AlertStatusDismissed AlertStatus = "Dismissed" + // AlertStatusInProgress Alert is being handled + AlertStatusInProgress AlertStatus = "InProgress" + // AlertStatusNew New alert + AlertStatusNew AlertStatus = "New" + // AlertStatusResolved Alert closed after handling + AlertStatusResolved AlertStatus = "Resolved" + // AlertStatusUnknown Unknown value + AlertStatusUnknown AlertStatus = "Unknown" +) + +// PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type. +func PossibleAlertStatusValues() []AlertStatus { + return []AlertStatus{AlertStatusDismissed, AlertStatusInProgress, AlertStatusNew, AlertStatusResolved, AlertStatusUnknown} +} + // AttackTactic enumerates the values for attack tactic. type AttackTactic string @@ -159,36 +180,84 @@ type CloseReason string const ( // Dismissed Case was dismissed Dismissed CloseReason = "Dismissed" + // FalsePositive Case was false positive + FalsePositive CloseReason = "FalsePositive" // Other Case was closed for another reason Other CloseReason = "Other" // Resolved Case was resolved Resolved CloseReason = "Resolved" + // TruePositive Case was true positive + TruePositive CloseReason = "TruePositive" ) // PossibleCloseReasonValues returns an array of possible values for the CloseReason const type. func PossibleCloseReasonValues() []CloseReason { - return []CloseReason{Dismissed, Other, Resolved} + return []CloseReason{Dismissed, FalsePositive, Other, Resolved, TruePositive} +} + +// ConfidenceLevel enumerates the values for confidence level. +type ConfidenceLevel string + +const ( + // ConfidenceLevelHigh High confidence that the alert is true positive malicious + ConfidenceLevelHigh ConfidenceLevel = "High" + // ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an + // attack + ConfidenceLevelLow ConfidenceLevel = "Low" + // ConfidenceLevelUnknown Unknown confidence, the is the default value + ConfidenceLevelUnknown ConfidenceLevel = "Unknown" +) + +// PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type. +func PossibleConfidenceLevelValues() []ConfidenceLevel { + return []ConfidenceLevel{ConfidenceLevelHigh, ConfidenceLevelLow, ConfidenceLevelUnknown} +} + +// ConfidenceScoreStatus enumerates the values for confidence score status. +type ConfidenceScoreStatus string + +const ( + // Final Final score was calculated and available + Final ConfidenceScoreStatus = "Final" + // InProcess No score was set yet and calculation is in progress + InProcess ConfidenceScoreStatus = "InProcess" + // NotApplicable Score will not be calculated for this alert as it is not supported by virtual analyst + NotApplicable ConfidenceScoreStatus = "NotApplicable" + // NotFinal Score is calculated and shown as part of the alert, but may be updated again at a later time + // following the processing of additional data + NotFinal ConfidenceScoreStatus = "NotFinal" +) + +// PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type. +func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { + return []ConfidenceScoreStatus{Final, InProcess, NotApplicable, NotFinal} } // DataConnectorKind enumerates the values for data connector kind. type DataConnectorKind string const ( - // AzureActiveDirectory ... - AzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" - // AzureSecurityCenter ... - AzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" - // MicrosoftCloudAppSecurity ... - MicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" - // Office365 ... - Office365 DataConnectorKind = "Office365" - // ThreatIntelligence ... - ThreatIntelligence DataConnectorKind = "ThreatIntelligence" + // DataConnectorKindAmazonWebServicesCloudTrail ... + DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" + // DataConnectorKindAzureActiveDirectory ... + DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" + // DataConnectorKindAzureAdvancedThreatProtection ... + DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" + // DataConnectorKindAzureSecurityCenter ... + DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" + // DataConnectorKindMicrosoftCloudAppSecurity ... + DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" + // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... + DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" + // DataConnectorKindOffice365 ... + DataConnectorKindOffice365 DataConnectorKind = "Office365" + // DataConnectorKindThreatIntelligence ... + DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" ) // PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. func PossibleDataConnectorKindValues() []DataConnectorKind { - return []DataConnectorKind{AzureActiveDirectory, AzureSecurityCenter, MicrosoftCloudAppSecurity, Office365, ThreatIntelligence} + return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence} } // DataTypeState enumerates the values for data type state. @@ -221,21 +290,206 @@ func PossibleDataTypeStatusValues() []DataTypeStatus { return []DataTypeStatus{Exist, NotExist} } +// ElevationToken enumerates the values for elevation token. +type ElevationToken string + +const ( + // Default Default elevation token + Default ElevationToken = "Default" + // Full Full elevation token + Full ElevationToken = "Full" + // Limited Limited elevation token + Limited ElevationToken = "Limited" +) + +// PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type. +func PossibleElevationTokenValues() []ElevationToken { + return []ElevationToken{Default, Full, Limited} +} + // EntityKind enumerates the values for entity kind. type EntityKind string const ( - // Account Entity represents account in the system. - Account EntityKind = "Account" - // File Entity represents file in the system. - File EntityKind = "File" - // Host Entity represents host in the system. - Host EntityKind = "Host" + // EntityKindAccount Entity represents account in the system. + EntityKindAccount EntityKind = "Account" + // EntityKindAzureResource Entity represents azure resource in the system. + EntityKindAzureResource EntityKind = "AzureResource" + // EntityKindBookmark Entity represents bookmark in the system. + EntityKindBookmark EntityKind = "Bookmark" + // EntityKindCloudApplication Entity represents cloud application in the system. + EntityKindCloudApplication EntityKind = "CloudApplication" + // EntityKindDNSResolution Entity represents dns resolution in the system. + EntityKindDNSResolution EntityKind = "DnsResolution" + // EntityKindFile Entity represents file in the system. + EntityKindFile EntityKind = "File" + // EntityKindFileHash Entity represents file hash in the system. + EntityKindFileHash EntityKind = "FileHash" + // EntityKindHost Entity represents host in the system. + EntityKindHost EntityKind = "Host" + // EntityKindIP Entity represents ip in the system. + EntityKindIP EntityKind = "Ip" + // EntityKindMalware Entity represents malware in the system. + EntityKindMalware EntityKind = "Malware" + // EntityKindProcess Entity represents process in the system. + EntityKindProcess EntityKind = "Process" + // EntityKindRegistryKey Entity represents registry key in the system. + EntityKindRegistryKey EntityKind = "RegistryKey" + // EntityKindRegistryValue Entity represents registry value in the system. + EntityKindRegistryValue EntityKind = "RegistryValue" + // EntityKindSecurityAlert Entity represents security alert in the system. + EntityKindSecurityAlert EntityKind = "SecurityAlert" + // EntityKindSecurityGroup Entity represents security group in the system. + EntityKindSecurityGroup EntityKind = "SecurityGroup" + // EntityKindURL Entity represents url in the system. + EntityKindURL EntityKind = "Url" ) // PossibleEntityKindValues returns an array of possible values for the EntityKind const type. func PossibleEntityKindValues() []EntityKind { - return []EntityKind{Account, File, Host} + return []EntityKind{EntityKindAccount, EntityKindAzureResource, EntityKindBookmark, EntityKindCloudApplication, EntityKindDNSResolution, EntityKindFile, EntityKindFileHash, EntityKindHost, EntityKindIP, EntityKindMalware, EntityKindProcess, EntityKindRegistryKey, EntityKindRegistryValue, EntityKindSecurityAlert, EntityKindSecurityGroup, EntityKindURL} +} + +// EntityType enumerates the values for entity type. +type EntityType string + +const ( + // EntityTypeAccount Entity represents account in the system. + EntityTypeAccount EntityType = "Account" + // EntityTypeAzureResource Entity represents azure resource in the system. + EntityTypeAzureResource EntityType = "AzureResource" + // EntityTypeCloudApplication Entity represents cloud application in the system. + EntityTypeCloudApplication EntityType = "CloudApplication" + // EntityTypeDNS Entity represents dns in the system. + EntityTypeDNS EntityType = "DNS" + // EntityTypeFile Entity represents file in the system. + EntityTypeFile EntityType = "File" + // EntityTypeFileHash Entity represents file hash in the system. + EntityTypeFileHash EntityType = "FileHash" + // EntityTypeHost Entity represents host in the system. + EntityTypeHost EntityType = "Host" + // EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system. + EntityTypeHuntingBookmark EntityType = "HuntingBookmark" + // EntityTypeIP Entity represents ip in the system. + EntityTypeIP EntityType = "IP" + // EntityTypeMalware Entity represents malware in the system. + EntityTypeMalware EntityType = "Malware" + // EntityTypeProcess Entity represents process in the system. + EntityTypeProcess EntityType = "Process" + // EntityTypeRegistryKey Entity represents registry key in the system. + EntityTypeRegistryKey EntityType = "RegistryKey" + // EntityTypeRegistryValue Entity represents registry value in the system. + EntityTypeRegistryValue EntityType = "RegistryValue" + // EntityTypeSecurityAlert Entity represents security alert in the system. + EntityTypeSecurityAlert EntityType = "SecurityAlert" + // EntityTypeSecurityGroup Entity represents security group in the system. + EntityTypeSecurityGroup EntityType = "SecurityGroup" + // EntityTypeURL Entity represents url in the system. + EntityTypeURL EntityType = "URL" +) + +// PossibleEntityTypeValues returns an array of possible values for the EntityType const type. +func PossibleEntityTypeValues() []EntityType { + return []EntityType{EntityTypeAccount, EntityTypeAzureResource, EntityTypeCloudApplication, EntityTypeDNS, EntityTypeFile, EntityTypeFileHash, EntityTypeHost, EntityTypeHuntingBookmark, EntityTypeIP, EntityTypeMalware, EntityTypeProcess, EntityTypeRegistryKey, EntityTypeRegistryValue, EntityTypeSecurityAlert, EntityTypeSecurityGroup, EntityTypeURL} +} + +// FileHashAlgorithm enumerates the values for file hash algorithm. +type FileHashAlgorithm string + +const ( + // MD5 MD5 hash type + MD5 FileHashAlgorithm = "MD5" + // SHA1 SHA1 hash type + SHA1 FileHashAlgorithm = "SHA1" + // SHA256 SHA256 hash type + SHA256 FileHashAlgorithm = "SHA256" + // SHA256AC SHA256 Authenticode hash type + SHA256AC FileHashAlgorithm = "SHA256AC" + // Unknown Unknown hash algorithm + Unknown FileHashAlgorithm = "Unknown" +) + +// PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type. +func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { + return []FileHashAlgorithm{MD5, SHA1, SHA256, SHA256AC, Unknown} +} + +// KillChainIntent enumerates the values for kill chain intent. +type KillChainIntent string + +const ( + // KillChainIntentCollection Collection consists of techniques used to identify and gather information, + // such as sensitive files, from a target network prior to exfiltration. This category also covers + // locations on a system or network where the adversary may look for information to exfiltrate. + KillChainIntentCollection KillChainIntent = "Collection" + // KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate + // with systems under their control within a target network. + KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" + // KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or + // control over system, domain, or service credentials that are used within an enterprise environment. + // Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts + // (local system administrator or domain users with administrator access) to use within the network. With + // sufficient access within a network, an adversary can create accounts for later use within the + // environment. + KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" + // KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade + // detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques + // in other categories that have the added benefit of subverting a particular defense or mitigation. + KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" + // KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge + // about the system and internal network. When adversaries gain access to a new system, they must orient + // themselves to what they now have control of and what benefits operating from that system give to their + // current objective or overall goals during the intrusion. The operating system provides many native tools + // that aid in this post-compromise information-gathering phase. + KillChainIntentDiscovery KillChainIntent = "Discovery" + // KillChainIntentExecution The execution tactic represents techniques that result in execution of + // adversary-controlled code on a local or remote system. This tactic is often used in conjunction with + // lateral movement to expand access to remote systems on a network. + KillChainIntentExecution KillChainIntent = "Execution" + // KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the + // adversary removing files and information from a target network. This category also covers locations on a + // system or network where the adversary may look for information to exfiltrate. + KillChainIntentExfiltration KillChainIntent = "Exfiltration" + // KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the + // attacked resource. This stage is applicable not only for compute hosts, but also for resources such as + // user accounts, certificates etc. Adversaries will often be able to control the resource after this + // stage. + KillChainIntentExploitation KillChainIntent = "Exploitation" + // KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or + // integrity of a system, service, or network; including manipulation of data to impact a business or + // operational process. This would often refer to techniques such as ransom-ware, defacement, data + // manipulation and others. + KillChainIntentImpact KillChainIntent = "Impact" + // KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to + // access and control remote systems on a network and could, but does not necessarily, include execution of + // tools on remote systems. The lateral movement techniques could allow an adversary to gather information + // from a system without needing additional tools, such as a remote access tool. An adversary can use + // lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, + // access to specific information or files, access to additional credentials, or to cause an effect. + KillChainIntentLateralMovement KillChainIntent = "LateralMovement" + // KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that + // gives an adversary a persistent presence on that system. Adversaries will often need to maintain access + // to systems through interruptions such as system restarts, loss of credentials, or other failures that + // would require a remote access tool to restart or alternate backdoor for them to regain access. + KillChainIntentPersistence KillChainIntent = "Persistence" + // KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary + // to obtain a higher level of permissions on a system or network. Certain tools or actions require a + // higher level of privilege to work and are likely necessary at many points throughout an operation. User + // accounts with permissions to access specific systems or perform specific functions necessary for + // adversaries to achieve their objective may also be considered an escalation of privilege. + KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" + // KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a + // malicious intent or a failed attempt to gain access to a target system to gather information prior to + // exploitation. This step is usually detected as an attempt originating from outside the network in + // attempt to scan the target system and find a way in. + KillChainIntentProbing KillChainIntent = "Probing" + // KillChainIntentUnknown The default value. + KillChainIntentUnknown KillChainIntent = "Unknown" +) + +// PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type. +func PossibleKillChainIntentValues() []KillChainIntent { + return []KillChainIntent{KillChainIntentCollection, KillChainIntentCommandAndControl, KillChainIntentCredentialAccess, KillChainIntentDefenseEvasion, KillChainIntentDiscovery, KillChainIntentExecution, KillChainIntentExfiltration, KillChainIntentExploitation, KillChainIntentImpact, KillChainIntentLateralMovement, KillChainIntentPersistence, KillChainIntentPrivilegeEscalation, KillChainIntentProbing, KillChainIntentUnknown} } // Kind enumerates the values for kind. @@ -291,14 +545,20 @@ func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { type KindBasicDataConnector string const ( + // KindAmazonWebServicesCloudTrail ... + KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail" // KindAzureActiveDirectory ... KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory" + // KindAzureAdvancedThreatProtection ... + KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection" // KindAzureSecurityCenter ... KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter" // KindDataConnector ... KindDataConnector KindBasicDataConnector = "DataConnector" // KindMicrosoftCloudAppSecurity ... KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity" + // KindMicrosoftDefenderAdvancedThreatProtection ... + KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" // KindOffice365 ... KindOffice365 KindBasicDataConnector = "Office365" // KindThreatIntelligence ... @@ -307,7 +567,7 @@ const ( // PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { - return []KindBasicDataConnector{KindAzureActiveDirectory, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindOffice365, KindThreatIntelligence} + return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindThreatIntelligence} } // KindBasicEntity enumerates the values for kind basic entity. @@ -316,17 +576,41 @@ type KindBasicEntity string const ( // KindAccount ... KindAccount KindBasicEntity = "Account" + // KindAzureResource ... + KindAzureResource KindBasicEntity = "AzureResource" + // KindCloudApplication ... + KindCloudApplication KindBasicEntity = "CloudApplication" + // KindDNSResolution ... + KindDNSResolution KindBasicEntity = "DnsResolution" // KindEntity ... KindEntity KindBasicEntity = "Entity" // KindFile ... KindFile KindBasicEntity = "File" + // KindFileHash ... + KindFileHash KindBasicEntity = "FileHash" // KindHost ... KindHost KindBasicEntity = "Host" + // KindIP ... + KindIP KindBasicEntity = "Ip" + // KindMalware ... + KindMalware KindBasicEntity = "Malware" + // KindProcess ... + KindProcess KindBasicEntity = "Process" + // KindRegistryKey ... + KindRegistryKey KindBasicEntity = "RegistryKey" + // KindRegistryValue ... + KindRegistryValue KindBasicEntity = "RegistryValue" + // KindSecurityAlert ... + KindSecurityAlert KindBasicEntity = "SecurityAlert" + // KindSecurityGroup ... + KindSecurityGroup KindBasicEntity = "SecurityGroup" + // KindURL ... + KindURL KindBasicEntity = "Url" ) // PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type. func PossibleKindBasicEntityValues() []KindBasicEntity { - return []KindBasicEntity{KindAccount, KindEntity, KindFile, KindHost} + return []KindBasicEntity{KindAccount, KindAzureResource, KindCloudApplication, KindDNSResolution, KindEntity, KindFile, KindFileHash, KindHost, KindIP, KindMalware, KindProcess, KindRegistryKey, KindRegistryValue, KindSecurityAlert, KindSecurityGroup, KindURL} } // KindBasicSettings enumerates the values for kind basic settings. @@ -380,6 +664,64 @@ func PossibleOSFamilyValues() []OSFamily { return []OSFamily{Android, IOS, Linux, Windows} } +// RegistryHive enumerates the values for registry hive. +type RegistryHive string + +const ( + // HKEYA HKEY_A + HKEYA RegistryHive = "HKEY_A" + // HKEYCLASSESROOT HKEY_CLASSES_ROOT + HKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT" + // HKEYCURRENTCONFIG HKEY_CURRENT_CONFIG + HKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG" + // HKEYCURRENTUSER HKEY_CURRENT_USER + HKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER" + // HKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS + HKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS" + // HKEYLOCALMACHINE HKEY_LOCAL_MACHINE + HKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE" + // HKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA + HKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA" + // HKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT + HKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT" + // HKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT + HKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT" + // HKEYUSERS HKEY_USERS + HKEYUSERS RegistryHive = "HKEY_USERS" +) + +// PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type. +func PossibleRegistryHiveValues() []RegistryHive { + return []RegistryHive{HKEYA, HKEYCLASSESROOT, HKEYCURRENTCONFIG, HKEYCURRENTUSER, HKEYCURRENTUSERLOCALSETTINGS, HKEYLOCALMACHINE, HKEYPERFORMANCEDATA, HKEYPERFORMANCENLSTEXT, HKEYPERFORMANCETEXT, HKEYUSERS} +} + +// RegistryValueKind enumerates the values for registry value kind. +type RegistryValueKind string + +const ( + // RegistryValueKindBinary Binary value type + RegistryValueKindBinary RegistryValueKind = "Binary" + // RegistryValueKindDWord DWord value type + RegistryValueKindDWord RegistryValueKind = "DWord" + // RegistryValueKindExpandString ExpandString value type + RegistryValueKindExpandString RegistryValueKind = "ExpandString" + // RegistryValueKindMultiString MultiString value type + RegistryValueKindMultiString RegistryValueKind = "MultiString" + // RegistryValueKindNone None + RegistryValueKindNone RegistryValueKind = "None" + // RegistryValueKindQWord QWord value type + RegistryValueKindQWord RegistryValueKind = "QWord" + // RegistryValueKindString String value type + RegistryValueKindString RegistryValueKind = "String" + // RegistryValueKindUnknown Unknown value type + RegistryValueKindUnknown RegistryValueKind = "Unknown" +) + +// PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type. +func PossibleRegistryValueKindValues() []RegistryValueKind { + return []RegistryValueKind{RegistryValueKindBinary, RegistryValueKindDWord, RegistryValueKindExpandString, RegistryValueKindMultiString, RegistryValueKindNone, RegistryValueKindQWord, RegistryValueKindString, RegistryValueKindUnknown} +} + // SettingKind enumerates the values for setting kind. type SettingKind string @@ -458,7 +800,7 @@ type AADDataConnector struct { Name *string `json:"name,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -488,6 +830,11 @@ func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + // AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector. func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return &adc, true @@ -503,6 +850,16 @@ func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } +// AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for AADDataConnector. func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -590,6 +947,165 @@ type AADDataConnectorProperties struct { DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } +// AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector. +type AATPDataConnector struct { + // AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties. + *AATPDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for AATPDataConnector. +func (adc AATPDataConnector) MarshalJSON() ([]byte, error) { + adc.Kind = KindAzureAdvancedThreatProtection + objectMap := make(map[string]interface{}) + if adc.AATPDataConnectorProperties != nil { + objectMap["properties"] = adc.AATPDataConnectorProperties + } + if adc.Etag != nil { + objectMap["etag"] = adc.Etag + } + if adc.Kind != "" { + objectMap["kind"] = adc.Kind + } + return json.Marshal(objectMap) +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return &adc, true +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &adc, true +} + +// UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct. +func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var aATPDataConnectorProperties AATPDataConnectorProperties + err = json.Unmarshal(*v, &aATPDataConnectorProperties) + if err != nil { + return err + } + adc.AATPDataConnectorProperties = &aATPDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + adc.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + adc.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + adc.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + adc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + adc.Kind = kind + } + } + } + + return nil +} + +// AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties. +type AATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + // AccountEntity represents an account entity. type AccountEntity struct { // AccountEntityProperties - Account entity properties @@ -600,7 +1116,7 @@ type AccountEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -632,6 +1148,66 @@ func (ae AccountEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } +// AsSecurityAlert is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + // AsEntity is the BasicEntity implementation for AccountEntity. func (ae AccountEntity) AsEntity() (*Entity, bool) { return nil, false @@ -720,8 +1296,22 @@ type AccountEntityProperties struct { Puid *string `json:"puid,omitempty"` // IsDomainJoined - READ-ONLY; Determines whether this is a domain account. IsDomainJoined *bool `json:"isDomainJoined,omitempty"` + // DisplayName - READ-ONLY; The display name of the account. + DisplayName *string `json:"displayName,omitempty"` // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` + // HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined) + HostEntityID *string `json:"hostEntityId,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for AccountEntityProperties. +func (aep AccountEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) } // Action action for alert rule. @@ -1679,7 +2269,7 @@ type ASCDataConnector struct { Name *string `json:"name,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -1709,6 +2299,11 @@ func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + // AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false @@ -1724,6 +2319,16 @@ func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } +// AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -1811,28 +2416,388 @@ type ASCDataConnectorProperties struct { DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } -// BaseAlertRuleTemplateProperties base alert rule template property bag. -type BaseAlertRuleTemplateProperties struct { - // DisplayName - The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule template. - Description *string `json:"description,omitempty"` - // Tactics - The tactics of the alert rule template - Tactics *[]AttackTactic `json:"tactics,omitempty"` - // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. - CreatedDateUTC *string `json:"createdDateUTC,omitempty"` - // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' - Status TemplateStatus `json:"status,omitempty"` - // RequiredDataConnectors - The required data connectors for this template - RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` - // AlertRulesCreatedByTemplateCount - the number of alert rules that was created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` -} - -// Bookmark represents a bookmark in Azure Security Insights. -type Bookmark struct { - autorest.Response `json:"-"` - // Etag - Etag of the bookmark. +// AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector. +type AwsCloudTrailDataConnector struct { + // AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties. + *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { + actdc.Kind = KindAmazonWebServicesCloudTrail + objectMap := make(map[string]interface{}) + if actdc.AwsCloudTrailDataConnectorProperties != nil { + objectMap["properties"] = actdc.AwsCloudTrailDataConnectorProperties + } + if actdc.Etag != nil { + objectMap["etag"] = actdc.Etag + } + if actdc.Kind != "" { + objectMap["kind"] = actdc.Kind + } + return json.Marshal(objectMap) +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return &actdc, true +} + +// AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &actdc, true +} + +// UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct. +func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var awsCloudTrailDataConnectorProperties AwsCloudTrailDataConnectorProperties + err = json.Unmarshal(*v, &awsCloudTrailDataConnectorProperties) + if err != nil { + return err + } + actdc.AwsCloudTrailDataConnectorProperties = &awsCloudTrailDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + actdc.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + actdc.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + actdc.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + actdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + actdc.Kind = kind + } + } + } + + return nil +} + +// AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data +// connector. +type AwsCloudTrailDataConnectorDataTypes struct { + // Logs - Logs data type. + Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"` +} + +// AwsCloudTrailDataConnectorDataTypesLogs logs data type. +type AwsCloudTrailDataConnectorDataTypesLogs struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties. +type AwsCloudTrailDataConnectorProperties struct { + // AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. + AwsRoleArn *string `json:"awsRoleArn,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"` +} + +// AzureResourceEntity represents an azure resource entity. +type AzureResourceEntity struct { + // AzureResourceEntityProperties - AzureResource entity properties + *AzureResourceEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for AzureResourceEntity. +func (are AzureResourceEntity) MarshalJSON() ([]byte, error) { + are.Kind = KindAzureResource + objectMap := make(map[string]interface{}) + if are.AzureResourceEntityProperties != nil { + objectMap["properties"] = are.AzureResourceEntityProperties + } + if are.Kind != "" { + objectMap["kind"] = are.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return &are, true +} + +// AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool) { + return &are, true +} + +// UnmarshalJSON is the custom unmarshaler for AzureResourceEntity struct. +func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var azureResourceEntityProperties AzureResourceEntityProperties + err = json.Unmarshal(*v, &azureResourceEntityProperties) + if err != nil { + return err + } + are.AzureResourceEntityProperties = &azureResourceEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + are.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + are.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + are.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + are.Kind = kind + } + } + } + + return nil +} + +// AzureResourceEntityProperties azureResource entity property bag. +type AzureResourceEntityProperties struct { + // ResourceID - READ-ONLY; The azure resource id of the resource + ResourceID *string `json:"resourceId,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for AzureResourceEntityProperties. +func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// BaseAlertRuleTemplateProperties base alert rule template property bag. +type BaseAlertRuleTemplateProperties struct { + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` +} + +// Bookmark represents a bookmark in Azure Security Insights. +type Bookmark struct { + autorest.Response `json:"-"` + // Etag - Etag of the bookmark. Etag *string `json:"etag,omitempty"` // BookmarkProperties - Bookmark properties *BookmarkProperties `json:"properties,omitempty"` @@ -2169,6 +3134,235 @@ func (c *Case) UnmarshalJSON(body []byte) error { return nil } +// CaseComment represents a case comment +type CaseComment struct { + autorest.Response `json:"-"` + // CaseCommentProperties - Case comment properties + *CaseCommentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` +} + +// MarshalJSON is the custom marshaler for CaseComment. +func (cc CaseComment) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if cc.CaseCommentProperties != nil { + objectMap["properties"] = cc.CaseCommentProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for CaseComment struct. +func (cc *CaseComment) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var caseCommentProperties CaseCommentProperties + err = json.Unmarshal(*v, &caseCommentProperties) + if err != nil { + return err + } + cc.CaseCommentProperties = &caseCommentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + cc.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + cc.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + cc.Name = &name + } + } + } + + return nil +} + +// CaseCommentList list of case comments. +type CaseCommentList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of comments. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of comments. + Value *[]CaseComment `json:"value,omitempty"` +} + +// CaseCommentListIterator provides access to a complete listing of CaseComment values. +type CaseCommentListIterator struct { + i int + page CaseCommentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseCommentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *CaseCommentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter CaseCommentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter CaseCommentListIterator) Response() CaseCommentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter CaseCommentListIterator) Value() CaseComment { + if !iter.page.NotDone() { + return CaseComment{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the CaseCommentListIterator type. +func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator { + return CaseCommentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (ccl CaseCommentList) IsEmpty() bool { + return ccl.Value == nil || len(*ccl.Value) == 0 +} + +// caseCommentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (ccl CaseCommentList) caseCommentListPreparer(ctx context.Context) (*http.Request, error) { + if ccl.NextLink == nil || len(to.String(ccl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(ccl.NextLink))) +} + +// CaseCommentListPage contains a page of CaseComment values. +type CaseCommentListPage struct { + fn func(context.Context, CaseCommentList) (CaseCommentList, error) + ccl CaseCommentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *CaseCommentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseCommentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.ccl) + if err != nil { + return err + } + page.ccl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *CaseCommentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page CaseCommentListPage) NotDone() bool { + return !page.ccl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page CaseCommentListPage) Response() CaseCommentList { + return page.ccl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page CaseCommentListPage) Values() []CaseComment { + if page.ccl.IsEmpty() { + return nil + } + return *page.ccl.Value +} + +// Creates a new instance of the CaseCommentListPage type. +func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage { + return CaseCommentListPage{fn: getNextPage} +} + +// CaseCommentProperties case comment property bag. +type CaseCommentProperties struct { + // Message - The comment message + Message *string `json:"message,omitempty"` + // CreatedTimeUtc - READ-ONLY; The time the comment was created + CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // UserInfo - READ-ONLY; Describes the user that created the comment + UserInfo *UserInfo `json:"userInfo,omitempty"` +} + // CaseList list all the cases. type CaseList struct { autorest.Response `json:"-"` @@ -2317,9 +3511,9 @@ func NewCaseListPage(getNextPage func(context.Context, CaseList) (CaseList, erro // CaseProperties describes case properties type CaseProperties struct { - // LastUpdatedTimeUtc - The last time the case was updated + // LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` - // CreatedTimeUtc - The time the case was created + // CreatedTimeUtc - READ-ONLY; The time the case was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` // EndTimeUtc - The end time of the case EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` @@ -2331,14 +3525,24 @@ type CaseProperties struct { Description *string `json:"description,omitempty"` // Title - The title of the case Title *string `json:"title,omitempty"` - // AssignedTo - Describes a user that the case is assigned to - AssignedTo *UserInfo `json:"assignedTo,omitempty"` + // Owner - Describes a user that the case is assigned to + Owner *UserInfo `json:"owner,omitempty"` // Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational' Severity CaseSeverity `json:"severity,omitempty"` // Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed' Status CaseStatus `json:"status,omitempty"` - // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'Other' + // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other' CloseReason CloseReason `json:"closeReason,omitempty"` + // ClosedReasonText - the case close reason details + ClosedReasonText *string `json:"closedReasonText,omitempty"` + // RelatedAlertIds - READ-ONLY; List of related alert identifiers + RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"` + // CaseNumber - READ-ONLY; a sequential number + CaseNumber *int32 `json:"caseNumber,omitempty"` + // LastComment - READ-ONLY; the last comment in the case + LastComment *string `json:"lastComment,omitempty"` + // TotalComments - READ-ONLY; the number of total comments in the case + TotalComments *int32 `json:"totalComments,omitempty"` } // CasesAggregation represents aggregations results for cases. @@ -2477,23 +3681,120 @@ type CasesAggregationProperties struct { AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"` } -// CloudError error response structure. -type CloudError struct { - // CloudErrorBody - Error data - *CloudErrorBody `json:"error,omitempty"` +// CloudApplicationEntity represents a cloud application entity. +type CloudApplicationEntity struct { + // CloudApplicationEntityProperties - CloudApplication entity properties + *CloudApplicationEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for CloudError. -func (ce CloudError) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for CloudApplicationEntity. +func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error) { + cae.Kind = KindCloudApplication objectMap := make(map[string]interface{}) - if ce.CloudErrorBody != nil { - objectMap["error"] = ce.CloudErrorBody + if cae.CloudApplicationEntityProperties != nil { + objectMap["properties"] = cae.CloudApplicationEntityProperties + } + if cae.Kind != "" { + objectMap["kind"] = cae.Kind } return json.Marshal(objectMap) } -// UnmarshalJSON is the custom unmarshaler for CloudError struct. -func (ce *CloudError) UnmarshalJSON(body []byte) error { +// AsAccountEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return &cae, true +} + +// AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool) { + return &cae, true +} + +// UnmarshalJSON is the custom unmarshaler for CloudApplicationEntity struct. +func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -2501,36 +3802,134 @@ func (ce *CloudError) UnmarshalJSON(body []byte) error { } for k, v := range m { switch k { - case "error": + case "properties": if v != nil { - var cloudErrorBody CloudErrorBody - err = json.Unmarshal(*v, &cloudErrorBody) + var cloudApplicationEntityProperties CloudApplicationEntityProperties + err = json.Unmarshal(*v, &cloudApplicationEntityProperties) if err != nil { return err } - ce.CloudErrorBody = &cloudErrorBody + cae.CloudApplicationEntityProperties = &cloudApplicationEntityProperties } - } - } - - return nil -} - -// CloudErrorBody error details. -type CloudErrorBody struct { - // Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically. - Code *string `json:"code,omitempty"` - // Message - READ-ONLY; A message describing the error, intended to be suitable for display in a user interface. - Message *string `json:"message,omitempty"` -} - -// BasicDataConnector data connector. -type BasicDataConnector interface { - AsOfficeDataConnector() (*OfficeDataConnector, bool) - AsTIDataConnector() (*TIDataConnector, bool) - AsAADDataConnector() (*AADDataConnector, bool) - AsASCDataConnector() (*ASCDataConnector, bool) + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + cae.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + cae.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + cae.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + cae.Kind = kind + } + } + } + + return nil +} + +// CloudApplicationEntityProperties cloudApplication entity property bag. +type CloudApplicationEntityProperties struct { + // AppID - READ-ONLY; The technical identifier of the application. + AppID *int32 `json:"appId,omitempty"` + // AppName - READ-ONLY; The name of the related cloud application. + AppName *string `json:"appName,omitempty"` + // InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. + InstanceName *string `json:"instanceName,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for CloudApplicationEntityProperties. +func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// CloudError error response structure. +type CloudError struct { + // CloudErrorBody - Error data + *CloudErrorBody `json:"error,omitempty"` +} + +// MarshalJSON is the custom marshaler for CloudError. +func (ce CloudError) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ce.CloudErrorBody != nil { + objectMap["error"] = ce.CloudErrorBody + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for CloudError struct. +func (ce *CloudError) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "error": + if v != nil { + var cloudErrorBody CloudErrorBody + err = json.Unmarshal(*v, &cloudErrorBody) + if err != nil { + return err + } + ce.CloudErrorBody = &cloudErrorBody + } + } + } + + return nil +} + +// CloudErrorBody error details. +type CloudErrorBody struct { + // Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically. + Code *string `json:"code,omitempty"` + // Message - READ-ONLY; A message describing the error, intended to be suitable for display in a user interface. + Message *string `json:"message,omitempty"` +} + +// BasicDataConnector data connector. +type BasicDataConnector interface { + AsOfficeDataConnector() (*OfficeDataConnector, bool) + AsTIDataConnector() (*TIDataConnector, bool) + AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + AsAADDataConnector() (*AADDataConnector, bool) + AsASCDataConnector() (*ASCDataConnector, bool) AsMCASDataConnector() (*MCASDataConnector, bool) + AsAATPDataConnector() (*AATPDataConnector, bool) + AsMDATPDataConnector() (*MDATPDataConnector, bool) AsDataConnector() (*DataConnector, bool) } @@ -2545,7 +3944,7 @@ type DataConnector struct { Name *string `json:"name,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2565,6 +3964,10 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { var tdc TIDataConnector err := json.Unmarshal(body, &tdc) return tdc, err + case string(KindAmazonWebServicesCloudTrail): + var actdc AwsCloudTrailDataConnector + err := json.Unmarshal(body, &actdc) + return actdc, err case string(KindAzureActiveDirectory): var adc AADDataConnector err := json.Unmarshal(body, &adc) @@ -2577,6 +3980,14 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { var mdc MCASDataConnector err := json.Unmarshal(body, &mdc) return mdc, err + case string(KindAzureAdvancedThreatProtection): + var adc AATPDataConnector + err := json.Unmarshal(body, &adc) + return adc, err + case string(KindMicrosoftDefenderAdvancedThreatProtection): + var mdc MDATPDataConnector + err := json.Unmarshal(body, &mdc) + return mdc, err default: var dc DataConnector err := json.Unmarshal(body, &dc) @@ -2625,6 +4036,11 @@ func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + // AsAADDataConnector is the BasicDataConnector implementation for DataConnector. func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false @@ -2640,6 +4056,16 @@ func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } +// AsAATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for DataConnector. func (dc DataConnector) AsDataConnector() (*DataConnector, bool) { return &dc, true @@ -2658,7 +4084,7 @@ type DataConnectorDataTypeCommon struct { // DataConnectorKind1 describes an Azure resource with kind. type DataConnectorKind1 struct { - // Kind - The kind of the data connector. Possible values include: 'AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSecurity', 'ThreatIntelligence', 'Office365' + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` } @@ -2889,11 +4315,217 @@ type DataConnectorWithAlertsProperties struct { DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } +// DNSEntity represents a dns entity. +type DNSEntity struct { + // DNSEntityProperties - Dns entity properties + *DNSEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for DNSEntity. +func (de DNSEntity) MarshalJSON() ([]byte, error) { + de.Kind = KindDNSResolution + objectMap := make(map[string]interface{}) + if de.DNSEntityProperties != nil { + objectMap["properties"] = de.DNSEntityProperties + } + if de.Kind != "" { + objectMap["kind"] = de.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool) { + return &de, true +} + +// AsIPEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsBasicEntity() (BasicEntity, bool) { + return &de, true +} + +// UnmarshalJSON is the custom unmarshaler for DNSEntity struct. +func (de *DNSEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var DNSEntityProperties DNSEntityProperties + err = json.Unmarshal(*v, &DNSEntityProperties) + if err != nil { + return err + } + de.DNSEntityProperties = &DNSEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + de.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + de.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + de.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + de.Kind = kind + } + } + } + + return nil +} + +// DNSEntityProperties dns entity property bag. +type DNSEntityProperties struct { + // DomainName - READ-ONLY; The name of the dns record associated with the alert + DomainName *string `json:"domainName,omitempty"` + // IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address. + IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"` + // DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request + DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"` + // HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client + HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for DNSEntityProperties. +func (dep DNSEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + // BasicEntity specific entity. type BasicEntity interface { AsAccountEntity() (*AccountEntity, bool) AsHostEntity() (*HostEntity, bool) AsFileEntity() (*FileEntity, bool) + AsSecurityAlert() (*SecurityAlert, bool) + AsFileHashEntity() (*FileHashEntity, bool) + AsMalwareEntity() (*MalwareEntity, bool) + AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + AsAzureResourceEntity() (*AzureResourceEntity, bool) + AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + AsProcessEntity() (*ProcessEntity, bool) + AsDNSEntity() (*DNSEntity, bool) + AsIPEntity() (*IPEntity, bool) + AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + AsRegistryValueEntity() (*RegistryValueEntity, bool) + AsURLEntity() (*URLEntity, bool) AsEntity() (*Entity, bool) } @@ -2906,7 +4538,7 @@ type Entity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -2930,6 +4562,54 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var fe FileEntity err := json.Unmarshal(body, &fe) return fe, err + case string(KindSecurityAlert): + var sa SecurityAlert + err := json.Unmarshal(body, &sa) + return sa, err + case string(KindFileHash): + var fhe FileHashEntity + err := json.Unmarshal(body, &fhe) + return fhe, err + case string(KindMalware): + var me MalwareEntity + err := json.Unmarshal(body, &me) + return me, err + case string(KindSecurityGroup): + var sge SecurityGroupEntity + err := json.Unmarshal(body, &sge) + return sge, err + case string(KindAzureResource): + var are AzureResourceEntity + err := json.Unmarshal(body, &are) + return are, err + case string(KindCloudApplication): + var cae CloudApplicationEntity + err := json.Unmarshal(body, &cae) + return cae, err + case string(KindProcess): + var peVar ProcessEntity + err := json.Unmarshal(body, &peVar) + return peVar, err + case string(KindDNSResolution): + var de DNSEntity + err := json.Unmarshal(body, &de) + return de, err + case string(KindIP): + var ie IPEntity + err := json.Unmarshal(body, &ie) + return ie, err + case string(KindRegistryKey): + var rke RegistryKeyEntity + err := json.Unmarshal(body, &rke) + return rke, err + case string(KindRegistryValue): + var rve RegistryValueEntity + err := json.Unmarshal(body, &rve) + return rve, err + case string(KindURL): + var ue URLEntity + err := json.Unmarshal(body, &ue) + return ue, err default: var e Entity err := json.Unmarshal(body, &e) @@ -2980,39 +4660,161 @@ func (e Entity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsEntity is the BasicEntity implementation for Entity. -func (e Entity) AsEntity() (*Entity, bool) { - return &e, true +// AsSecurityAlert is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false } -// AsBasicEntity is the BasicEntity implementation for Entity. -func (e Entity) AsBasicEntity() (BasicEntity, bool) { - return &e, true +// AsFileHashEntity is the BasicEntity implementation for Entity. +func (e Entity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false } -// EntityKind1 describes an Azure resource with kind. -type EntityKind1 struct { - // Kind - The kind of the entity. Possible values include: 'Account', 'Host', 'File' - Kind EntityKind `json:"kind,omitempty"` +// AsMalwareEntity is the BasicEntity implementation for Entity. +func (e Entity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false } -// EntityList list of all the entities. -type EntityList struct { - autorest.Response `json:"-"` - // NextLink - READ-ONLY; URL to fetch the next set of entities. - NextLink *string `json:"nextLink,omitempty"` - // Value - Array of entities. - Value *[]BasicEntity `json:"value,omitempty"` +// AsSecurityGroupEntity is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for EntityList struct. -func (el *EntityList) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { +// AsAzureResourceEntity is the BasicEntity implementation for Entity. +func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for Entity. +func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for Entity. +func (e Entity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for Entity. +func (e Entity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for Entity. +func (e Entity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for Entity. +func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for Entity. +func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for Entity. +func (e Entity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for Entity. +func (e Entity) AsEntity() (*Entity, bool) { + return &e, true +} + +// AsBasicEntity is the BasicEntity implementation for Entity. +func (e Entity) AsBasicEntity() (BasicEntity, bool) { + return &e, true +} + +// EntityCommonProperties entity common property bag. +type EntityCommonProperties struct { + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for EntityCommonProperties. +func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// EntityExpandParameters the parameters required to execute an expand operation on the given entity. +type EntityExpandParameters struct { + // ExpansionID - The Id of the expansion to perform. + ExpansionID *uuid.UUID `json:"expansionId,omitempty"` + // StartTime - The start date filter, so the only expansion results returned are after this date. + StartTime *date.Time `json:"startTime,omitempty"` + // EndTime - The end date filter, so the only expansion results returned are before this date. + EndTime *date.Time `json:"endTime,omitempty"` +} + +// EntityExpandResponse the entity expansion result operation response. +type EntityExpandResponse struct { + autorest.Response `json:"-"` + // Value - The expansion result values. + Value *EntityExpandResponseValue `json:"value,omitempty"` + // MetaData - The metadata from the expansion operation results. + MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` +} + +// EntityExpandResponseValue the expansion result values. +type EntityExpandResponseValue struct { + // Entities - Array of the expansion result entities. + Entities *[]BasicEntity `json:"entities,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct. +func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "entities": + if v != nil { + entities, err := unmarshalBasicEntityArray(*v) + if err != nil { + return err + } + eer.Entities = &entities + } + } + } + + return nil +} + +// EntityKind1 describes an entity with kind. +type EntityKind1 struct { + // Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' + Kind EntityKind `json:"kind,omitempty"` +} + +// EntityList list of all the entities. +type EntityList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of entities. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of entities. + Value *[]BasicEntity `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for EntityList struct. +func (el *EntityList) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { switch k { case "nextLink": if v != nil { @@ -3414,18 +5216,36 @@ func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) ( type EntityQueryProperties struct { // QueryTemplate - The template query string to be parsed and formatted QueryTemplate *string `json:"queryTemplate,omitempty"` - // InputEntityType - The type of the query's source entity - InputEntityType *string `json:"inputEntityType,omitempty"` + // InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark' + InputEntityType EntityType `json:"inputEntityType,omitempty"` // InputFields - List of the fields of the source entity that are required to run the query InputFields *[]string `json:"inputFields,omitempty"` // OutputEntityTypes - List of the desired output types to be constructed from the result - OutputEntityTypes *[]string `json:"outputEntityTypes,omitempty"` + OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"` // DataSources - List of the data sources that are required to run the query DataSources *[]string `json:"dataSources,omitempty"` // DisplayName - The query display name DisplayName *string `json:"displayName,omitempty"` } +// ExpansionResultAggregation information of a specific aggregation in the expansion result. +type ExpansionResultAggregation struct { + // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' + EntityKind EntityKind `json:"entityKind,omitempty"` + // Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. + Count *int32 `json:"count,omitempty"` + // AggregationType - The common type of the aggregation. (for e.g. entity field name) + AggregationType *string `json:"aggregationType,omitempty"` + // DisplayName - The display name of the aggregation by type. + DisplayName *string `json:"displayName,omitempty"` +} + +// ExpansionResultsMetadata expansion result metadata. +type ExpansionResultsMetadata struct { + // Aggregations - Information of the aggregated nodes in the expansion result. + Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"` +} + // FileEntity represents a file entity. type FileEntity struct { // FileEntityProperties - File entity properties @@ -3436,7 +5256,7 @@ type FileEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -3468,6 +5288,66 @@ func (fe FileEntity) AsFileEntity() (*FileEntity, bool) { return &fe, true } +// AsSecurityAlert is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + // AsEntity is the BasicEntity implementation for FileEntity. func (fe FileEntity) AsEntity() (*Entity, bool) { return nil, false @@ -3544,6 +5424,210 @@ type FileEntityProperties struct { Directory *string `json:"directory,omitempty"` // FileName - READ-ONLY; The file name without path (some alerts might not include path). FileName *string `json:"fileName,omitempty"` + // HostEntityID - READ-ONLY; The Host entity id which the file belongs to + HostEntityID *string `json:"hostEntityId,omitempty"` + // FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file + FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for FileEntityProperties. +func (fep FileEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// FileHashEntity represents a file hash entity. +type FileHashEntity struct { + // FileHashEntityProperties - FileHash entity properties + *FileHashEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for FileHashEntity. +func (fhe FileHashEntity) MarshalJSON() ([]byte, error) { + fhe.Kind = KindFileHash + objectMap := make(map[string]interface{}) + if fhe.FileHashEntityProperties != nil { + objectMap["properties"] = fhe.FileHashEntityProperties + } + if fhe.Kind != "" { + objectMap["kind"] = fhe.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return &fhe, true +} + +// AsMalwareEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool) { + return &fhe, true +} + +// UnmarshalJSON is the custom unmarshaler for FileHashEntity struct. +func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var fileHashEntityProperties FileHashEntityProperties + err = json.Unmarshal(*v, &fileHashEntityProperties) + if err != nil { + return err + } + fhe.FileHashEntityProperties = &fileHashEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + fhe.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + fhe.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + fhe.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + fhe.Kind = kind + } + } + } + + return nil +} + +// FileHashEntityProperties fileHash entity property bag. +type FileHashEntityProperties struct { + // HashValue - READ-ONLY; The file hash value. + HashValue *string `json:"hashValue,omitempty"` + // Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC' + Algorithm FileHashAlgorithm `json:"algorithm,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for FileHashEntityProperties. +func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) } // FilterAlertRuleTemplate represents filter alert rule template. @@ -3686,7 +5770,7 @@ type FilterAlertRuleTemplateProperties struct { Status TemplateStatus `json:"status,omitempty"` // RequiredDataConnectors - The required data connectors for this template RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` - // AlertRulesCreatedByTemplateCount - the number of alert rules that was created by this template + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // FilterProduct - The filter prodact name for this template rule. FilterProduct *string `json:"filterProduct,omitempty"` @@ -3832,6 +5916,24 @@ func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { return nil } +// GeoLocation the geo-location context attached to the ip entity +type GeoLocation struct { + // CountryCode - READ-ONLY; The country code according to ISO 3166 format + CountryCode *string `json:"countryCode,omitempty"` + // CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name + CountryName *string `json:"countryName,omitempty"` + // State - READ-ONLY; State name + State *string `json:"state,omitempty"` + // City - READ-ONLY; City name + City *string `json:"city,omitempty"` + // Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. + Longitude *float64 `json:"longitude,omitempty"` + // Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. + Latitude *float64 `json:"latitude,omitempty"` + // Asn - READ-ONLY; Autonomous System Number + Asn *int32 `json:"asn,omitempty"` +} + // HostEntity represents a host entity. type HostEntity struct { // HostEntityProperties - Host entity properties @@ -3842,7 +5944,7 @@ type HostEntity struct { Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -3874,13 +5976,73 @@ func (he HostEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsEntity() (*Entity, bool) { +// AsSecurityAlert is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsBasicEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsBasicEntity() (BasicEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsBasicEntity() (BasicEntity, bool) { return &he, true } @@ -3964,77 +6126,135 @@ type HostEntityProperties struct { OsVersion *string `json:"osVersion,omitempty"` // IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain. IsDomainJoined *bool `json:"isDomainJoined,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` } -// MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector. -type MCASDataConnector struct { - // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. - *MCASDataConnectorProperties `json:"properties,omitempty"` +// MarshalJSON is the custom marshaler for HostEntityProperties. +func (hep HostEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if hep.OsFamily != "" { + objectMap["osFamily"] = hep.OsFamily + } + return json.Marshal(objectMap) +} + +// IPEntity represents an ip entity. +type IPEntity struct { + // IPEntityProperties - Ip entity properties + *IPEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for MCASDataConnector. -func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { - mdc.Kind = KindMicrosoftCloudAppSecurity +// MarshalJSON is the custom marshaler for IPEntity. +func (ie IPEntity) MarshalJSON() ([]byte, error) { + ie.Kind = KindIP objectMap := make(map[string]interface{}) - if mdc.MCASDataConnectorProperties != nil { - objectMap["properties"] = mdc.MCASDataConnectorProperties - } - if mdc.Etag != nil { - objectMap["etag"] = mdc.Etag + if ie.IPEntityProperties != nil { + objectMap["properties"] = ie.IPEntityProperties } - if mdc.Kind != "" { - objectMap["kind"] = mdc.Kind + if ie.Kind != "" { + objectMap["kind"] = ie.Kind } return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAccountEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsHostEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsFileEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsSecurityAlert is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return &mdc, true +// AsFileHashEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false } -// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsMalwareEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &mdc, true +// AsSecurityGroupEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. -func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { +// AsAzureResourceEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsIPEntity() (*IPEntity, bool) { + return &ie, true +} + +// AsRegistryKeyEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsBasicEntity() (BasicEntity, bool) { + return &ie, true +} + +// UnmarshalJSON is the custom unmarshaler for IPEntity struct. +func (ie *IPEntity) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -4044,12 +6264,12 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var mCASDataConnectorProperties MCASDataConnectorProperties - err = json.Unmarshal(*v, &mCASDataConnectorProperties) + var IPEntityProperties IPEntityProperties + err = json.Unmarshal(*v, &IPEntityProperties) if err != nil { return err } - mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties + ie.IPEntityProperties = &IPEntityProperties } case "id": if v != nil { @@ -4058,7 +6278,7 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.ID = &ID + ie.ID = &ID } case "type": if v != nil { @@ -4067,7 +6287,7 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Type = &typeVar + ie.Type = &typeVar } case "name": if v != nil { @@ -4076,25 +6296,16 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Name = &name - } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - mdc.Etag = &etag + ie.Name = &name } case "kind": if v != nil { - var kind KindBasicDataConnector + var kind KindBasicEntity err = json.Unmarshal(*v, &kind) if err != nil { return err } - mdc.Kind = kind + ie.Kind = kind } } } @@ -4102,38 +6313,143 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { return nil } -// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. -type MCASDataConnectorProperties struct { - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` - // DataTypes - The available data types for the connector. - DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +// IPEntityProperties ip entity property bag. +type IPEntityProperties struct { + // Address - READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) + Address *string `json:"address,omitempty"` + // Location - The geo-location context attached to the ip entity + Location *GeoLocation `json:"location,omitempty"` + // ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity. + ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` } -// OfficeConsent consent for Office365 tenant that already made. -type OfficeConsent struct { - autorest.Response `json:"-"` - // OfficeConsentProperties - Office consent properties - *OfficeConsentProperties `json:"properties,omitempty"` +// MarshalJSON is the custom marshaler for IPEntityProperties. +func (iep IPEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if iep.Location != nil { + objectMap["location"] = iep.Location + } + return json.Marshal(objectMap) +} + +// MalwareEntity represents a malware entity. +type MalwareEntity struct { + // MalwareEntityProperties - File entity properties + *MalwareEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for OfficeConsent. -func (oc OfficeConsent) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for MalwareEntity. +func (me MalwareEntity) MarshalJSON() ([]byte, error) { + me.Kind = KindMalware objectMap := make(map[string]interface{}) - if oc.OfficeConsentProperties != nil { - objectMap["properties"] = oc.OfficeConsentProperties + if me.MalwareEntityProperties != nil { + objectMap["properties"] = me.MalwareEntityProperties + } + if me.Kind != "" { + objectMap["kind"] = me.Kind } return json.Marshal(objectMap) } -// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. -func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { +// AsAccountEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return &me, true +} + +// AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool) { + return &me, true +} + +// UnmarshalJSON is the custom unmarshaler for MalwareEntity struct. +func (me *MalwareEntity) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -4143,12 +6459,12 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var officeConsentProperties OfficeConsentProperties - err = json.Unmarshal(*v, &officeConsentProperties) + var malwareEntityProperties MalwareEntityProperties + err = json.Unmarshal(*v, &malwareEntityProperties) if err != nil { return err } - oc.OfficeConsentProperties = &officeConsentProperties + me.MalwareEntityProperties = &malwareEntityProperties } case "id": if v != nil { @@ -4157,7 +6473,7 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { if err != nil { return err } - oc.ID = &ID + me.ID = &ID } case "type": if v != nil { @@ -4166,7 +6482,7 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { if err != nil { return err } - oc.Type = &typeVar + me.Type = &typeVar } case "name": if v != nil { @@ -4175,7 +6491,16 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { if err != nil { return err } - oc.Name = &name + me.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + me.Kind = kind } } } @@ -4183,164 +6508,206 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { return nil } -// OfficeConsentList list of all the office365 consents. -type OfficeConsentList struct { - autorest.Response `json:"-"` - // NextLink - READ-ONLY; URL to fetch the next set of office consents. - NextLink *string `json:"nextLink,omitempty"` - // Value - Array of the consents. - Value *[]OfficeConsent `json:"value,omitempty"` +// MalwareEntityProperties malware entity property bag. +type MalwareEntityProperties struct { + // MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn + MalwareName *string `json:"malwareName,omitempty"` + // Category - READ-ONLY; The malware category by the vendor, e.g. Trojan + Category *string `json:"category,omitempty"` + // FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found + FileEntityIds *[]string `json:"fileEntityIds,omitempty"` + // ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found. + ProcessEntityIds *[]string `json:"processEntityIds,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for MalwareEntityProperties. +func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) } -// OfficeConsentListIterator provides access to a complete listing of OfficeConsent values. -type OfficeConsentListIterator struct { - i int - page OfficeConsentListPage +// MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector. +type MCASDataConnector struct { + // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. + *MCASDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + Kind KindBasicDataConnector `json:"kind,omitempty"` } -// NextWithContext advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListIterator.NextWithContext") - defer func() { - sc := -1 - if iter.Response().Response.Response != nil { - sc = iter.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - iter.i++ - if iter.i < len(iter.page.Values()) { - return nil +// MarshalJSON is the custom marshaler for MCASDataConnector. +func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftCloudAppSecurity + objectMap := make(map[string]interface{}) + if mdc.MCASDataConnectorProperties != nil { + objectMap["properties"] = mdc.MCASDataConnectorProperties } - err = iter.page.NextWithContext(ctx) - if err != nil { - iter.i-- - return err + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag } - iter.i = 0 - return nil + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind + } + return json.Marshal(objectMap) } -// Next advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (iter *OfficeConsentListIterator) Next() error { - return iter.NextWithContext(context.Background()) +// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false } -// NotDone returns true if the enumeration should be started or is not yet complete. -func (iter OfficeConsentListIterator) NotDone() bool { - return iter.page.NotDone() && iter.i < len(iter.page.Values()) +// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false } -// Response returns the raw server response from the last page request. -func (iter OfficeConsentListIterator) Response() OfficeConsentList { - return iter.page.Response() +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false } -// Value returns the current value or a zero-initialized value if the -// iterator has advanced beyond the end of the collection. -func (iter OfficeConsentListIterator) Value() OfficeConsent { - if !iter.page.NotDone() { - return OfficeConsent{} - } - return iter.page.Values()[iter.i] +// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false } -// Creates a new instance of the OfficeConsentListIterator type. -func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator { - return OfficeConsentListIterator{page: page} +// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false } -// IsEmpty returns true if the ListResult contains no values. -func (ocl OfficeConsentList) IsEmpty() bool { - return ocl.Value == nil || len(*ocl.Value) == 0 +// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return &mdc, true } -// officeConsentListPreparer prepares a request to retrieve the next set of results. -// It returns nil if no more results exist. -func (ocl OfficeConsentList) officeConsentListPreparer(ctx context.Context) (*http.Request, error) { - if ocl.NextLink == nil || len(to.String(ocl.NextLink)) < 1 { - return nil, nil - } - return autorest.Prepare((&http.Request{}).WithContext(ctx), - autorest.AsJSON(), - autorest.AsGet(), - autorest.WithBaseURL(to.String(ocl.NextLink))) +// AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false } -// OfficeConsentListPage contains a page of OfficeConsent values. -type OfficeConsentListPage struct { - fn func(context.Context, OfficeConsentList) (OfficeConsentList, error) - ocl OfficeConsentList +// AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false } -// NextWithContext advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListPage.NextWithContext") - defer func() { - sc := -1 - if page.Response().Response.Response != nil { - sc = page.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - next, err := page.fn(ctx, page.ocl) - if err != nil { - return err - } - page.ocl = next - return nil +// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false } -// Next advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (page *OfficeConsentListPage) Next() error { - return page.NextWithContext(context.Background()) +// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true } -// NotDone returns true if the page enumeration should be started or is not yet complete. -func (page OfficeConsentListPage) NotDone() bool { - return !page.ocl.IsEmpty() -} +// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. +func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var mCASDataConnectorProperties MCASDataConnectorProperties + err = json.Unmarshal(*v, &mCASDataConnectorProperties) + if err != nil { + return err + } + mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + mdc.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + mdc.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + mdc.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + mdc.Kind = kind + } + } + } -// Response returns the raw server response from the last page request. -func (page OfficeConsentListPage) Response() OfficeConsentList { - return page.ocl + return nil } -// Values returns the slice of values for the current page or nil if there are no values. -func (page OfficeConsentListPage) Values() []OfficeConsent { - if page.ocl.IsEmpty() { - return nil - } - return *page.ocl.Value +// MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data +// connector. +type MCASDataConnectorDataTypes struct { + // DiscoveryLogs - Discovery log data type connection. + DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"` + // Alerts - Alerts data type connection. + Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` } -// Creates a new instance of the OfficeConsentListPage type. -func NewOfficeConsentListPage(getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage { - return OfficeConsentListPage{fn: getNextPage} +// MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection. +type MCASDataConnectorDataTypesDiscoveryLogs struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` } -// OfficeConsentProperties consent property bag. -type OfficeConsentProperties struct { - // TenantID - The tenantId of the Office365 with the consent. +// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. +type MCASDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` - // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. - TenantName *string `json:"tenantName,omitempty"` } -// OfficeDataConnector represents office data connector. -type OfficeDataConnector struct { - // OfficeDataConnectorProperties - Office data connector properties. - *OfficeDataConnectorProperties `json:"properties,omitempty"` +// MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. +type MDATPDataConnector struct { + // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. + *MDATPDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type @@ -4349,63 +6716,78 @@ type OfficeDataConnector struct { Name *string `json:"name,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' Kind KindBasicDataConnector `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for OfficeDataConnector. -func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { - odc.Kind = KindOffice365 +// MarshalJSON is the custom marshaler for MDATPDataConnector. +func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftDefenderAdvancedThreatProtection objectMap := make(map[string]interface{}) - if odc.OfficeDataConnectorProperties != nil { - objectMap["properties"] = odc.OfficeDataConnectorProperties + if mdc.MDATPDataConnectorProperties != nil { + objectMap["properties"] = mdc.MDATPDataConnectorProperties } - if odc.Etag != nil { - objectMap["etag"] = odc.Etag + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag } - if odc.Kind != "" { - objectMap["kind"] = odc.Kind + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind } return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return &odc, true +// AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &odc, true +// AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct. -func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { +// AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return &mdc, true +} + +// AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true +} + +// UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct. +func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -4415,12 +6797,12 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var officeDataConnectorProperties OfficeDataConnectorProperties - err = json.Unmarshal(*v, &officeDataConnectorProperties) + var mDATPDataConnectorProperties MDATPDataConnectorProperties + err = json.Unmarshal(*v, &mDATPDataConnectorProperties) if err != nil { return err } - odc.OfficeDataConnectorProperties = &officeDataConnectorProperties + mdc.MDATPDataConnectorProperties = &mDATPDataConnectorProperties } case "id": if v != nil { @@ -4429,7 +6811,7 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - odc.ID = &ID + mdc.ID = &ID } case "type": if v != nil { @@ -4438,7 +6820,7 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - odc.Type = &typeVar + mdc.Type = &typeVar } case "name": if v != nil { @@ -4447,7 +6829,7 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - odc.Name = &name + mdc.Name = &name } case "etag": if v != nil { @@ -4456,7 +6838,7 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - odc.Etag = &etag + mdc.Etag = &etag } case "kind": if v != nil { @@ -4465,7 +6847,7 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - odc.Kind = kind + mdc.Kind = kind } } } @@ -4473,74 +6855,108 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { return nil } -// OfficeDataConnectorDataTypes the available data types for office data connector. -type OfficeDataConnectorDataTypes struct { - // SharePoint - SharePoint data type connection. - SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` - // Exchange - Exchange data type connection. - Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` -} - -// OfficeDataConnectorDataTypesExchange exchange data type connection. -type OfficeDataConnectorDataTypesExchange struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` -} - -// OfficeDataConnectorDataTypesSharePoint sharePoint data type connection. -type OfficeDataConnectorDataTypesSharePoint struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` -} - -// OfficeDataConnectorProperties office data connector properties. -type OfficeDataConnectorProperties struct { - // DataTypes - The available data types for the connector. - DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` +// MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector +// properties. +type MDATPDataConnectorProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } -// Operation operation provided by provider -type Operation struct { - // Name - Name of the operation +// OfficeConsent consent for Office365 tenant that already made. +type OfficeConsent struct { + autorest.Response `json:"-"` + // OfficeConsentProperties - Office consent properties + *OfficeConsentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Display - Properties of the operation - Display *OperationDisplay `json:"display,omitempty"` } -// OperationDisplay properties of the operation -type OperationDisplay struct { - // Provider - Provider name - Provider *string `json:"provider,omitempty"` - // Resource - Resource name - Resource *string `json:"resource,omitempty"` - // Operation - Operation name - Operation *string `json:"operation,omitempty"` - // Description - Description of the operation - Description *string `json:"description,omitempty"` +// MarshalJSON is the custom marshaler for OfficeConsent. +func (oc OfficeConsent) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if oc.OfficeConsentProperties != nil { + objectMap["properties"] = oc.OfficeConsentProperties + } + return json.Marshal(objectMap) } -// OperationsList lists the operations available in the SecurityInsights RP. -type OperationsList struct { +// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. +func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeConsentProperties OfficeConsentProperties + err = json.Unmarshal(*v, &officeConsentProperties) + if err != nil { + return err + } + oc.OfficeConsentProperties = &officeConsentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + oc.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + oc.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + oc.Name = &name + } + } + } + + return nil +} + +// OfficeConsentList list of all the office365 consents. +type OfficeConsentList struct { autorest.Response `json:"-"` - // NextLink - URL to fetch the next set of operations. + // NextLink - READ-ONLY; URL to fetch the next set of office consents. NextLink *string `json:"nextLink,omitempty"` - // Value - Array of operations - Value *[]Operation `json:"value,omitempty"` + // Value - Array of the consents. + Value *[]OfficeConsent `json:"value,omitempty"` } -// OperationsListIterator provides access to a complete listing of Operation values. -type OperationsListIterator struct { +// OfficeConsentListIterator provides access to a complete listing of OfficeConsent values. +type OfficeConsentListIterator struct { i int - page OperationsListPage + page OfficeConsentListPage } // NextWithContext advances to the next value. If there was an error making // the request the iterator does not advance and the error is returned. -func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error) { +func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error) { if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListIterator.NextWithContext") + ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListIterator.NextWithContext") defer func() { sc := -1 if iter.Response().Response.Response != nil { @@ -4565,62 +6981,62 @@ func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err er // Next advances to the next value. If there was an error making // the request the iterator does not advance and the error is returned. // Deprecated: Use NextWithContext() instead. -func (iter *OperationsListIterator) Next() error { +func (iter *OfficeConsentListIterator) Next() error { return iter.NextWithContext(context.Background()) } // NotDone returns true if the enumeration should be started or is not yet complete. -func (iter OperationsListIterator) NotDone() bool { +func (iter OfficeConsentListIterator) NotDone() bool { return iter.page.NotDone() && iter.i < len(iter.page.Values()) } // Response returns the raw server response from the last page request. -func (iter OperationsListIterator) Response() OperationsList { +func (iter OfficeConsentListIterator) Response() OfficeConsentList { return iter.page.Response() } // Value returns the current value or a zero-initialized value if the // iterator has advanced beyond the end of the collection. -func (iter OperationsListIterator) Value() Operation { +func (iter OfficeConsentListIterator) Value() OfficeConsent { if !iter.page.NotDone() { - return Operation{} + return OfficeConsent{} } return iter.page.Values()[iter.i] } -// Creates a new instance of the OperationsListIterator type. -func NewOperationsListIterator(page OperationsListPage) OperationsListIterator { - return OperationsListIterator{page: page} +// Creates a new instance of the OfficeConsentListIterator type. +func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator { + return OfficeConsentListIterator{page: page} } // IsEmpty returns true if the ListResult contains no values. -func (ol OperationsList) IsEmpty() bool { - return ol.Value == nil || len(*ol.Value) == 0 +func (ocl OfficeConsentList) IsEmpty() bool { + return ocl.Value == nil || len(*ocl.Value) == 0 } -// operationsListPreparer prepares a request to retrieve the next set of results. +// officeConsentListPreparer prepares a request to retrieve the next set of results. // It returns nil if no more results exist. -func (ol OperationsList) operationsListPreparer(ctx context.Context) (*http.Request, error) { - if ol.NextLink == nil || len(to.String(ol.NextLink)) < 1 { +func (ocl OfficeConsentList) officeConsentListPreparer(ctx context.Context) (*http.Request, error) { + if ocl.NextLink == nil || len(to.String(ocl.NextLink)) < 1 { return nil, nil } return autorest.Prepare((&http.Request{}).WithContext(ctx), autorest.AsJSON(), autorest.AsGet(), - autorest.WithBaseURL(to.String(ol.NextLink))) + autorest.WithBaseURL(to.String(ocl.NextLink))) } -// OperationsListPage contains a page of Operation values. -type OperationsListPage struct { - fn func(context.Context, OperationsList) (OperationsList, error) - ol OperationsList +// OfficeConsentListPage contains a page of OfficeConsent values. +type OfficeConsentListPage struct { + fn func(context.Context, OfficeConsentList) (OfficeConsentList, error) + ocl OfficeConsentList } // NextWithContext advances to the next page of values. If there was an error making // the request the page does not advance and the error is returned. -func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) { +func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error) { if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListPage.NextWithContext") + ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListPage.NextWithContext") defer func() { sc := -1 if page.Response().Response.Response != nil { @@ -4629,103 +7045,1201 @@ func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) tracing.EndSpan(ctx, sc, err) }() } - next, err := page.fn(ctx, page.ol) + next, err := page.fn(ctx, page.ocl) if err != nil { return err } - page.ol = next + page.ocl = next return nil } // Next advances to the next page of values. If there was an error making // the request the page does not advance and the error is returned. // Deprecated: Use NextWithContext() instead. -func (page *OperationsListPage) Next() error { +func (page *OfficeConsentListPage) Next() error { return page.NextWithContext(context.Background()) } // NotDone returns true if the page enumeration should be started or is not yet complete. -func (page OperationsListPage) NotDone() bool { - return !page.ol.IsEmpty() +func (page OfficeConsentListPage) NotDone() bool { + return !page.ocl.IsEmpty() } // Response returns the raw server response from the last page request. -func (page OperationsListPage) Response() OperationsList { - return page.ol +func (page OfficeConsentListPage) Response() OfficeConsentList { + return page.ocl } // Values returns the slice of values for the current page or nil if there are no values. -func (page OperationsListPage) Values() []Operation { - if page.ol.IsEmpty() { +func (page OfficeConsentListPage) Values() []OfficeConsent { + if page.ocl.IsEmpty() { return nil } - return *page.ol.Value + return *page.ocl.Value } -// Creates a new instance of the OperationsListPage type. -func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { - return OperationsListPage{fn: getNextPage} +// Creates a new instance of the OfficeConsentListPage type. +func NewOfficeConsentListPage(getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage { + return OfficeConsentListPage{fn: getNextPage} } -// Resource an azure resource object -type Resource struct { - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` +// OfficeConsentProperties consent property bag. +type OfficeConsentProperties struct { + // TenantID - The tenantId of the Office365 with the consent. + TenantID *string `json:"tenantId,omitempty"` + // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. + TenantName *string `json:"tenantName,omitempty"` } -// ScheduledAlertRule represents scheduled alert rule. -type ScheduledAlertRule struct { - // ScheduledAlertRuleProperties - Scheduled alert rule properties - *ScheduledAlertRuleProperties `json:"properties,omitempty"` +// OfficeDataConnector represents office data connector. +type OfficeDataConnector struct { + // OfficeDataConnectorProperties - Office data connector properties. + *OfficeDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. + // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' - Kind Kind `json:"kind,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + Kind KindBasicDataConnector `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for ScheduledAlertRule. -func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) { - sar.Kind = KindScheduled +// MarshalJSON is the custom marshaler for OfficeDataConnector. +func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { + odc.Kind = KindOffice365 objectMap := make(map[string]interface{}) - if sar.ScheduledAlertRuleProperties != nil { - objectMap["properties"] = sar.ScheduledAlertRuleProperties + if odc.OfficeDataConnectorProperties != nil { + objectMap["properties"] = odc.OfficeDataConnectorProperties } - if sar.Etag != nil { - objectMap["etag"] = sar.Etag + if odc.Etag != nil { + objectMap["etag"] = odc.Etag } - if sar.Kind != "" { - objectMap["kind"] = sar.Kind + if odc.Kind != "" { + objectMap["kind"] = odc.Kind } return json.Marshal(objectMap) } -// AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { - return &sar, true +// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return &odc, true } -// AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } -// AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &odc, true +} + +// UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct. +func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeDataConnectorProperties OfficeDataConnectorProperties + err = json.Unmarshal(*v, &officeDataConnectorProperties) + if err != nil { + return err + } + odc.OfficeDataConnectorProperties = &officeDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + odc.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + odc.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + odc.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + odc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + odc.Kind = kind + } + } + } + + return nil +} + +// OfficeDataConnectorDataTypes the available data types for office data connector. +type OfficeDataConnectorDataTypes struct { + // SharePoint - SharePoint data type connection. + SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` + // Exchange - Exchange data type connection. + Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` +} + +// OfficeDataConnectorDataTypesExchange exchange data type connection. +type OfficeDataConnectorDataTypesExchange struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// OfficeDataConnectorDataTypesSharePoint sharePoint data type connection. +type OfficeDataConnectorDataTypesSharePoint struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// OfficeDataConnectorProperties office data connector properties. +type OfficeDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// Operation operation provided by provider +type Operation struct { + // Name - Name of the operation + Name *string `json:"name,omitempty"` + // Display - Properties of the operation + Display *OperationDisplay `json:"display,omitempty"` +} + +// OperationDisplay properties of the operation +type OperationDisplay struct { + // Provider - Provider name + Provider *string `json:"provider,omitempty"` + // Resource - Resource name + Resource *string `json:"resource,omitempty"` + // Operation - Operation name + Operation *string `json:"operation,omitempty"` + // Description - Description of the operation + Description *string `json:"description,omitempty"` +} + +// OperationsList lists the operations available in the SecurityInsights RP. +type OperationsList struct { + autorest.Response `json:"-"` + // NextLink - URL to fetch the next set of operations. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of operations + Value *[]Operation `json:"value,omitempty"` +} + +// OperationsListIterator provides access to a complete listing of Operation values. +type OperationsListIterator struct { + i int + page OperationsListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *OperationsListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter OperationsListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter OperationsListIterator) Response() OperationsList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter OperationsListIterator) Value() Operation { + if !iter.page.NotDone() { + return Operation{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the OperationsListIterator type. +func NewOperationsListIterator(page OperationsListPage) OperationsListIterator { + return OperationsListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (ol OperationsList) IsEmpty() bool { + return ol.Value == nil || len(*ol.Value) == 0 +} + +// operationsListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (ol OperationsList) operationsListPreparer(ctx context.Context) (*http.Request, error) { + if ol.NextLink == nil || len(to.String(ol.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(ol.NextLink))) +} + +// OperationsListPage contains a page of Operation values. +type OperationsListPage struct { + fn func(context.Context, OperationsList) (OperationsList, error) + ol OperationsList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.ol) + if err != nil { + return err + } + page.ol = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *OperationsListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page OperationsListPage) NotDone() bool { + return !page.ol.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page OperationsListPage) Response() OperationsList { + return page.ol +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page OperationsListPage) Values() []Operation { + if page.ol.IsEmpty() { + return nil + } + return *page.ol.Value +} + +// Creates a new instance of the OperationsListPage type. +func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { + return OperationsListPage{fn: getNextPage} +} + +// ProcessEntity represents a process entity. +type ProcessEntity struct { + // ProcessEntityProperties - Process entity properties + *ProcessEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ProcessEntity. +func (peVar ProcessEntity) MarshalJSON() ([]byte, error) { + peVar.Kind = KindProcess + objectMap := make(map[string]interface{}) + if peVar.ProcessEntityProperties != nil { + objectMap["properties"] = peVar.ProcessEntityProperties + } + if peVar.Kind != "" { + objectMap["kind"] = peVar.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool) { + return &peVar, true +} + +// AsDNSEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool) { + return &peVar, true +} + +// UnmarshalJSON is the custom unmarshaler for ProcessEntity struct. +func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var processEntityProperties ProcessEntityProperties + err = json.Unmarshal(*v, &processEntityProperties) + if err != nil { + return err + } + peVar.ProcessEntityProperties = &processEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + peVar.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + peVar.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + peVar.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + peVar.Kind = kind + } + } + } + + return nil +} + +// ProcessEntityProperties process entity property bag. +type ProcessEntityProperties struct { + // ProcessID - READ-ONLY; The process ID + ProcessID *string `json:"processId,omitempty"` + // CommandLine - READ-ONLY; The command line used to create the process + CommandLine *string `json:"commandLine,omitempty"` + // ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited' + ElevationToken ElevationToken `json:"elevationToken,omitempty"` + // CreationTimeUtc - READ-ONLY; The time when the process started to run + CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"` + // ImageFileEntityID - READ-ONLY; Image file entity id + ImageFileEntityID *string `json:"imageFileEntityId,omitempty"` + // AccountEntityID - READ-ONLY; The account entity id running the processes. + AccountEntityID *string `json:"accountEntityId,omitempty"` + // ParentProcessEntityID - READ-ONLY; The parent process entity id. + ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"` + // HostEntityID - READ-ONLY; The host entity id on which the process was running + HostEntityID *string `json:"hostEntityId,omitempty"` + // HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running + HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for ProcessEntityProperties. +func (pep ProcessEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if pep.ElevationToken != "" { + objectMap["elevationToken"] = pep.ElevationToken + } + return json.Marshal(objectMap) +} + +// RegistryKeyEntity represents a registry key entity. +type RegistryKeyEntity struct { + // RegistryKeyEntityProperties - RegistryKey entity properties + *RegistryKeyEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for RegistryKeyEntity. +func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error) { + rke.Kind = KindRegistryKey + objectMap := make(map[string]interface{}) + if rke.RegistryKeyEntityProperties != nil { + objectMap["properties"] = rke.RegistryKeyEntityProperties + } + if rke.Kind != "" { + objectMap["kind"] = rke.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return &rke, true +} + +// AsRegistryValueEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool) { + return &rke, true +} + +// UnmarshalJSON is the custom unmarshaler for RegistryKeyEntity struct. +func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var registryKeyEntityProperties RegistryKeyEntityProperties + err = json.Unmarshal(*v, ®istryKeyEntityProperties) + if err != nil { + return err + } + rke.RegistryKeyEntityProperties = ®istryKeyEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + rke.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + rke.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + rke.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + rke.Kind = kind + } + } + } + + return nil +} + +// RegistryKeyEntityProperties registryKey entity property bag. +type RegistryKeyEntityProperties struct { + // Hive - READ-ONLY; the hive that holds the registry key. Possible values include: 'HKEYLOCALMACHINE', 'HKEYCLASSESROOT', 'HKEYCURRENTCONFIG', 'HKEYUSERS', 'HKEYCURRENTUSERLOCALSETTINGS', 'HKEYPERFORMANCEDATA', 'HKEYPERFORMANCENLSTEXT', 'HKEYPERFORMANCETEXT', 'HKEYA', 'HKEYCURRENTUSER' + Hive RegistryHive `json:"hive,omitempty"` + // Key - READ-ONLY; The registry key path. + Key *string `json:"key,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for RegistryKeyEntityProperties. +func (rkep RegistryKeyEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// RegistryValueEntity represents a registry value entity. +type RegistryValueEntity struct { + // RegistryValueEntityProperties - RegistryKey entity properties + *RegistryValueEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for RegistryValueEntity. +func (rve RegistryValueEntity) MarshalJSON() ([]byte, error) { + rve.Kind = KindRegistryValue + objectMap := make(map[string]interface{}) + if rve.RegistryValueEntityProperties != nil { + objectMap["properties"] = rve.RegistryValueEntityProperties + } + if rve.Kind != "" { + objectMap["kind"] = rve.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return &rve, true +} + +// AsURLEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool) { + return &rve, true +} + +// UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct. +func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var registryValueEntityProperties RegistryValueEntityProperties + err = json.Unmarshal(*v, ®istryValueEntityProperties) + if err != nil { + return err + } + rve.RegistryValueEntityProperties = ®istryValueEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + rve.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + rve.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + rve.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + rve.Kind = kind + } + } + } + + return nil +} + +// RegistryValueEntityProperties registryValue entity property bag. +type RegistryValueEntityProperties struct { + // ValueName - READ-ONLY; The registry value name. + ValueName *string `json:"valueName,omitempty"` + // ValueData - READ-ONLY; String formatted representation of the value data. + ValueData *string `json:"valueData,omitempty"` + // ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord' + ValueType RegistryValueKind `json:"valueType,omitempty"` + // KeyEntityID - READ-ONLY; The registry key entity id. + KeyEntityID *string `json:"keyEntityId,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for RegistryValueEntityProperties. +func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// Resource an azure resource object +type Resource struct { + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` +} + +// ScheduledAlertRule represents scheduled alert rule. +type ScheduledAlertRule struct { + // ScheduledAlertRuleProperties - Scheduled alert rule properties + *ScheduledAlertRuleProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' + Kind Kind `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ScheduledAlertRule. +func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) { + sar.Kind = KindScheduled + objectMap := make(map[string]interface{}) + if sar.ScheduledAlertRuleProperties != nil { + objectMap["properties"] = sar.ScheduledAlertRuleProperties + } + if sar.Etag != nil { + objectMap["etag"] = sar.Etag + } + if sar.Kind != "" { + objectMap["kind"] = sar.Kind + } + return json.Marshal(objectMap) +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return &sar, true +} + +// AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool) { + return nil, false +} + +// AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { return &sar, true } -// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct. -func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct. +func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var scheduledAlertRuleProperties ScheduledAlertRuleProperties + err = json.Unmarshal(*v, &scheduledAlertRuleProperties) + if err != nil { + return err + } + sar.ScheduledAlertRuleProperties = &scheduledAlertRuleProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sar.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sar.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sar.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + sar.Etag = &etag + } + case "kind": + if v != nil { + var kind Kind + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + sar.Kind = kind + } + } + } + + return nil +} + +// ScheduledAlertRuleProperties alert rule property bag. +type ScheduledAlertRuleProperties struct { + // DisplayName - The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule. + Description *string `json:"description,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. + SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` + // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. + SuppressionDuration *string `json:"suppressionDuration,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. + LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` +} + +// ScheduledAlertRuleTemplate represents scheduled alert rule template. +type ScheduledAlertRuleTemplate struct { + // ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties + *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) { + sart.Kind = KindBasicAlertRuleTemplateKindScheduled + objectMap := make(map[string]interface{}) + if sart.ScheduledAlertRuleTemplateProperties != nil { + objectMap["properties"] = sart.ScheduledAlertRuleTemplateProperties + } + if sart.Etag != nil { + objectMap["etag"] = sart.Etag + } + if sart.Kind != "" { + objectMap["kind"] = sart.Kind + } + return json.Marshal(objectMap) +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return &sart, true +} + +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { + return nil, false +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return nil, false +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &sart, true +} + +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct. +func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -4735,12 +8249,12 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var scheduledAlertRuleProperties ScheduledAlertRuleProperties - err = json.Unmarshal(*v, &scheduledAlertRuleProperties) + var scheduledAlertRuleTemplateProperties ScheduledAlertRuleTemplateProperties + err = json.Unmarshal(*v, &scheduledAlertRuleTemplateProperties) if err != nil { return err } - sar.ScheduledAlertRuleProperties = &scheduledAlertRuleProperties + sart.ScheduledAlertRuleTemplateProperties = &scheduledAlertRuleTemplateProperties } case "id": if v != nil { @@ -4749,7 +8263,7 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { if err != nil { return err } - sar.ID = &ID + sart.ID = &ID } case "type": if v != nil { @@ -4758,7 +8272,7 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { if err != nil { return err } - sar.Type = &typeVar + sart.Type = &typeVar } case "name": if v != nil { @@ -4767,7 +8281,7 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { if err != nil { return err } - sar.Name = &name + sart.Name = &name } case "etag": if v != nil { @@ -4776,16 +8290,16 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { if err != nil { return err } - sar.Etag = &etag + sart.Etag = &etag } case "kind": if v != nil { - var kind Kind + var kind KindBasicAlertRuleTemplate err = json.Unmarshal(*v, &kind) if err != nil { return err } - sar.Kind = kind + sart.Kind = kind } } } @@ -4793,16 +8307,24 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { return nil } -// ScheduledAlertRuleProperties alert rule property bag. -type ScheduledAlertRuleProperties struct { - // DisplayName - The display name for alerts created by this alert rule. +// ScheduledAlertRuleTemplateProperties scheduled alert rule template properties +type ScheduledAlertRuleTemplateProperties struct { + // DisplayName - The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule. + // Description - The description of the alert rule template. Description *string `json:"description,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` - // Enabled - Determines whether this alert rule is enabled or disabled. - Enabled *bool `json:"enabled,omitempty"` // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. @@ -4813,73 +8335,377 @@ type ScheduledAlertRuleProperties struct { TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` - // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. - SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` - // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. - SuppressionDuration *string `json:"suppressionDuration,omitempty"` - // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` } -// ScheduledAlertRuleTemplate represents scheduled alert rule template. -type ScheduledAlertRuleTemplate struct { - // ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties - *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` +// ScheduledAlertRuleTemplatePropertiesModel schedule alert rule template property bag. +type ScheduledAlertRuleTemplatePropertiesModel struct { + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` +} + +// SecurityAlert represents a security alert entity. +type SecurityAlert struct { + // SecurityAlertProperties - SecurityAlert entity properties + *SecurityAlertProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' - Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for SecurityAlert. +func (sa SecurityAlert) MarshalJSON() ([]byte, error) { + sa.Kind = KindSecurityAlert + objectMap := make(map[string]interface{}) + if sa.SecurityAlertProperties != nil { + objectMap["properties"] = sa.SecurityAlertProperties + } + if sa.Kind != "" { + objectMap["kind"] = sa.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { + return &sa, true +} + +// AsFileHashEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool) { + return &sa, true +} + +// UnmarshalJSON is the custom unmarshaler for SecurityAlert struct. +func (sa *SecurityAlert) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var securityAlertProperties SecurityAlertProperties + err = json.Unmarshal(*v, &securityAlertProperties) + if err != nil { + return err + } + sa.SecurityAlertProperties = &securityAlertProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sa.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sa.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sa.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + sa.Kind = kind + } + } + } + + return nil +} + +// SecurityAlertProperties securityAlert entity property bag. +type SecurityAlertProperties struct { + // SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product. + SystemAlertID *string `json:"systemAlertId,omitempty"` + // ConfidenceReasons - READ-ONLY; The confidence reasons + ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"` + // ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final' + ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` + // Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact' + Intent KillChainIntent `json:"intent,omitempty"` + // ConfidenceScore - READ-ONLY; The confidence score of the alert. + ConfidenceScore *float64 `json:"confidenceScore,omitempty"` + // AlertDisplayName - READ-ONLY; The display name of the alert. + AlertDisplayName *string `json:"alertDisplayName,omitempty"` + // Description - READ-ONLY; Alert description. + Description *string `json:"description,omitempty"` + // RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert. + RemediationSteps *[]string `json:"remediationSteps,omitempty"` + // ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh' + ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"` + // Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // VendorName - READ-ONLY; The name of the vendor that raise the alert. + VendorName *string `json:"vendorName,omitempty"` + // ProductName - READ-ONLY; The name of the product which published this alert. + ProductName *string `json:"productName,omitempty"` + // ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert. + ProductComponentName *string `json:"productComponentName,omitempty"` + // AlertType - READ-ONLY; The type name of the alert. + AlertType *string `json:"alertType,omitempty"` + // ProductVersion - READ-ONLY; The version of the product generating the alert. + ProductVersion *string `json:"productVersion,omitempty"` + // ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption. + ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"` + // Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress' + Status AlertStatus `json:"status,omitempty"` + // EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert). + EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` + // StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert). + StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` + // TimeGenerated - READ-ONLY; The time the alert was generated. + TimeGenerated *date.Time `json:"timeGenerated,omitempty"` + // CompromisedEntity - READ-ONLY; Display name of the main entity being reported on. + CompromisedEntity *string `json:"compromisedEntity,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for SecurityAlertProperties. +func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if sap.Severity != "" { + objectMap["severity"] = sap.Severity + } + return json.Marshal(objectMap) +} + +// SecurityAlertPropertiesConfidenceReasonsItem confidence reason item +type SecurityAlertPropertiesConfidenceReasonsItem struct { + // ReasonType - READ-ONLY; The type (category) of the reason + ReasonType *string `json:"reasonType,omitempty"` + // Reason - READ-ONLY; The reason's description + Reason *string `json:"reason,omitempty"` +} + +// SecurityGroupEntity represents a security group entity. +type SecurityGroupEntity struct { + // SecurityGroupEntityProperties - SecurityGroup entity properties + *SecurityGroupEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate. -func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) { - sart.Kind = KindBasicAlertRuleTemplateKindScheduled +// MarshalJSON is the custom marshaler for SecurityGroupEntity. +func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error) { + sge.Kind = KindSecurityGroup objectMap := make(map[string]interface{}) - if sart.ScheduledAlertRuleTemplateProperties != nil { - objectMap["properties"] = sart.ScheduledAlertRuleTemplateProperties - } - if sart.Etag != nil { - objectMap["etag"] = sart.Etag + if sge.SecurityGroupEntityProperties != nil { + objectMap["properties"] = sge.SecurityGroupEntityProperties } - if sart.Kind != "" { - objectMap["kind"] = sart.Kind + if sge.Kind != "" { + objectMap["kind"] = sge.Kind } return json.Marshal(objectMap) } -// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. -func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { - return &sart, true +// AsAccountEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false } -// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. -func (sart ScheduledAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { +// AsHostEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. -func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { +// AsFileEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. -func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { +// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. -func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { - return &sart, true +// AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct. -func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { +// AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return &sge, true +} + +// AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool) { + return &sge, true +} + +// UnmarshalJSON is the custom unmarshaler for SecurityGroupEntity struct. +func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -4889,12 +8715,12 @@ func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var scheduledAlertRuleTemplateProperties ScheduledAlertRuleTemplateProperties - err = json.Unmarshal(*v, &scheduledAlertRuleTemplateProperties) + var securityGroupEntityProperties SecurityGroupEntityProperties + err = json.Unmarshal(*v, &securityGroupEntityProperties) if err != nil { return err } - sart.ScheduledAlertRuleTemplateProperties = &scheduledAlertRuleTemplateProperties + sge.SecurityGroupEntityProperties = &securityGroupEntityProperties } case "id": if v != nil { @@ -4903,7 +8729,7 @@ func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { if err != nil { return err } - sart.ID = &ID + sge.ID = &ID } case "type": if v != nil { @@ -4912,7 +8738,7 @@ func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { if err != nil { return err } - sart.Type = &typeVar + sge.Type = &typeVar } case "name": if v != nil { @@ -4921,25 +8747,16 @@ func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { if err != nil { return err } - sart.Name = &name - } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - sart.Etag = &etag + sge.Name = &name } case "kind": if v != nil { - var kind KindBasicAlertRuleTemplate + var kind KindBasicEntity err = json.Unmarshal(*v, &kind) if err != nil { return err } - sart.Kind = kind + sge.Kind = kind } } } @@ -4947,50 +8764,24 @@ func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { return nil } -// ScheduledAlertRuleTemplateProperties scheduled alert rule template properties -type ScheduledAlertRuleTemplateProperties struct { - // DisplayName - The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule template. - Description *string `json:"description,omitempty"` - // Tactics - The tactics of the alert rule template - Tactics *[]AttackTactic `json:"tactics,omitempty"` - // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. - CreatedDateUTC *string `json:"createdDateUTC,omitempty"` - // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' - Status TemplateStatus `json:"status,omitempty"` - // RequiredDataConnectors - The required data connectors for this template - RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` - // AlertRulesCreatedByTemplateCount - the number of alert rules that was created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` - // Query - The query that creates alerts for this rule. - Query *string `json:"query,omitempty"` - // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. - QueryFrequency *string `json:"queryFrequency,omitempty"` - // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. - QueryPeriod *string `json:"queryPeriod,omitempty"` - // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' - TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` - // TriggerThreshold - The threshold triggers this alert rule. - TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` +// SecurityGroupEntityProperties securityGroup entity property bag. +type SecurityGroupEntityProperties struct { + // DistinguishedName - READ-ONLY; The group distinguished name + DistinguishedName *string `json:"distinguishedName,omitempty"` + // Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group + Sid *string `json:"sid,omitempty"` + // ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory. + ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` } -// ScheduledAlertRuleTemplatePropertiesModel schedule alert rule template property bag. -type ScheduledAlertRuleTemplatePropertiesModel struct { - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` - // Query - The query that creates alerts for this rule. - Query *string `json:"query,omitempty"` - // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. - QueryFrequency *string `json:"queryFrequency,omitempty"` - // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. - QueryPeriod *string `json:"queryPeriod,omitempty"` - // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' - TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` - // TriggerThreshold - The threshold triggers this alert rule. - TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` +// MarshalJSON is the custom marshaler for SecurityGroupEntityProperties. +func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) } // BasicSettings the Setting. @@ -5112,6 +8903,22 @@ func (sm *SettingsModel) UnmarshalJSON(body []byte) error { return nil } +// ThreatIntelligence threatIntelligence property bag. +type ThreatIntelligence struct { + // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received + ProviderName *string `json:"providerName,omitempty"` + // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") + ThreatType *string `json:"threatType,omitempty"` + // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") + ThreatName *string `json:"threatName,omitempty"` + // Confidence - READ-ONLY; Confidence (must be between 0 and 1) + Confidence *float64 `json:"confidence,omitempty"` + // ReportLink - READ-ONLY; Report link + ReportLink *string `json:"reportLink,omitempty"` + // ThreatDescription - READ-ONLY; Threat description (free text) + ThreatDescription *string `json:"threatDescription,omitempty"` +} + // TIDataConnector represents threat intelligence data connector. type TIDataConnector struct { // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. @@ -5124,7 +8931,7 @@ type TIDataConnector struct { Name *string `json:"name,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' + // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -5154,6 +8961,11 @@ func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return &tdc, true } +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + // AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false @@ -5169,6 +8981,16 @@ func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } +// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for TIDataConnector. func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -5526,12 +9348,200 @@ type UebaSettingsProperties struct { AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` } +// URLEntity represents a url entity. +type URLEntity struct { + // URLEntityProperties - Url entity properties + *URLEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for URLEntity. +func (ue URLEntity) MarshalJSON() ([]byte, error) { + ue.Kind = KindURL + objectMap := make(map[string]interface{}) + if ue.URLEntityProperties != nil { + objectMap["properties"] = ue.URLEntityProperties + } + if ue.Kind != "" { + objectMap["kind"] = ue.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsURLEntity() (*URLEntity, bool) { + return &ue, true +} + +// AsEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsBasicEntity() (BasicEntity, bool) { + return &ue, true +} + +// UnmarshalJSON is the custom unmarshaler for URLEntity struct. +func (ue *URLEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var URLEntityProperties URLEntityProperties + err = json.Unmarshal(*v, &URLEntityProperties) + if err != nil { + return err + } + ue.URLEntityProperties = &URLEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ue.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ue.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ue.Name = &name + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ue.Kind = kind + } + } + } + + return nil +} + +// URLEntityProperties url entity property bag. +type URLEntityProperties struct { + // URL - READ-ONLY; A full URL the entity points to + URL *string `json:"url,omitempty"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` +} + +// MarshalJSON is the custom marshaler for URLEntityProperties. +func (uep URLEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + // UserInfo user information that made some action type UserInfo struct { // ObjectID - The object id of the user. ObjectID *uuid.UUID `json:"objectId,omitempty"` - // Email - The email of the user. + // Email - READ-ONLY; The email of the user. Email *string `json:"email,omitempty"` - // Name - The name of the user. + // Name - READ-ONLY; The name of the user. Name *string `json:"name,omitempty"` } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go index 61f75efb106a..854841ce503f 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go @@ -63,11 +63,26 @@ type CasesClientAPI interface { CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter securityinsight.Case) (result securityinsight.Case, err error) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result autorest.Response, err error) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result securityinsight.Case, err error) - List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.CaseListPage, err error) + GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result securityinsight.CaseComment, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.CaseListPage, err error) } var _ CasesClientAPI = (*securityinsight.CasesClient)(nil) +// CommentsClientAPI contains the set of methods on the CommentsClient type. +type CommentsClientAPI interface { + ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.CaseCommentListPage, err error) +} + +var _ CommentsClientAPI = (*securityinsight.CommentsClient)(nil) + +// CaseCommentsClientAPI contains the set of methods on the CaseCommentsClient type. +type CaseCommentsClientAPI interface { + CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment securityinsight.CaseComment) (result securityinsight.CaseComment, err error) +} + +var _ CaseCommentsClientAPI = (*securityinsight.CaseCommentsClient)(nil) + // BookmarksClientAPI contains the set of methods on the BookmarksClient type. type BookmarksClientAPI interface { CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark securityinsight.Bookmark) (result securityinsight.Bookmark, err error) @@ -90,6 +105,7 @@ var _ DataConnectorsClientAPI = (*securityinsight.DataConnectorsClient)(nil) // EntitiesClientAPI contains the set of methods on the EntitiesClient type. type EntitiesClientAPI interface { + Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters securityinsight.EntityExpandParameters) (result securityinsight.EntityExpandResponse, err error) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (result securityinsight.EntityModel, err error) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.EntityListPage, err error) } From 69fb9b58c46c9ef983b9fad1880519c4d056819d Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Tue, 13 Aug 2019 13:34:40 +0000 Subject: [PATCH 3/5] Generated from efe14acff06c754692f29bffee877f29edb68b89 Bookmarks swagger updates --- .../mgmt/2017-08-01-preview/securityinsight/models.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index 387661973bb4..0cee5c8acbb5 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -3031,10 +3031,10 @@ func NewBookmarkListPage(getNextPage func(context.Context, BookmarkList) (Bookma type BookmarkProperties struct { // DisplayName - The display name of the bookmark DisplayName *string `json:"displayName,omitempty"` - // LastUpdatedTimeUtc - The last time the bookmark was updated - LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` - // CreatedTimeUtc - The time the bookmark was created - CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Updated - The last time the bookmark was updated + Updated *date.Time `json:"updated,omitempty"` + // Created - The time the bookmark was created + Created *date.Time `json:"created,omitempty"` // CreatedBy - Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` // UpdatedBy - Describes a user that updated the bookmark @@ -3045,6 +3045,8 @@ type BookmarkProperties struct { Labels *[]string `json:"labels,omitempty"` // Query - The query of the bookmark. Query *string `json:"query,omitempty"` + // QueryResult - The query result of the bookmark. + QueryResult *string `json:"queryResult,omitempty"` } // Case represents a case in Azure Security Insights. From eff3f860779f8b84778143b302bb20431319f2e2 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Tue, 13 Aug 2019 15:43:57 +0000 Subject: [PATCH 4/5] Generated from 07393c4915496b1768a08c5f408b05cdb2a27f10 fix typos --- .../mgmt/securityinsight/models.go | 2 + .../securityinsight/models.go | 42 +++++++++++++++---- 2 files changed, 36 insertions(+), 8 deletions(-) diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go index bfb892c74af5..b3dbd8e93239 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go @@ -485,6 +485,8 @@ type FilterAlertRuleTemplate = original.FilterAlertRuleTemplate type FilterAlertRuleTemplateProperties = original.FilterAlertRuleTemplateProperties type FilterAlertRuleTemplatePropertiesModel = original.FilterAlertRuleTemplatePropertiesModel type FusionAlertRuleTemplate = original.FusionAlertRuleTemplate +type FusionAlertRuleTemplateProperties = original.FusionAlertRuleTemplateProperties +type FusionAlertRuleTemplatePropertiesModel = original.FusionAlertRuleTemplatePropertiesModel type GeoLocation = original.GeoLocation type HostEntity = original.HostEntity type HostEntityProperties = original.HostEntityProperties diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index 0cee5c8acbb5..7bdbf9d99619 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -758,7 +758,7 @@ type TemplateStatus string const ( // Available Alert rule template is available. Available TemplateStatus = "Available" - // Installed Alert rule template installed. and cann't use more then once + // Installed Alert rule template installed. and can not use more then once Installed TemplateStatus = "Installed" // NotAvailable Alert rule template is not available NotAvailable TemplateStatus = "NotAvailable" @@ -5794,8 +5794,8 @@ type FilterAlertRuleTemplatePropertiesModel struct { // FusionAlertRuleTemplate represents fusion alert rule template. type FusionAlertRuleTemplate struct { - // BaseAlertRuleTemplateProperties - Fusion alert rule template properties - *BaseAlertRuleTemplateProperties `json:"properties,omitempty"` + // FusionAlertRuleTemplateProperties - Fusion alert rule template properties + *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Type - READ-ONLY; Azure resource type @@ -5812,8 +5812,8 @@ type FusionAlertRuleTemplate struct { func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { fart.Kind = KindBasicAlertRuleTemplateKindFusion objectMap := make(map[string]interface{}) - if fart.BaseAlertRuleTemplateProperties != nil { - objectMap["properties"] = fart.BaseAlertRuleTemplateProperties + if fart.FusionAlertRuleTemplateProperties != nil { + objectMap["properties"] = fart.FusionAlertRuleTemplateProperties } if fart.Etag != nil { objectMap["etag"] = fart.Etag @@ -5860,12 +5860,12 @@ func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var baseAlertRuleTemplateProperties BaseAlertRuleTemplateProperties - err = json.Unmarshal(*v, &baseAlertRuleTemplateProperties) + var fusionAlertRuleTemplateProperties FusionAlertRuleTemplateProperties + err = json.Unmarshal(*v, &fusionAlertRuleTemplateProperties) if err != nil { return err } - fart.BaseAlertRuleTemplateProperties = &baseAlertRuleTemplateProperties + fart.FusionAlertRuleTemplateProperties = &fusionAlertRuleTemplateProperties } case "id": if v != nil { @@ -5918,6 +5918,32 @@ func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { return nil } +// FusionAlertRuleTemplateProperties fusion alert rule template properties +type FusionAlertRuleTemplateProperties struct { + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` +} + +// FusionAlertRuleTemplatePropertiesModel filter alert rule template property bag. +type FusionAlertRuleTemplatePropertiesModel struct { + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` +} + // GeoLocation the geo-location context attached to the ip entity type GeoLocation struct { // CountryCode - READ-ONLY; The country code according to ISO 3166 format From f02f9bfd257bac86f918114b2cee164ad3d2e3b1 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Tue, 13 Aug 2019 16:10:30 +0000 Subject: [PATCH 5/5] Generated from 98fdd0347934e59d39a7b6f803f170933c96d199 fix typo --- .../mgmt/2017-08-01-preview/securityinsight/models.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index 7bdbf9d99619..a36a38b88823 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -5774,7 +5774,7 @@ type FilterAlertRuleTemplateProperties struct { RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` - // FilterProduct - The filter prodact name for this template rule. + // FilterProduct - The filter product name for this template rule. FilterProduct *string `json:"filterProduct,omitempty"` // FilterSeverities - the alert’s severities on which the cases will be generated FilterSeverities *[]AlertSeverity `json:"filterSeverities,omitempty"` @@ -5784,7 +5784,7 @@ type FilterAlertRuleTemplateProperties struct { // FilterAlertRuleTemplatePropertiesModel filter alert rule template property bag. type FilterAlertRuleTemplatePropertiesModel struct { - // FilterProduct - The filter prodact name for this template rule. + // FilterProduct - The filter product name for this template rule. FilterProduct *string `json:"filterProduct,omitempty"` // FilterSeverities - the alert’s severities on which the cases will be generated FilterSeverities *[]AlertSeverity `json:"filterSeverities,omitempty"`