From ede4e8c716283854db9641e987cab184f735e6d0 Mon Sep 17 00:00:00 2001 From: SDK Automation Date: Mon, 14 Sep 2020 02:47:47 +0000 Subject: [PATCH] Generated from ff34dfdb14dd2f83f4b8578b72b781c410468b31 --- .../securityinsight/client.go | 100 + .../securityinsight/enums.go | 133 +- .../securityinsight/incidents.go | 94 + .../securityinsight/models.go | 2806 ++++++++++++++--- .../securityinsight/productsettings.go | 6 +- .../securityinsightapi/interfaces.go | 61 + .../threatintelligenceindicator.go | 425 +++ .../threatintelligenceindicatormetrics.go | 142 + .../threatintelligenceindicators.go | 196 ++ .../threatintelligenceindicatorslist.go | 181 ++ .../threatintelligenceindicatorupsert.go | 143 + .../securityinsight/watchlists.go | 591 ++++ 12 files changed, 4392 insertions(+), 486 deletions(-) create mode 100644 services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicator.go create mode 100644 services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatormetrics.go create mode 100644 services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicators.go create mode 100644 services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorslist.go create mode 100644 services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorupsert.go create mode 100644 services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/watchlists.go diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go index a29c0d5d0ce9..f01ff44f6c1c 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go @@ -21,7 +21,12 @@ package securityinsight // Changes may cause incorrect behavior and will be lost if the code is regenerated. import ( + "context" "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" ) const ( @@ -50,3 +55,98 @@ func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient { SubscriptionID: subscriptionID, } } + +// CreateThreatIntelligence create a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// threatIntelligenceIndicatorObjectToUpsert - the threat intelligence entity properties for upsert +func (client BaseClient) CreateThreatIntelligence(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BaseClient.CreateThreatIntelligence") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.BaseClient", "CreateThreatIntelligence", err.Error()) + } + + req, err := client.CreateThreatIntelligencePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceIndicatorObjectToUpsert) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BaseClient", "CreateThreatIntelligence", nil, "Failure preparing request") + return + } + + resp, err := client.CreateThreatIntelligenceSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.BaseClient", "CreateThreatIntelligence", resp, "Failure sending request") + return + } + + result, err = client.CreateThreatIntelligenceResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BaseClient", "CreateThreatIntelligence", resp, "Failure responding to request") + } + + return +} + +// CreateThreatIntelligencePreparer prepares the CreateThreatIntelligence request. +func (client BaseClient) CreateThreatIntelligencePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator", pathParameters), + autorest.WithJSON(threatIntelligenceIndicatorObjectToUpsert), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateThreatIntelligenceSender sends the CreateThreatIntelligence request. The method will close the +// http.Response Body if it receives an error. +func (client BaseClient) CreateThreatIntelligenceSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateThreatIntelligenceResponder handles the response to the CreateThreatIntelligence request. The method always +// closes the http.Response Body. +func (client BaseClient) CreateThreatIntelligenceResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go index 1525863f1586..1b3658405634 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go @@ -100,13 +100,15 @@ const ( LateralMovement AttackTactic = "LateralMovement" // Persistence ... Persistence AttackTactic = "Persistence" + // PreAttack ... + PreAttack AttackTactic = "PreAttack" // PrivilegeEscalation ... PrivilegeEscalation AttackTactic = "PrivilegeEscalation" ) // PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. func PossibleAttackTacticValues() []AttackTactic { - return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation} + return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PreAttack, PrivilegeEscalation} } // CaseSeverity enumerates the values for case severity. @@ -241,6 +243,8 @@ const ( DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" // DataConnectorKindOffice365 ... DataConnectorKindOffice365 DataConnectorKind = "Office365" + // DataConnectorKindOfficeATP ... + DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP" // DataConnectorKindThreatIntelligence ... DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" // DataConnectorKindThreatIntelligenceTaxii ... @@ -249,7 +253,7 @@ const ( // PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. func PossibleDataConnectorKindValues() []DataConnectorKind { - return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence, DataConnectorKindThreatIntelligenceTaxii} + return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindOfficeATP, DataConnectorKindThreatIntelligence, DataConnectorKindThreatIntelligenceTaxii} } // DataConnectorLicenseState enumerates the values for data connector license state. @@ -408,6 +412,21 @@ func PossibleEntityTypeValues() []EntityType { return []EntityType{EntityTypeAccount, EntityTypeAzureResource, EntityTypeCloudApplication, EntityTypeDNS, EntityTypeFile, EntityTypeFileHash, EntityTypeHost, EntityTypeHuntingBookmark, EntityTypeIoTDevice, EntityTypeIP, EntityTypeMalware, EntityTypeProcess, EntityTypeRegistryKey, EntityTypeRegistryValue, EntityTypeSecurityAlert, EntityTypeSecurityGroup, EntityTypeURL} } +// EventGroupingAggregationKind enumerates the values for event grouping aggregation kind. +type EventGroupingAggregationKind string + +const ( + // AlertPerResult ... + AlertPerResult EventGroupingAggregationKind = "AlertPerResult" + // SingleAlert ... + SingleAlert EventGroupingAggregationKind = "SingleAlert" +) + +// PossibleEventGroupingAggregationKindValues returns an array of possible values for the EventGroupingAggregationKind const type. +func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind { + return []EventGroupingAggregationKind{AlertPerResult, SingleAlert} +} + // FileHashAlgorithm enumerates the values for file hash algorithm. type FileHashAlgorithm string @@ -688,6 +707,8 @@ const ( KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" // KindOffice365 ... KindOffice365 KindBasicDataConnector = "Office365" + // KindOfficeATP ... + KindOfficeATP KindBasicDataConnector = "OfficeATP" // KindThreatIntelligence ... KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" // KindThreatIntelligenceTaxii ... @@ -696,7 +717,7 @@ const ( // PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { - return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindThreatIntelligence, KindThreatIntelligenceTaxii} + return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindOfficeATP, KindThreatIntelligence, KindThreatIntelligenceTaxii} } // KindBasicDataConnectorsCheckRequirements enumerates the values for kind basic data connectors check @@ -718,6 +739,8 @@ const ( KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity KindBasicDataConnectorsCheckRequirements = "MicrosoftCloudAppSecurity" // KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection ... KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftDefenderAdvancedThreatProtection" + // KindBasicDataConnectorsCheckRequirementsKindOfficeATP ... + KindBasicDataConnectorsCheckRequirementsKindOfficeATP KindBasicDataConnectorsCheckRequirements = "OfficeATP" // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence ... KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence KindBasicDataConnectorsCheckRequirements = "ThreatIntelligence" // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii ... @@ -726,7 +749,7 @@ const ( // PossibleKindBasicDataConnectorsCheckRequirementsValues returns an array of possible values for the KindBasicDataConnectorsCheckRequirements const type. func PossibleKindBasicDataConnectorsCheckRequirementsValues() []KindBasicDataConnectorsCheckRequirements { - return []KindBasicDataConnectorsCheckRequirements{KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail, KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory, KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter, KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements, KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity, KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii} + return []KindBasicDataConnectorsCheckRequirements{KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail, KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory, KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter, KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements, KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity, KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindOfficeATP, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii} } // KindBasicEntity enumerates the values for kind basic entity. @@ -778,15 +801,34 @@ func PossibleKindBasicEntityValues() []KindBasicEntity { type KindBasicSettings string const ( + // KindEntityAnalytics ... + KindEntityAnalytics KindBasicSettings = "EntityAnalytics" // KindEyesOn ... KindEyesOn KindBasicSettings = "EyesOn" // KindSettings ... KindSettings KindBasicSettings = "Settings" + // KindUeba ... + KindUeba KindBasicSettings = "Ueba" ) // PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type. func PossibleKindBasicSettingsValues() []KindBasicSettings { - return []KindBasicSettings{KindEyesOn, KindSettings} + return []KindBasicSettings{KindEntityAnalytics, KindEyesOn, KindSettings, KindUeba} +} + +// KindBasicThreatIntelligenceResource enumerates the values for kind basic threat intelligence resource. +type KindBasicThreatIntelligenceResource string + +const ( + // KindIndicator ... + KindIndicator KindBasicThreatIntelligenceResource = "indicator" + // KindThreatIntelligenceResource ... + KindThreatIntelligenceResource KindBasicThreatIntelligenceResource = "ThreatIntelligenceResource" +) + +// PossibleKindBasicThreatIntelligenceResourceValues returns an array of possible values for the KindBasicThreatIntelligenceResource const type. +func PossibleKindBasicThreatIntelligenceResourceValues() []KindBasicThreatIntelligenceResource { + return []KindBasicThreatIntelligenceResource{KindIndicator, KindThreatIntelligenceResource} } // MicrosoftSecurityProductName enumerates the values for microsoft security product name. @@ -915,6 +957,38 @@ func PossibleRelationTypesValues() []RelationTypes { return []RelationTypes{CasesToBookmarks} } +// SettingKind enumerates the values for setting kind. +type SettingKind string + +const ( + // SettingKindEntityAnalytics ... + SettingKindEntityAnalytics SettingKind = "EntityAnalytics" + // SettingKindEyesOn ... + SettingKindEyesOn SettingKind = "EyesOn" + // SettingKindUeba ... + SettingKindUeba SettingKind = "Ueba" +) + +// PossibleSettingKindValues returns an array of possible values for the SettingKind const type. +func PossibleSettingKindValues() []SettingKind { + return []SettingKind{SettingKindEntityAnalytics, SettingKindEyesOn, SettingKindUeba} +} + +// Source enumerates the values for source. +type Source string + +const ( + // Localfile ... + Localfile Source = "Local file" + // Remotestorage ... + Remotestorage Source = "Remote storage" +) + +// PossibleSourceValues returns an array of possible values for the Source const type. +func PossibleSourceValues() []Source { + return []Source{Localfile, Remotestorage} +} + // TemplateStatus enumerates the values for template status. type TemplateStatus string @@ -932,6 +1006,36 @@ func PossibleTemplateStatusValues() []TemplateStatus { return []TemplateStatus{Available, Installed, NotAvailable} } +// ThreatIntelligenceArmStixSortBy enumerates the values for threat intelligence arm stix sort by. +type ThreatIntelligenceArmStixSortBy string + +const ( + // Ascending ... + Ascending ThreatIntelligenceArmStixSortBy = "ascending" + // Descending ... + Descending ThreatIntelligenceArmStixSortBy = "descending" + // Unsorted ... + Unsorted ThreatIntelligenceArmStixSortBy = "unsorted" +) + +// PossibleThreatIntelligenceArmStixSortByValues returns an array of possible values for the ThreatIntelligenceArmStixSortBy const type. +func PossibleThreatIntelligenceArmStixSortByValues() []ThreatIntelligenceArmStixSortBy { + return []ThreatIntelligenceArmStixSortBy{Ascending, Descending, Unsorted} +} + +// ThreatIntelligenceResourceKind enumerates the values for threat intelligence resource kind. +type ThreatIntelligenceResourceKind string + +const ( + // Indicator Entity represents threat intelligence indicator in the system. + Indicator ThreatIntelligenceResourceKind = "indicator" +) + +// PossibleThreatIntelligenceResourceKindValues returns an array of possible values for the ThreatIntelligenceResourceKind const type. +func PossibleThreatIntelligenceResourceKindValues() []ThreatIntelligenceResourceKind { + return []ThreatIntelligenceResourceKind{Indicator} +} + // TriggerOperator enumerates the values for trigger operator. type TriggerOperator string @@ -950,3 +1054,22 @@ const ( func PossibleTriggerOperatorValues() []TriggerOperator { return []TriggerOperator{Equal, GreaterThan, LessThan, NotEqual} } + +// UebaDataSources enumerates the values for ueba data sources. +type UebaDataSources string + +const ( + // AuditLogs ... + AuditLogs UebaDataSources = "AuditLogs" + // AzureActivity ... + AzureActivity UebaDataSources = "AzureActivity" + // SecurityEvent ... + SecurityEvent UebaDataSources = "SecurityEvent" + // SigninLogs ... + SigninLogs UebaDataSources = "SigninLogs" +) + +// PossibleUebaDataSourcesValues returns an array of possible values for the UebaDataSources const type. +func PossibleUebaDataSourcesValues() []UebaDataSources { + return []UebaDataSources{AuditLogs, AzureActivity, SecurityEvent, SigninLogs} +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go index 365f36bcdff5..fa0f567a4d2e 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go @@ -479,3 +479,97 @@ func (client IncidentsClient) ListComplete(ctx context.Context, resourceGroupNam result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, orderby, top, skipToken) return } + +// ListOfEntities gets all incident related entities. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +func (client IncidentsClient) ListOfEntities(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentEntitiesResponse, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.ListOfEntities") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "ListOfEntities", err.Error()) + } + + req, err := client.ListOfEntitiesPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfEntities", nil, "Failure preparing request") + return + } + + resp, err := client.ListOfEntitiesSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfEntities", resp, "Failure sending request") + return + } + + result, err = client.ListOfEntitiesResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfEntities", resp, "Failure responding to request") + } + + return +} + +// ListOfEntitiesPreparer prepares the ListOfEntities request. +func (client IncidentsClient) ListOfEntitiesPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListOfEntitiesSender sends the ListOfEntities request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) ListOfEntitiesSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListOfEntitiesResponder handles the response to the ListOfEntities request. The method always +// closes the http.Response Body. +func (client IncidentsClient) ListOfEntitiesResponder(resp *http.Response) (result IncidentEntitiesResponse, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go index cfd0c25575eb..c42d411f610a 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go @@ -35,7 +35,7 @@ const fqdn = "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight type AADCheckRequirements struct { // AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties. *AADCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -82,6 +82,11 @@ func (acr AADCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequireme return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements. +func (acr AADCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements. func (acr AADCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -153,7 +158,7 @@ type AADDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -203,6 +208,11 @@ func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector. func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -309,7 +319,7 @@ type AADDataConnectorProperties struct { type AATPCheckRequirements struct { // AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties. *AATPCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -356,6 +366,11 @@ func (acr AATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirem return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements. +func (acr AATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements. func (acr AATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -427,7 +442,7 @@ type AATPDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -477,6 +492,11 @@ func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -1960,7 +1980,7 @@ type AlertsDataTypeOfDataConnectorAlerts struct { type ASCCheckRequirements struct { // ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties. *ASCCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -2007,6 +2027,11 @@ func (acr ASCCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequireme return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements. +func (acr ASCCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements. func (acr ASCCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -2078,7 +2103,7 @@ type ASCDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2128,6 +2153,11 @@ func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -2232,7 +2262,7 @@ type ASCDataConnectorProperties struct { // AwsCloudTrailCheckRequirements amazon Web Services CloudTrail requirements check request. type AwsCloudTrailCheckRequirements struct { - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -2276,6 +2306,11 @@ func (actcr AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements() (*MDATPCh return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements. +func (actcr AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements. func (actcr AwsCloudTrailCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -2308,7 +2343,7 @@ type AwsCloudTrailDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2358,6 +2393,11 @@ func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnec return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -4250,6 +4290,7 @@ type BasicDataConnector interface { AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsMCASDataConnector() (*MCASDataConnector, bool) AsMDATPDataConnector() (*MDATPDataConnector, bool) + AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) AsOfficeDataConnector() (*OfficeDataConnector, bool) AsTIDataConnector() (*TIDataConnector, bool) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) @@ -4267,7 +4308,7 @@ type DataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -4303,6 +4344,10 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { var mdc MDATPDataConnector err := json.Unmarshal(body, &mdc) return mdc, err + case string(KindOfficeATP): + var oadc OfficeATPDataConnector + err := json.Unmarshal(body, &oadc) + return oadc, err case string(KindOffice365): var odc OfficeDataConnector err := json.Unmarshal(body, &odc) @@ -4383,6 +4428,11 @@ func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector. func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -4416,7 +4466,7 @@ type DataConnectorDataTypeCommon struct { // DataConnectorKind1 describes an Azure resource with kind. type DataConnectorKind1 struct { - // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindOfficeATP', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` } @@ -4651,6 +4701,7 @@ type BasicDataConnectorsCheckRequirements interface { AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) + AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) AsTICheckRequirements() (*TICheckRequirements, bool) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) @@ -4658,7 +4709,7 @@ type BasicDataConnectorsCheckRequirements interface { // DataConnectorsCheckRequirements data connector requirements properties. type DataConnectorsCheckRequirements struct { - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -4694,6 +4745,10 @@ func unmarshalBasicDataConnectorsCheckRequirements(body []byte) (BasicDataConnec var mcr MDATPCheckRequirements err := json.Unmarshal(body, &mcr) return mcr, err + case string(KindBasicDataConnectorsCheckRequirementsKindOfficeATP): + var oacr OfficeATPCheckRequirements + err := json.Unmarshal(body, &oacr) + return oacr, err case string(KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence): var tcr TICheckRequirements err := json.Unmarshal(body, &tcr) @@ -4767,6 +4822,11 @@ func (dccr DataConnectorsCheckRequirements) AsMDATPCheckRequirements() (*MDATPCh return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements. +func (dccr DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements. func (dccr DataConnectorsCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -5229,6 +5289,138 @@ func (e Entity) AsBasicEntity() (BasicEntity, bool) { return &e, true } +// EntityAnalytics settings with single toggle. +type EntityAnalytics struct { + // EntityAnalyticsProperties - EntityAnalytics properties + *EntityAnalyticsProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' + Kind KindBasicSettings `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for EntityAnalytics. +func (ea EntityAnalytics) MarshalJSON() ([]byte, error) { + ea.Kind = KindEntityAnalytics + objectMap := make(map[string]interface{}) + if ea.EntityAnalyticsProperties != nil { + objectMap["properties"] = ea.EntityAnalyticsProperties + } + if ea.Etag != nil { + objectMap["etag"] = ea.Etag + } + if ea.Kind != "" { + objectMap["kind"] = ea.Kind + } + return json.Marshal(objectMap) +} + +// AsEyesOn is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsEyesOn() (*EyesOn, bool) { + return nil, false +} + +// AsEntityAnalytics is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsEntityAnalytics() (*EntityAnalytics, bool) { + return &ea, true +} + +// AsUeba is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsUeba() (*Ueba, bool) { + return nil, false +} + +// AsSettings is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsSettings() (*Settings, bool) { + return nil, false +} + +// AsBasicSettings is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsBasicSettings() (BasicSettings, bool) { + return &ea, true +} + +// UnmarshalJSON is the custom unmarshaler for EntityAnalytics struct. +func (ea *EntityAnalytics) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var entityAnalyticsProperties EntityAnalyticsProperties + err = json.Unmarshal(*v, &entityAnalyticsProperties) + if err != nil { + return err + } + ea.EntityAnalyticsProperties = &entityAnalyticsProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ea.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ea.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ea.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ea.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicSettings + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ea.Kind = kind + } + } + } + + return nil +} + +// EntityAnalyticsProperties entityAnalytics property bag. +type EntityAnalyticsProperties struct { + // IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled. + IsEnabled *bool `json:"isEnabled,omitempty"` +} + // EntityCommonProperties entity common property bag. type EntityCommonProperties struct { // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. @@ -5765,6 +5957,12 @@ type EntityQueryProperties struct { QueryTemplate *string `json:"queryTemplate,omitempty"` } +// EventGroupingSettings event grouping settings property bag. +type EventGroupingSettings struct { + // AggregationKind - Possible values include: 'SingleAlert', 'AlertPerResult' + AggregationKind EventGroupingAggregationKind `json:"aggregationKind,omitempty"` +} + // ExpansionResultAggregation information of a specific aggregation in the expansion result. type ExpansionResultAggregation struct { // AggregationType - The common type of the aggregation. (for e.g. entity field name) @@ -5795,7 +5993,7 @@ type EyesOn struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindEyesOn' + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -5820,6 +6018,16 @@ func (eo EyesOn) AsEyesOn() (*EyesOn, bool) { return &eo, true } +// AsEntityAnalytics is the BasicSettings implementation for EyesOn. +func (eo EyesOn) AsEntityAnalytics() (*EntityAnalytics, bool) { + return nil, false +} + +// AsUeba is the BasicSettings implementation for EyesOn. +func (eo EyesOn) AsUeba() (*Ueba, bool) { + return nil, false +} + // AsSettings is the BasicSettings implementation for EyesOn. func (eo EyesOn) AsSettings() (*Settings, bool) { return nil, false @@ -7224,6 +7432,56 @@ type IncidentConfiguration struct { GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"` } +// IncidentEntitiesResponse the incident related entities response. +type IncidentEntitiesResponse struct { + autorest.Response `json:"-"` + // Entities - Array of the incident related entities. + Entities *[]BasicEntity `json:"entities,omitempty"` + // MetaData - The metadata from the incident related entities results. + MetaData *[]IncidentEntitiesResultsMetadata `json:"metaData,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for IncidentEntitiesResponse struct. +func (ier *IncidentEntitiesResponse) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "entities": + if v != nil { + entities, err := unmarshalBasicEntityArray(*v) + if err != nil { + return err + } + ier.Entities = &entities + } + case "metaData": + if v != nil { + var metaData []IncidentEntitiesResultsMetadata + err = json.Unmarshal(*v, &metaData) + if err != nil { + return err + } + ier.MetaData = &metaData + } + } + } + + return nil +} + +// IncidentEntitiesResultsMetadata information of a specific aggregation in the incident related entities +// result. +type IncidentEntitiesResultsMetadata struct { + // Count - Total number of aggregations of the given kind in the incident related entities result. + Count *int32 `json:"count,omitempty"` + // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark' + EntityKind EntityKind `json:"entityKind,omitempty"` +} + // IncidentInfo describes related incident information for the bookmark type IncidentInfo struct { // IncidentID - Incident Id @@ -8117,7 +8375,7 @@ func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error) { type MCASCheckRequirements struct { // MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties. *MCASCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -8164,6 +8422,11 @@ func (mcr MCASCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirem return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements. +func (mcr MCASCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements. func (mcr MCASCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -8235,7 +8498,7 @@ type MCASDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -8285,6 +8548,11 @@ func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -8406,7 +8674,7 @@ type MCASDataConnectorProperties struct { type MDATPCheckRequirements struct { // MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. *MDATPCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -8453,6 +8721,11 @@ func (mcr MDATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequire return &mcr, true } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements. +func (mcr MDATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements. func (mcr MDATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -8525,7 +8798,7 @@ type MDATPDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -8575,6 +8848,11 @@ func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) return &mdc, true } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -9040,30 +9318,85 @@ func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) Mars return json.Marshal(objectMap) } -// OfficeConsent consent for Office365 tenant that already made. -type OfficeConsent struct { - autorest.Response `json:"-"` - // OfficeConsentProperties - Office consent properties - *OfficeConsentProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` +// OfficeATPCheckRequirements represents OfficeATP (Office 365 Advanced Threat Protection) requirements check +// request. +type OfficeATPCheckRequirements struct { + // OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. + *OfficeATPCheckRequirementsProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for OfficeConsent. -func (oc OfficeConsent) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) MarshalJSON() ([]byte, error) { + oacr.Kind = KindBasicDataConnectorsCheckRequirementsKindOfficeATP objectMap := make(map[string]interface{}) - if oc.OfficeConsentProperties != nil { - objectMap["properties"] = oc.OfficeConsentProperties + if oacr.OfficeATPCheckRequirementsProperties != nil { + objectMap["properties"] = oacr.OfficeATPCheckRequirementsProperties + } + if oacr.Kind != "" { + objectMap["kind"] = oacr.Kind } return json.Marshal(objectMap) } -// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. -func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { +// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { + return nil, false +} + +// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { + return nil, false +} + +// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { + return nil, false +} + +// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { + return nil, false +} + +// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { + return nil, false +} + +// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { + return nil, false +} + +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return &oacr, true +} + +// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { + return nil, false +} + +// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { + return nil, false +} + +// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { + return nil, false +} + +// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { + return &oacr, true +} + +// UnmarshalJSON is the custom unmarshaler for OfficeATPCheckRequirements struct. +func (oacr *OfficeATPCheckRequirements) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -9073,39 +9406,271 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var officeConsentProperties OfficeConsentProperties - err = json.Unmarshal(*v, &officeConsentProperties) - if err != nil { - return err - } - oc.OfficeConsentProperties = &officeConsentProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) + var officeATPCheckRequirementsProperties OfficeATPCheckRequirementsProperties + err = json.Unmarshal(*v, &officeATPCheckRequirementsProperties) if err != nil { return err } - oc.ID = &ID + oacr.OfficeATPCheckRequirementsProperties = &officeATPCheckRequirementsProperties } - case "name": + case "kind": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var kind KindBasicDataConnectorsCheckRequirements + err = json.Unmarshal(*v, &kind) if err != nil { return err } - oc.Name = &name + oacr.Kind = kind } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - oc.Type = &typeVar + } + } + + return nil +} + +// OfficeATPCheckRequirementsProperties officeATP (Office 365 Advanced Threat Protection) requirements check +// properties. +type OfficeATPCheckRequirementsProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// OfficeATPDataConnector represents OfficeATP (Office 365 Advanced Threat Protection) data connector. +type OfficeATPDataConnector struct { + // OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties. + *OfficeATPDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) MarshalJSON() ([]byte, error) { + oadc.Kind = KindOfficeATP + objectMap := make(map[string]interface{}) + if oadc.OfficeATPDataConnectorProperties != nil { + objectMap["properties"] = oadc.OfficeATPDataConnectorProperties + } + if oadc.Etag != nil { + objectMap["etag"] = oadc.Etag + } + if oadc.Kind != "" { + objectMap["kind"] = oadc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return &oadc, true +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &oadc, true +} + +// UnmarshalJSON is the custom unmarshaler for OfficeATPDataConnector struct. +func (oadc *OfficeATPDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeATPDataConnectorProperties OfficeATPDataConnectorProperties + err = json.Unmarshal(*v, &officeATPDataConnectorProperties) + if err != nil { + return err + } + oadc.OfficeATPDataConnectorProperties = &officeATPDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + oadc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + oadc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + oadc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + oadc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + oadc.Kind = kind + } + } + } + + return nil +} + +// OfficeATPDataConnectorProperties officeATP (Office 365 Advanced Threat Protection) data connector +// properties. +type OfficeATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// OfficeConsent consent for Office365 tenant that already made. +type OfficeConsent struct { + autorest.Response `json:"-"` + // OfficeConsentProperties - Office consent properties + *OfficeConsentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeConsent. +func (oc OfficeConsent) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if oc.OfficeConsentProperties != nil { + objectMap["properties"] = oc.OfficeConsentProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. +func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeConsentProperties OfficeConsentProperties + err = json.Unmarshal(*v, &officeConsentProperties) + if err != nil { + return err + } + oc.OfficeConsentProperties = &officeConsentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + oc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + oc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + oc.Type = &typeVar } } } @@ -9307,7 +9872,7 @@ type OfficeDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -9357,6 +9922,11 @@ func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return &odc, true @@ -9457,6 +10027,8 @@ type OfficeDataConnectorDataTypes struct { Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` // SharePoint - SharePoint data type connection. SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` + // Teams - Teams data type connection. + Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"` } // OfficeDataConnectorDataTypesExchange exchange data type connection. @@ -9471,6 +10043,12 @@ type OfficeDataConnectorDataTypesSharePoint struct { State DataTypeState `json:"state,omitempty"` } +// OfficeDataConnectorDataTypesTeams teams data type connection. +type OfficeDataConnectorDataTypesTeams struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + // OfficeDataConnectorProperties office data connector properties. type OfficeDataConnectorProperties struct { // DataTypes - The available data types for the connector. @@ -10862,6 +11440,8 @@ type ScheduledAlertRuleCommonProperties struct { TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // EventGroupingSettings - The event grouping settings. + EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` } // ScheduledAlertRuleProperties scheduled alert rule base property bag. @@ -10896,6 +11476,8 @@ type ScheduledAlertRuleProperties struct { TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // EventGroupingSettings - The event grouping settings. + EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` } // MarshalJSON is the custom marshaler for ScheduledAlertRuleProperties. @@ -10943,6 +11525,9 @@ func (sarp ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error) { if sarp.TriggerThreshold != nil { objectMap["triggerThreshold"] = sarp.TriggerThreshold } + if sarp.EventGroupingSettings != nil { + objectMap["eventGroupingSettings"] = sarp.EventGroupingSettings + } return json.Marshal(objectMap) } @@ -11084,6 +11669,8 @@ type ScheduledAlertRuleTemplateProperties struct { TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // EventGroupingSettings - The event grouping settings. + EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` // Tactics - The tactics of the alert rule template Tactics *[]AttackTactic `json:"tactics,omitempty"` } @@ -11124,6 +11711,9 @@ func (sart ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { if sart.TriggerThreshold != nil { objectMap["triggerThreshold"] = sart.TriggerThreshold } + if sart.EventGroupingSettings != nil { + objectMap["eventGroupingSettings"] = sart.EventGroupingSettings + } if sart.Tactics != nil { objectMap["tactics"] = sart.Tactics } @@ -11612,6 +12202,8 @@ func (sl *SettingList) UnmarshalJSON(body []byte) error { // BasicSettings the Setting. type BasicSettings interface { AsEyesOn() (*EyesOn, bool) + AsEntityAnalytics() (*EntityAnalytics, bool) + AsUeba() (*Ueba, bool) AsSettings() (*Settings, bool) } @@ -11626,7 +12218,7 @@ type Settings struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindEyesOn' + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -11642,6 +12234,14 @@ func unmarshalBasicSettings(body []byte) (BasicSettings, error) { var eo EyesOn err := json.Unmarshal(body, &eo) return eo, err + case string(KindEntityAnalytics): + var ea EntityAnalytics + err := json.Unmarshal(body, &ea) + return ea, err + case string(KindUeba): + var u Ueba + err := json.Unmarshal(body, &u) + return u, err default: var s Settings err := json.Unmarshal(body, &s) @@ -11685,6 +12285,16 @@ func (s Settings) AsEyesOn() (*EyesOn, bool) { return nil, false } +// AsEntityAnalytics is the BasicSettings implementation for Settings. +func (s Settings) AsEntityAnalytics() (*EntityAnalytics, bool) { + return nil, false +} + +// AsUeba is the BasicSettings implementation for Settings. +func (s Settings) AsUeba() (*Ueba, bool) { + return nil, false +} + // AsSettings is the BasicSettings implementation for Settings. func (s Settings) AsSettings() (*Settings, bool) { return &s, true @@ -11697,8 +12307,8 @@ func (s Settings) AsBasicSettings() (BasicSettings, bool) { // SettingsKind describes an Azure resource with kind. type SettingsKind struct { - // Kind - The kind of the setting - Kind *string `json:"kind,omitempty"` + // Kind - The kind of the setting. Possible values include: 'SettingKindEyesOn', 'SettingKindEntityAnalytics', 'SettingKindUeba' + Kind SettingKind `json:"kind,omitempty"` } // SettingsModel ... @@ -11734,79 +12344,322 @@ type ThreatIntelligence struct { ThreatType *string `json:"threatType,omitempty"` } -// TICheckRequirements represents threat intelligence requirements check request. -type TICheckRequirements struct { - // TICheckRequirementsProperties - TI (Threat Intelligence) requirements check properties. - *TICheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' - Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` +// ThreatIntelligenceAppendTagsRequestBody describes threat intelligence indicator append tags request body +type ThreatIntelligenceAppendTagsRequestBody struct { + // ThreatIntelligenceTags - List of threat intelligence tags + ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"` +} + +// ThreatIntelligenceArmStixQuery describes threat intelligence ARM STIX query +type ThreatIntelligenceArmStixQuery struct { + // PageSize - Page size + PageSize *int32 `json:"pageSize,omitempty"` + // MinConfidence - Minimum confidence + MinConfidence *int32 `json:"minConfidence,omitempty"` + // MaxConfidence - Maximum confidence + MaxConfidence *int32 `json:"maxConfidence,omitempty"` + // MinValidUntil - Minimum Valid until + MinValidUntil *string `json:"minValidUntil,omitempty"` + // MaxValidUntil - Maximum Valid until + MaxValidUntil *string `json:"maxValidUntil,omitempty"` + // IncludeDisabled - To include disabled indicators + IncludeDisabled *bool `json:"includeDisabled,omitempty"` + // SortBy - List of Sort rules + SortBy *[]ThreatIntelligenceArmStixSortBy1 `json:"sortBy,omitempty"` + // Sources - Sources of a threat intelligence entity + Sources *[]string `json:"sources,omitempty"` + // PatternTypes - Pattern types + PatternTypes *[]string `json:"patternTypes,omitempty"` + // ThreatTypes - Threat types + ThreatTypes *[]string `json:"threatTypes,omitempty"` + // Ids - Ids of threat intelligence entities + Ids *[]string `json:"ids,omitempty"` + // Keywords - Keywords of threat intelligence entities + Keywords *[]string `json:"keywords,omitempty"` + // SkipToken - Skip Token + SkipToken *string `json:"skipToken,omitempty"` +} + +// ThreatIntelligenceArmStixSortBy1 describes an threat intelligence ARM STIX Sort By +type ThreatIntelligenceArmStixSortBy1 struct { + // ItemKey - Item key + ItemKey *string `json:"itemKey,omitempty"` + // SortOrder - Sort order. Possible values include: 'Unsorted', 'Ascending', 'Descending' + SortOrder ThreatIntelligenceArmStixSortBy `json:"sortOrder,omitempty"` +} + +// ThreatIntelligenceGranularMarkingModel describes threat granular marking model entity +type ThreatIntelligenceGranularMarkingModel struct { + // Language - Language granular marking model + Language *string `json:"language,omitempty"` + // MarkingRef - marking reference granular marking model + MarkingRef *int32 `json:"markingRef,omitempty"` + // Selectors - granular marking model selectors + Selectors *[]string `json:"selectors,omitempty"` +} + +// ThreatIntelligenceIndicatorModel threat intelligence indicator entity. +type ThreatIntelligenceIndicatorModel struct { + // ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties + *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindThreatIntelligenceResource', 'KindIndicator' + Kind KindBasicThreatIntelligenceResource `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for TICheckRequirements. -func (tcr TICheckRequirements) MarshalJSON() ([]byte, error) { - tcr.Kind = KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence +// MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error) { + tiim.Kind = KindIndicator objectMap := make(map[string]interface{}) - if tcr.TICheckRequirementsProperties != nil { - objectMap["properties"] = tcr.TICheckRequirementsProperties + if tiim.ThreatIntelligenceIndicatorProperties != nil { + objectMap["properties"] = tiim.ThreatIntelligenceIndicatorProperties } - if tcr.Kind != "" { - objectMap["kind"] = tcr.Kind + if tiim.Etag != nil { + objectMap["etag"] = tiim.Etag + } + if tiim.Kind != "" { + objectMap["kind"] = tiim.Kind } return json.Marshal(objectMap) } -// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { - return nil, false -} - -// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { - return nil, false -} - -// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { - return nil, false -} - -// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { - return nil, false +// AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool) { + return &tiim, true } -// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { +// AsThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceResource() (*ThreatIntelligenceResource, bool) { return nil, false } -// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { - return nil, false +// AsBasicThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceResource() (BasicThreatIntelligenceResource, bool) { + return &tiim, true } -// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { - return &tcr, true +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorModel struct. +func (tiim *ThreatIntelligenceIndicatorModel) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var threatIntelligenceIndicatorProperties ThreatIntelligenceIndicatorProperties + err = json.Unmarshal(*v, &threatIntelligenceIndicatorProperties) + if err != nil { + return err + } + tiim.ThreatIntelligenceIndicatorProperties = &threatIntelligenceIndicatorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + tiim.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + tiim.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + tiim.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + tiim.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicThreatIntelligenceResource + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + tiim.Kind = kind + } + } + } + + return nil } -// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { - return nil, false +// ThreatIntelligenceIndicatorProperties describes threat intelligence entity properties +type ThreatIntelligenceIndicatorProperties struct { + // ThreatIntelligenceTags - List of tags + ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"` + // LastUpdatedTimeUtc - Last updated time in UTC + LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"` + // Source - Source of a threat intelligence entity + Source *string `json:"source,omitempty"` + // DisplayName - Display name of a threat intelligence entity + DisplayName *string `json:"displayName,omitempty"` + // Description - Description of a threat intelligence entity + Description *string `json:"description,omitempty"` + // IndicatorTypes - Indicator types of threat intelligence entities + IndicatorTypes *[]string `json:"indicatorTypes,omitempty"` + // Pattern - Pattern of a threat intelligence entity + Pattern *string `json:"pattern,omitempty"` + // PatternType - Pattern type of a threat intelligence entity + PatternType *string `json:"patternType,omitempty"` + // KillChainPhases - Kill chain phases + KillChainPhases *[]ThreatIntelligenceKillChainPhase `json:"killChainPhases,omitempty"` + // ExternalID - External ID of threat intelligence entity + ExternalID *string `json:"externalId,omitempty"` + // CreatedByRef - Created by reference of threat intelligence entity + CreatedByRef *string `json:"createdByRef,omitempty"` + // ExternalReferences - External References + ExternalReferences *[]string `json:"externalReferences,omitempty"` + // GranularMarkings - Granular Markings + GranularMarkings *[]ThreatIntelligenceGranularMarkingModel `json:"granularMarkings,omitempty"` + // Revoked - Is threat intelligence entity revoked + Revoked *bool `json:"revoked,omitempty"` + // Confidence - Confidence of threat intelligence entity + Confidence *int32 `json:"confidence,omitempty"` + // Labels - Labels of threat intelligence entity + Labels *[]string `json:"labels,omitempty"` + // ThreatTypes - Threat types + ThreatTypes *[]string `json:"threatTypes,omitempty"` + // ValidFrom - Valid from + ValidFrom *string `json:"validFrom,omitempty"` + // ValidUntil - Valid until + ValidUntil *string `json:"validUntil,omitempty"` + // Created - Created by + Created *string `json:"created,omitempty"` + // Modified - Modified by + Modified *string `json:"modified,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } -// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { - return nil, false +// MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorProperties. +func (tiip ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if tiip.ThreatIntelligenceTags != nil { + objectMap["threatIntelligenceTags"] = tiip.ThreatIntelligenceTags + } + if tiip.LastUpdatedTimeUtc != nil { + objectMap["lastUpdatedTimeUtc"] = tiip.LastUpdatedTimeUtc + } + if tiip.Source != nil { + objectMap["source"] = tiip.Source + } + if tiip.DisplayName != nil { + objectMap["displayName"] = tiip.DisplayName + } + if tiip.Description != nil { + objectMap["description"] = tiip.Description + } + if tiip.IndicatorTypes != nil { + objectMap["indicatorTypes"] = tiip.IndicatorTypes + } + if tiip.Pattern != nil { + objectMap["pattern"] = tiip.Pattern + } + if tiip.PatternType != nil { + objectMap["patternType"] = tiip.PatternType + } + if tiip.KillChainPhases != nil { + objectMap["killChainPhases"] = tiip.KillChainPhases + } + if tiip.ExternalID != nil { + objectMap["externalId"] = tiip.ExternalID + } + if tiip.CreatedByRef != nil { + objectMap["createdByRef"] = tiip.CreatedByRef + } + if tiip.ExternalReferences != nil { + objectMap["externalReferences"] = tiip.ExternalReferences + } + if tiip.GranularMarkings != nil { + objectMap["granularMarkings"] = tiip.GranularMarkings + } + if tiip.Revoked != nil { + objectMap["revoked"] = tiip.Revoked + } + if tiip.Confidence != nil { + objectMap["confidence"] = tiip.Confidence + } + if tiip.Labels != nil { + objectMap["labels"] = tiip.Labels + } + if tiip.ThreatTypes != nil { + objectMap["threatTypes"] = tiip.ThreatTypes + } + if tiip.ValidFrom != nil { + objectMap["validFrom"] = tiip.ValidFrom + } + if tiip.ValidUntil != nil { + objectMap["validUntil"] = tiip.ValidUntil + } + if tiip.Created != nil { + objectMap["created"] = tiip.Created + } + if tiip.Modified != nil { + objectMap["modified"] = tiip.Modified + } + return json.Marshal(objectMap) } -// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { - return &tcr, true +// ThreatIntelligenceIndicatorWithoutReadOnlyFields threat intelligence indicator entity. +type ThreatIntelligenceIndicatorWithoutReadOnlyFields struct { + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties + *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"` + // Kind - The kind of the entity. + Kind *string `json:"kind,omitempty"` } -// UnmarshalJSON is the custom unmarshaler for TICheckRequirements struct. -func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error { +// MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorWithoutReadOnlyFields. +func (tiiwrof ThreatIntelligenceIndicatorWithoutReadOnlyFields) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if tiiwrof.Etag != nil { + objectMap["etag"] = tiiwrof.Etag + } + if tiiwrof.ThreatIntelligenceIndicatorProperties != nil { + objectMap["properties"] = tiiwrof.ThreatIntelligenceIndicatorProperties + } + if tiiwrof.Kind != nil { + objectMap["kind"] = tiiwrof.Kind + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorWithoutReadOnlyFields struct. +func (tiiwrof *ThreatIntelligenceIndicatorWithoutReadOnlyFields) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -11814,23 +12667,32 @@ func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error { } for k, v := range m { switch k { + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + tiiwrof.Etag = &etag + } case "properties": if v != nil { - var tICheckRequirementsProperties TICheckRequirementsProperties - err = json.Unmarshal(*v, &tICheckRequirementsProperties) + var threatIntelligenceIndicatorProperties ThreatIntelligenceIndicatorProperties + err = json.Unmarshal(*v, &threatIntelligenceIndicatorProperties) if err != nil { return err } - tcr.TICheckRequirementsProperties = &tICheckRequirementsProperties + tiiwrof.ThreatIntelligenceIndicatorProperties = &threatIntelligenceIndicatorProperties } case "kind": if v != nil { - var kind KindBasicDataConnectorsCheckRequirements + var kind string err = json.Unmarshal(*v, &kind) if err != nil { return err } - tcr.Kind = kind + tiiwrof.Kind = &kind } } } @@ -11838,16 +12700,56 @@ func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error { return nil } -// TICheckRequirementsProperties TI (Threat Intelligence) requirements check properties. -type TICheckRequirementsProperties struct { - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` +// ThreatIntelligenceKillChainPhase describes threat kill chain phase entity +type ThreatIntelligenceKillChainPhase struct { + // KillChainName - Kill chainName name + KillChainName *string `json:"killChainName,omitempty"` + // PhaseName - Phase name + PhaseName *int32 `json:"phaseName,omitempty"` } -// TIDataConnector represents threat intelligence data connector. -type TIDataConnector struct { - // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. - *TIDataConnectorProperties `json:"properties,omitempty"` +// ThreatIntelligenceMetric describes threat intelligence metric +type ThreatIntelligenceMetric struct { + // LastUpdatedTimeUtc - Time Metric + LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"` + // ThreatTypeMetrics - Threat type metrics + ThreatTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"threatTypeMetrics,omitempty"` + // PatternTypeMetrics - Pattern type metrics + PatternTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"patternTypeMetrics,omitempty"` + // SourceMetrics - Source metrics + SourceMetrics *[]ThreatIntelligenceMetricEntity `json:"sourceMetrics,omitempty"` +} + +// ThreatIntelligenceMetricEntity describes threat intelligence metric entity +type ThreatIntelligenceMetricEntity struct { + // MetricName - Metric name + MetricName *string `json:"metricName,omitempty"` + // MetricValue - Metric value + MetricValue *int32 `json:"metricValue,omitempty"` +} + +// ThreatIntelligenceMetricResource threat intelligence metric resource. +type ThreatIntelligenceMetricResource struct { + // Properties - Threat intelligence metric. + Properties *ThreatIntelligenceMetric `json:"properties,omitempty"` +} + +// ThreatIntelligenceMetricResourceList list of all the threat intelligence metric resource. +type ThreatIntelligenceMetricResourceList struct { + autorest.Response `json:"-"` + // Value - Array of threat intelligence metrics resource. + Value *[]ThreatIntelligenceMetricResource `json:"value,omitempty"` +} + +// BasicThreatIntelligenceResource threat intelligence resource. +type BasicThreatIntelligenceResource interface { + AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool) + AsThreatIntelligenceResource() (*ThreatIntelligenceResource, bool) +} + +// ThreatIntelligenceResource threat intelligence resource. +type ThreatIntelligenceResource struct { + autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name @@ -11856,83 +12758,101 @@ type TIDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindThreatIntelligenceResource', 'KindIndicator' + Kind KindBasicThreatIntelligenceResource `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for TIDataConnector. -func (tdc TIDataConnector) MarshalJSON() ([]byte, error) { - tdc.Kind = KindThreatIntelligence - objectMap := make(map[string]interface{}) - if tdc.TIDataConnectorProperties != nil { - objectMap["properties"] = tdc.TIDataConnectorProperties - } - if tdc.Etag != nil { - objectMap["etag"] = tdc.Etag - } - if tdc.Kind != "" { - objectMap["kind"] = tdc.Kind +func unmarshalBasicThreatIntelligenceResource(body []byte) (BasicThreatIntelligenceResource, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err } - return json.Marshal(objectMap) -} - -// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return nil, false -} -// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false + switch m["kind"] { + case string(KindIndicator): + var tiim ThreatIntelligenceIndicatorModel + err := json.Unmarshal(body, &tiim) + return tiim, err + default: + var tir ThreatIntelligenceResource + err := json.Unmarshal(body, &tir) + return tir, err + } } +func unmarshalBasicThreatIntelligenceResourceArray(body []byte) ([]BasicThreatIntelligenceResource, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } -// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { - return nil, false -} + tirArray := make([]BasicThreatIntelligenceResource, len(rawMessages)) -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false + for index, rawMessage := range rawMessages { + tir, err := unmarshalBasicThreatIntelligenceResource(*rawMessage) + if err != nil { + return nil, err + } + tirArray[index] = tir + } + return tirArray, nil } -// AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return nil, false +// MarshalJSON is the custom marshaler for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) MarshalJSON() ([]byte, error) { + tir.Kind = KindThreatIntelligenceResource + objectMap := make(map[string]interface{}) + if tir.Etag != nil { + objectMap["etag"] = tir.Etag + } + if tir.Kind != "" { + objectMap["kind"] = tir.Kind + } + return json.Marshal(objectMap) } -// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool) { return nil, false } -// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false +// AsThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) AsThreatIntelligenceResource() (*ThreatIntelligenceResource, bool) { + return &tir, true } -// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return &tdc, true +// AsBasicThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) AsBasicThreatIntelligenceResource() (BasicThreatIntelligenceResource, bool) { + return &tir, true } -// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { - return nil, false +// ThreatIntelligenceResourceKind1 describes an entity with kind. +type ThreatIntelligenceResourceKind1 struct { + // Kind - The kind of the entity. + Kind *string `json:"kind,omitempty"` } -// AsDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { - return nil, false +// ThreatIntelligenceResourceList list of all the threat intelligence entities. +type ThreatIntelligenceResourceList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of entities. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of threat intelligence entities. + Value *[]BasicThreatIntelligenceResource `json:"value,omitempty"` } -// AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &tdc, true +// MarshalJSON is the custom marshaler for ThreatIntelligenceResourceList. +func (tirl ThreatIntelligenceResourceList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if tirl.Value != nil { + objectMap["value"] = tirl.Value + } + return json.Marshal(objectMap) } -// UnmarshalJSON is the custom unmarshaler for TIDataConnector struct. -func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceResourceList struct. +func (tirl *ThreatIntelligenceResourceList) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -11940,159 +12860,272 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { } for k, v := range m { switch k { - case "properties": - if v != nil { - var tIDataConnectorProperties TIDataConnectorProperties - err = json.Unmarshal(*v, &tIDataConnectorProperties) - if err != nil { - return err - } - tdc.TIDataConnectorProperties = &tIDataConnectorProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - tdc.ID = &ID - } - case "name": + case "nextLink": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var nextLink string + err = json.Unmarshal(*v, &nextLink) if err != nil { return err } - tdc.Name = &name + tirl.NextLink = &nextLink } - case "type": + case "value": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + value, err := unmarshalBasicThreatIntelligenceResourceArray(*v) if err != nil { return err } - tdc.Type = &typeVar + tirl.Value = &value } - case "etag": - if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) - if err != nil { - return err - } - tdc.Etag = &etag + } + } + + return nil +} + +// ThreatIntelligenceResourceListIterator provides access to a complete listing of ThreatIntelligenceResource +// values. +type ThreatIntelligenceResourceListIterator struct { + i int + page ThreatIntelligenceResourceListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *ThreatIntelligenceResourceListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceResourceListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode } - case "kind": - if v != nil { - var kind KindBasicDataConnector - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - tdc.Kind = kind + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *ThreatIntelligenceResourceListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter ThreatIntelligenceResourceListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter ThreatIntelligenceResourceListIterator) Response() ThreatIntelligenceResourceList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter ThreatIntelligenceResourceListIterator) Value() BasicThreatIntelligenceResource { + if !iter.page.NotDone() { + return ThreatIntelligenceResource{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the ThreatIntelligenceResourceListIterator type. +func NewThreatIntelligenceResourceListIterator(page ThreatIntelligenceResourceListPage) ThreatIntelligenceResourceListIterator { + return ThreatIntelligenceResourceListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (tirl ThreatIntelligenceResourceList) IsEmpty() bool { + return tirl.Value == nil || len(*tirl.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (tirl ThreatIntelligenceResourceList) hasNextLink() bool { + return tirl.NextLink != nil && len(*tirl.NextLink) != 0 +} + +// threatIntelligenceResourceListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (tirl ThreatIntelligenceResourceList) threatIntelligenceResourceListPreparer(ctx context.Context) (*http.Request, error) { + if !tirl.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(tirl.NextLink))) +} + +// ThreatIntelligenceResourceListPage contains a page of BasicThreatIntelligenceResource values. +type ThreatIntelligenceResourceListPage struct { + fn func(context.Context, ThreatIntelligenceResourceList) (ThreatIntelligenceResourceList, error) + tirl ThreatIntelligenceResourceList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *ThreatIntelligenceResourceListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceResourceListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.tirl) + if err != nil { + return err + } + page.tirl = next + if !next.hasNextLink() || !next.IsEmpty() { + break } } - return nil } -// TIDataConnectorDataTypes the available data types for TI (Threat Intelligence) data connector. -type TIDataConnectorDataTypes struct { - // Indicators - Data type for indicators connection. - Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *ThreatIntelligenceResourceListPage) Next() error { + return page.NextWithContext(context.Background()) } -// TIDataConnectorDataTypesIndicators data type for indicators connection. -type TIDataConnectorDataTypesIndicators struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page ThreatIntelligenceResourceListPage) NotDone() bool { + return !page.tirl.IsEmpty() } -// TIDataConnectorProperties TI (Threat Intelligence) data connector properties. -type TIDataConnectorProperties struct { - // DataTypes - The available data types for the connector. - DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"` - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` +// Response returns the raw server response from the last page request. +func (page ThreatIntelligenceResourceListPage) Response() ThreatIntelligenceResourceList { + return page.tirl } -// TiTaxiiCheckRequirements represents threat intelligence requirements check request. -type TiTaxiiCheckRequirements struct { - // TiTaxiiCheckRequirementsProperties - Ti Taxii (Threat Intelligence Taxii) requirements check properties. - *TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' +// Values returns the slice of values for the current page or nil if there are no values. +func (page ThreatIntelligenceResourceListPage) Values() []BasicThreatIntelligenceResource { + if page.tirl.IsEmpty() { + return nil + } + return *page.tirl.Value +} + +// Creates a new instance of the ThreatIntelligenceResourceListPage type. +func NewThreatIntelligenceResourceListPage(getNextPage func(context.Context, ThreatIntelligenceResourceList) (ThreatIntelligenceResourceList, error)) ThreatIntelligenceResourceListPage { + return ThreatIntelligenceResourceListPage{fn: getNextPage} +} + +// ThreatIntelligenceResourceModel ... +type ThreatIntelligenceResourceModel struct { + autorest.Response `json:"-"` + Value BasicThreatIntelligenceResource `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceResourceModel struct. +func (tirm *ThreatIntelligenceResourceModel) UnmarshalJSON(body []byte) error { + tir, err := unmarshalBasicThreatIntelligenceResource(body) + if err != nil { + return err + } + tirm.Value = tir + + return nil +} + +// TICheckRequirements represents threat intelligence requirements check request. +type TICheckRequirements struct { + // TICheckRequirementsProperties - TI (Threat Intelligence) requirements check properties. + *TICheckRequirementsProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error) { - ttcr.Kind = KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii +// MarshalJSON is the custom marshaler for TICheckRequirements. +func (tcr TICheckRequirements) MarshalJSON() ([]byte, error) { + tcr.Kind = KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence objectMap := make(map[string]interface{}) - if ttcr.TiTaxiiCheckRequirementsProperties != nil { - objectMap["properties"] = ttcr.TiTaxiiCheckRequirementsProperties + if tcr.TICheckRequirementsProperties != nil { + objectMap["properties"] = tcr.TICheckRequirementsProperties } - if ttcr.Kind != "" { - objectMap["kind"] = ttcr.Kind + if tcr.Kind != "" { + objectMap["kind"] = tcr.Kind } return json.Marshal(objectMap) } -// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { +// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { return nil, false } -// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { +// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { return nil, false } -// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { +// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { return nil, false } -// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { +// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { return nil, false } -// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { +// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { return nil, false } -// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { +// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { return nil, false } -// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { return nil, false } -// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { - return &ttcr, true +// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { + return &tcr, true } -// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { +// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { return nil, false } -// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { - return &ttcr, true +// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for TiTaxiiCheckRequirements struct. -func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error { +// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { + return &tcr, true +} + +// UnmarshalJSON is the custom unmarshaler for TICheckRequirements struct. +func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -12102,12 +13135,12 @@ func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var tiTaxiiCheckRequirementsProperties TiTaxiiCheckRequirementsProperties - err = json.Unmarshal(*v, &tiTaxiiCheckRequirementsProperties) + var tICheckRequirementsProperties TICheckRequirementsProperties + err = json.Unmarshal(*v, &tICheckRequirementsProperties) if err != nil { return err } - ttcr.TiTaxiiCheckRequirementsProperties = &tiTaxiiCheckRequirementsProperties + tcr.TICheckRequirementsProperties = &tICheckRequirementsProperties } case "kind": if v != nil { @@ -12116,7 +13149,7 @@ func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error { if err != nil { return err } - ttcr.Kind = kind + tcr.Kind = kind } } } @@ -12124,16 +13157,16 @@ func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error { return nil } -// TiTaxiiCheckRequirementsProperties threat Intelligence taxii client data connector properties. -type TiTaxiiCheckRequirementsProperties struct { +// TICheckRequirementsProperties TI (Threat Intelligence) requirements check properties. +type TICheckRequirementsProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` } -// TiTaxiiDataConnector represents threat intelligence taxii data connector. -type TiTaxiiDataConnector struct { - // TiTaxiiDataConnectorProperties - Threat intelligence taxii client data connector properties. - *TiTaxiiDataConnectorProperties `json:"properties,omitempty"` +// TIDataConnector represents threat intelligence data connector. +type TIDataConnector struct { + // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. + *TIDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name @@ -12142,83 +13175,88 @@ type TiTaxiiDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) MarshalJSON() ([]byte, error) { - ttdc.Kind = KindThreatIntelligenceTaxii +// MarshalJSON is the custom marshaler for TIDataConnector. +func (tdc TIDataConnector) MarshalJSON() ([]byte, error) { + tdc.Kind = KindThreatIntelligence objectMap := make(map[string]interface{}) - if ttdc.TiTaxiiDataConnectorProperties != nil { - objectMap["properties"] = ttdc.TiTaxiiDataConnectorProperties + if tdc.TIDataConnectorProperties != nil { + objectMap["properties"] = tdc.TIDataConnectorProperties } - if ttdc.Etag != nil { - objectMap["etag"] = ttdc.Etag + if tdc.Etag != nil { + objectMap["etag"] = tdc.Etag } - if ttdc.Kind != "" { - objectMap["kind"] = ttdc.Kind + if tdc.Kind != "" { + objectMap["kind"] = tdc.Kind } return json.Marshal(objectMap) } -// AsAADDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false +// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsOfficeDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsOfficeATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } -// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { - return &ttdc, true +// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return &tdc, true } -// AsDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &ttdc, true +// AsDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for TiTaxiiDataConnector struct. -func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { +// AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &tdc, true +} + +// UnmarshalJSON is the custom unmarshaler for TIDataConnector struct. +func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -12228,12 +13266,12 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var tiTaxiiDataConnectorProperties TiTaxiiDataConnectorProperties - err = json.Unmarshal(*v, &tiTaxiiDataConnectorProperties) + var tIDataConnectorProperties TIDataConnectorProperties + err = json.Unmarshal(*v, &tIDataConnectorProperties) if err != nil { return err } - ttdc.TiTaxiiDataConnectorProperties = &tiTaxiiDataConnectorProperties + tdc.TIDataConnectorProperties = &tIDataConnectorProperties } case "id": if v != nil { @@ -12242,7 +13280,7 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - ttdc.ID = &ID + tdc.ID = &ID } case "name": if v != nil { @@ -12251,7 +13289,7 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - ttdc.Name = &name + tdc.Name = &name } case "type": if v != nil { @@ -12260,7 +13298,7 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - ttdc.Type = &typeVar + tdc.Type = &typeVar } case "etag": if v != nil { @@ -12269,7 +13307,7 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - ttdc.Etag = &etag + tdc.Etag = &etag } case "kind": if v != nil { @@ -12278,7 +13316,7 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - ttdc.Kind = kind + tdc.Kind = kind } } } @@ -12286,157 +13324,104 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { return nil } -// TiTaxiiDataConnectorDataTypes the available data types for Threat Intelligence taxii client data connector. -type TiTaxiiDataConnectorDataTypes struct { - // TaxiiClient - Data type for taxii client. - TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"` +// TIDataConnectorDataTypes the available data types for TI (Threat Intelligence) data connector. +type TIDataConnectorDataTypes struct { + // Indicators - Data type for indicators connection. + Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` } -// TiTaxiiDataConnectorDataTypesTaxiiClient data type for taxii client. -type TiTaxiiDataConnectorDataTypesTaxiiClient struct { +// TIDataConnectorDataTypesIndicators data type for indicators connection. +type TIDataConnectorDataTypesIndicators struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` } -// TiTaxiiDataConnectorProperties threat Intelligence taxii client data connector properties. -type TiTaxiiDataConnectorProperties struct { - // WorkspaceID - The workspace id. - WorkspaceID *string `json:"workspaceId,omitempty"` - // FriendlyName - The friendly name for taxii client connector. - FriendlyName *string `json:"friendlyName,omitempty"` - // TaxiiServer - The API root server for taxii client. - TaxiiServer *string `json:"taxiiServer,omitempty"` - // CollectionID - The taxii collection id. - CollectionID *string `json:"collectionId,omitempty"` - // UserName - The taxii server user name. - UserName *string `json:"userName,omitempty"` - // Password - The taxii server password. - Password *string `json:"password,omitempty"` +// TIDataConnectorProperties TI (Threat Intelligence) data connector properties. +type TIDataConnectorProperties struct { // DataTypes - The available data types for the connector. - DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"` + DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"` // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` } -// URLEntity represents a url entity. -type URLEntity struct { - // URLEntityProperties - Url entity properties - *URLEntityProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' - Kind KindBasicEntity `json:"kind,omitempty"` +// TiTaxiiCheckRequirements represents threat intelligence requirements check request. +type TiTaxiiCheckRequirements struct { + // TiTaxiiCheckRequirementsProperties - Ti Taxii (Threat Intelligence Taxii) requirements check properties. + *TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for URLEntity. -func (ue URLEntity) MarshalJSON() ([]byte, error) { - ue.Kind = KindURL +// MarshalJSON is the custom marshaler for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error) { + ttcr.Kind = KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii objectMap := make(map[string]interface{}) - if ue.URLEntityProperties != nil { - objectMap["properties"] = ue.URLEntityProperties + if ttcr.TiTaxiiCheckRequirementsProperties != nil { + objectMap["properties"] = ttcr.TiTaxiiCheckRequirementsProperties } - if ue.Kind != "" { - objectMap["kind"] = ue.Kind + if ttcr.Kind != "" { + objectMap["kind"] = ttcr.Kind } return json.Marshal(objectMap) } -// AsAccountEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { +// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { +// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { return nil, false } -// AsProcessEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool) { +// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false } -// AsURLEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsURLEntity() (*URLEntity, bool) { - return &ue, true -} - -// AsIoTDeviceEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) { - return nil, false +// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { + return &ttcr, true } -// AsEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsEntity() (*Entity, bool) { +// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { return nil, false } -// AsBasicEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsBasicEntity() (BasicEntity, bool) { - return &ue, true +// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { + return &ttcr, true } -// UnmarshalJSON is the custom unmarshaler for URLEntity struct. -func (ue *URLEntity) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for TiTaxiiCheckRequirements struct. +func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -12446,48 +13431,21 @@ func (ue *URLEntity) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var URLEntityProperties URLEntityProperties - err = json.Unmarshal(*v, &URLEntityProperties) - if err != nil { - return err - } - ue.URLEntityProperties = &URLEntityProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - ue.ID = &ID - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - ue.Name = &name - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var tiTaxiiCheckRequirementsProperties TiTaxiiCheckRequirementsProperties + err = json.Unmarshal(*v, &tiTaxiiCheckRequirementsProperties) if err != nil { return err } - ue.Type = &typeVar + ttcr.TiTaxiiCheckRequirementsProperties = &tiTaxiiCheckRequirementsProperties } case "kind": if v != nil { - var kind KindBasicEntity + var kind KindBasicDataConnectorsCheckRequirements err = json.Unmarshal(*v, &kind) if err != nil { return err } - ue.Kind = kind + ttcr.Kind = kind } } } @@ -12495,37 +13453,929 @@ func (ue *URLEntity) UnmarshalJSON(body []byte) error { return nil } -// URLEntityProperties url entity property bag. -type URLEntityProperties struct { - // URL - READ-ONLY; A full URL the entity points to - URL *string `json:"url,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. +// TiTaxiiCheckRequirementsProperties threat Intelligence taxii client data connector properties. +type TiTaxiiCheckRequirementsProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// TiTaxiiDataConnector represents threat intelligence taxii data connector. +type TiTaxiiDataConnector struct { + // TiTaxiiDataConnectorProperties - Threat intelligence taxii client data connector properties. + *TiTaxiiDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) MarshalJSON() ([]byte, error) { + ttdc.Kind = KindThreatIntelligenceTaxii + objectMap := make(map[string]interface{}) + if ttdc.TiTaxiiDataConnectorProperties != nil { + objectMap["properties"] = ttdc.TiTaxiiDataConnectorProperties + } + if ttdc.Etag != nil { + objectMap["etag"] = ttdc.Etag + } + if ttdc.Kind != "" { + objectMap["kind"] = ttdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return &ttdc, true +} + +// AsDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &ttdc, true +} + +// UnmarshalJSON is the custom unmarshaler for TiTaxiiDataConnector struct. +func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var tiTaxiiDataConnectorProperties TiTaxiiDataConnectorProperties + err = json.Unmarshal(*v, &tiTaxiiDataConnectorProperties) + if err != nil { + return err + } + ttdc.TiTaxiiDataConnectorProperties = &tiTaxiiDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ttdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ttdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ttdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ttdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ttdc.Kind = kind + } + } + } + + return nil +} + +// TiTaxiiDataConnectorDataTypes the available data types for Threat Intelligence taxii client data connector. +type TiTaxiiDataConnectorDataTypes struct { + // TaxiiClient - Data type for taxii client. + TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"` +} + +// TiTaxiiDataConnectorDataTypesTaxiiClient data type for taxii client. +type TiTaxiiDataConnectorDataTypesTaxiiClient struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// TiTaxiiDataConnectorProperties threat Intelligence taxii client data connector properties. +type TiTaxiiDataConnectorProperties struct { + // WorkspaceID - The workspace id. + WorkspaceID *string `json:"workspaceId,omitempty"` + // FriendlyName - The friendly name for taxii client connector. + FriendlyName *string `json:"friendlyName,omitempty"` + // TaxiiServer - The API root server for taxii client. + TaxiiServer *string `json:"taxiiServer,omitempty"` + // CollectionID - The taxii collection id. + CollectionID *string `json:"collectionId,omitempty"` + // UserName - The taxii server user name. + UserName *string `json:"userName,omitempty"` + // Password - The taxii server password. + Password *string `json:"password,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// Ueba settings with single toggle. +type Ueba struct { + // UebaProperties - Ueba properties + *UebaProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' + Kind KindBasicSettings `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for Ueba. +func (u Ueba) MarshalJSON() ([]byte, error) { + u.Kind = KindUeba + objectMap := make(map[string]interface{}) + if u.UebaProperties != nil { + objectMap["properties"] = u.UebaProperties + } + if u.Etag != nil { + objectMap["etag"] = u.Etag + } + if u.Kind != "" { + objectMap["kind"] = u.Kind + } + return json.Marshal(objectMap) +} + +// AsEyesOn is the BasicSettings implementation for Ueba. +func (u Ueba) AsEyesOn() (*EyesOn, bool) { + return nil, false +} + +// AsEntityAnalytics is the BasicSettings implementation for Ueba. +func (u Ueba) AsEntityAnalytics() (*EntityAnalytics, bool) { + return nil, false +} + +// AsUeba is the BasicSettings implementation for Ueba. +func (u Ueba) AsUeba() (*Ueba, bool) { + return &u, true +} + +// AsSettings is the BasicSettings implementation for Ueba. +func (u Ueba) AsSettings() (*Settings, bool) { + return nil, false +} + +// AsBasicSettings is the BasicSettings implementation for Ueba. +func (u Ueba) AsBasicSettings() (BasicSettings, bool) { + return &u, true +} + +// UnmarshalJSON is the custom unmarshaler for Ueba struct. +func (u *Ueba) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var uebaProperties UebaProperties + err = json.Unmarshal(*v, &uebaProperties) + if err != nil { + return err + } + u.UebaProperties = &uebaProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + u.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + u.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + u.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + u.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicSettings + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + u.Kind = kind + } + } + } + + return nil +} + +// UebaProperties ueba property bag. +type UebaProperties struct { + // DataSources - The relevant data sources that enriched by ueba + DataSources *[]UebaDataSources `json:"dataSources,omitempty"` +} + +// URLEntity represents a url entity. +type URLEntity struct { + // URLEntityProperties - Url entity properties + *URLEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for URLEntity. +func (ue URLEntity) MarshalJSON() ([]byte, error) { + ue.Kind = KindURL + objectMap := make(map[string]interface{}) + if ue.URLEntityProperties != nil { + objectMap["properties"] = ue.URLEntityProperties + } + if ue.Kind != "" { + objectMap["kind"] = ue.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsURLEntity() (*URLEntity, bool) { + return &ue, true +} + +// AsIoTDeviceEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsBasicEntity() (BasicEntity, bool) { + return &ue, true +} + +// UnmarshalJSON is the custom unmarshaler for URLEntity struct. +func (ue *URLEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var URLEntityProperties URLEntityProperties + err = json.Unmarshal(*v, &URLEntityProperties) + if err != nil { + return err + } + ue.URLEntityProperties = &URLEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ue.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ue.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ue.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ue.Kind = kind + } + } + } + + return nil +} + +// URLEntityProperties url entity property bag. +type URLEntityProperties struct { + // URL - READ-ONLY; A full URL the entity points to + URL *string `json:"url,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` } -// MarshalJSON is the custom marshaler for URLEntityProperties. -func (uep URLEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for URLEntityProperties. +func (uep URLEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// UserInfo user information that made some action +type UserInfo struct { + // Email - READ-ONLY; The email of the user. + Email *string `json:"email,omitempty"` + // Name - READ-ONLY; The name of the user. + Name *string `json:"name,omitempty"` + // ObjectID - The object id of the user. + ObjectID *uuid.UUID `json:"objectId,omitempty"` +} + +// MarshalJSON is the custom marshaler for UserInfo. +func (UI UserInfo) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if UI.ObjectID != nil { + objectMap["objectId"] = UI.ObjectID + } + return json.Marshal(objectMap) +} + +// Watchlist represents a Watchlist in Azure Security Insights. +type Watchlist struct { + autorest.Response `json:"-"` + // WatchlistProperties - Watchlist properties + *WatchlistProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for Watchlist. +func (w Watchlist) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) + if w.WatchlistProperties != nil { + objectMap["properties"] = w.WatchlistProperties + } + if w.Etag != nil { + objectMap["etag"] = w.Etag + } return json.Marshal(objectMap) } -// UserInfo user information that made some action -type UserInfo struct { - // Email - READ-ONLY; The email of the user. - Email *string `json:"email,omitempty"` - // Name - READ-ONLY; The name of the user. +// UnmarshalJSON is the custom unmarshaler for Watchlist struct. +func (w *Watchlist) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var watchlistProperties WatchlistProperties + err = json.Unmarshal(*v, &watchlistProperties) + if err != nil { + return err + } + w.WatchlistProperties = &watchlistProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + w.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + w.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + w.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + w.Etag = &etag + } + } + } + + return nil +} + +// WatchlistItem represents a Watchlist Item in Azure Security Insights. +type WatchlistItem struct { + // WatchlistItemProperties - Watchlist item properties + *WatchlistItemProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // ObjectID - The object id of the user. - ObjectID *uuid.UUID `json:"objectId,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } -// MarshalJSON is the custom marshaler for UserInfo. -func (UI UserInfo) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for WatchlistItem. +func (wi WatchlistItem) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - if UI.ObjectID != nil { - objectMap["objectId"] = UI.ObjectID + if wi.WatchlistItemProperties != nil { + objectMap["properties"] = wi.WatchlistItemProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for WatchlistItem struct. +func (wi *WatchlistItem) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var watchlistItemProperties WatchlistItemProperties + err = json.Unmarshal(*v, &watchlistItemProperties) + if err != nil { + return err + } + wi.WatchlistItemProperties = &watchlistItemProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + wi.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + wi.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + wi.Type = &typeVar + } + } + } + + return nil +} + +// WatchlistItemProperties describes watchlist item properties +type WatchlistItemProperties struct { + // CreatedBy - Describes a user that created the watchlist + CreatedBy *UserInfo `json:"createdBy,omitempty"` + // UpdatedBy - Describes a user that updated the watchlist + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` + // WatchlistItemName - Name of the watchlist item + WatchlistItemName *string `json:"watchlistItemName,omitempty"` + // WatchlistItemPair - A key-value pair for a watchlist item + WatchlistItemPair interface{} `json:"watchlistItemPair,omitempty"` + // EntityMapping - A key-value pair for a watchlist item entity mapping + EntityMapping interface{} `json:"entityMapping,omitempty"` + // TenantID - The tenantId to which this watchlist item belongs to + TenantID *string `json:"tenantId,omitempty"` + // CreatedTimeUtc - The time the watchlist item was created + CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // LastUpdatedTimeUtc - The last time the watchlist item was updated + LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` + // TimeToLiveUtc - The time to live for the watchlist item + TimeToLiveUtc *date.Time `json:"timeToLiveUtc,omitempty"` + // WatchlistItemType - The type of the watchlist item + WatchlistItemType *string `json:"watchlistItemType,omitempty"` + // WatchlistID - The watchlist id of the parent of this watchlist item + WatchlistID *string `json:"watchlistId,omitempty"` +} + +// WatchlistList list all the watchlists. +type WatchlistList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of watchlists. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of watchlist. + Value *[]Watchlist `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for WatchlistList. +func (wl WatchlistList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if wl.Value != nil { + objectMap["value"] = wl.Value } return json.Marshal(objectMap) } + +// WatchlistListIterator provides access to a complete listing of Watchlist values. +type WatchlistListIterator struct { + i int + page WatchlistListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *WatchlistListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *WatchlistListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter WatchlistListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter WatchlistListIterator) Response() WatchlistList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter WatchlistListIterator) Value() Watchlist { + if !iter.page.NotDone() { + return Watchlist{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the WatchlistListIterator type. +func NewWatchlistListIterator(page WatchlistListPage) WatchlistListIterator { + return WatchlistListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (wl WatchlistList) IsEmpty() bool { + return wl.Value == nil || len(*wl.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (wl WatchlistList) hasNextLink() bool { + return wl.NextLink != nil && len(*wl.NextLink) != 0 +} + +// watchlistListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (wl WatchlistList) watchlistListPreparer(ctx context.Context) (*http.Request, error) { + if !wl.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(wl.NextLink))) +} + +// WatchlistListPage contains a page of Watchlist values. +type WatchlistListPage struct { + fn func(context.Context, WatchlistList) (WatchlistList, error) + wl WatchlistList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *WatchlistListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.wl) + if err != nil { + return err + } + page.wl = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *WatchlistListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page WatchlistListPage) NotDone() bool { + return !page.wl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page WatchlistListPage) Response() WatchlistList { + return page.wl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page WatchlistListPage) Values() []Watchlist { + if page.wl.IsEmpty() { + return nil + } + return *page.wl.Value +} + +// Creates a new instance of the WatchlistListPage type. +func NewWatchlistListPage(getNextPage func(context.Context, WatchlistList) (WatchlistList, error)) WatchlistListPage { + return WatchlistListPage{fn: getNextPage} +} + +// WatchlistProperties describes watchlist properties +type WatchlistProperties struct { + // CreatedTimeUtc - The time the watchlist was created + CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // CreatedBy - Describes a user that created the watchlist + CreatedBy *UserInfo `json:"createdBy,omitempty"` + // DisplayName - The display name of the watchlist + DisplayName *string `json:"displayName,omitempty"` + // WatchlistType - The type of the watchlist + WatchlistType *string `json:"watchlistType,omitempty"` + // Source - The source of the watchlist. Possible values include: 'Localfile', 'Remotestorage' + Source Source `json:"source,omitempty"` + // Provider - The provider of the watchlist + Provider *string `json:"provider,omitempty"` + // Description - A description of the watchlist + Description *string `json:"description,omitempty"` + // TenantID - The tenantId where the watchlist belongs to. + TenantID *string `json:"tenantId,omitempty"` + // WorkspaceID - The workspaceId where the watchlist belongs to. + WorkspaceID *string `json:"workspaceId,omitempty"` + // Labels - List of labels relevant to this watchlist + Labels *[]string `json:"labels,omitempty"` + // Notes - The notes of the watchlist + Notes *string `json:"notes,omitempty"` + // LastUpdatedTimeUtc - The last time the watchlist was updated + LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` + // UpdatedBy - Describes a user that updated the watchlist + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` + // DefaultDuration - The default duration of a watchlist (in ISO 8601 duration format) + DefaultDuration *string `json:"defaultDuration,omitempty"` + // WatchlistItems - List of watchlist items. + WatchlistItems *[]WatchlistItem `json:"watchlistItems,omitempty"` +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go index 6532d75ba193..7feddaab598b 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go @@ -49,7 +49,7 @@ func NewProductSettingsClientWithBaseURI(baseURI string, subscriptionID string) // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -// settingsName - the setting name. Supports- EyesOn +// settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba func (client ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result autorest.Response, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/ProductSettingsClient.Delete") @@ -142,7 +142,7 @@ func (client ProductSettingsClient) DeleteResponder(resp *http.Response) (result // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -// settingsName - the setting name. Supports- EyesOn +// settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result SettingsModel, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/ProductSettingsClient.Get") @@ -328,7 +328,7 @@ func (client ProductSettingsClient) GetAllResponder(resp *http.Response) (result // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -// settingsName - the setting name. Supports- EyesOn +// settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba // settings - the setting func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (result SettingsModel, err error) { if tracing.IsEnabled() { diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go index 5361049635dc..8733dfa35534 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go @@ -23,6 +23,13 @@ import ( "github.com/Azure/go-autorest/autorest" ) +// BaseClientAPI contains the set of methods on the BaseClient type. +type BaseClientAPI interface { + CreateThreatIntelligence(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceIndicatorObjectToUpsert securityinsight.ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result securityinsight.ThreatIntelligenceResourceModel, err error) +} + +var _ BaseClientAPI = (*securityinsight.BaseClient)(nil) + // OperationsClientAPI contains the set of methods on the OperationsClient type. type OperationsClientAPI interface { List(ctx context.Context) (result securityinsight.OperationsListPage, err error) @@ -215,6 +222,7 @@ type IncidentsClientAPI interface { Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result securityinsight.Incident, err error) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentListPage, err error) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentListIterator, err error) + ListOfEntities(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result securityinsight.IncidentEntitiesResponse, err error) } var _ IncidentsClientAPI = (*securityinsight.IncidentsClient)(nil) @@ -239,3 +247,56 @@ type IncidentRelationsClientAPI interface { } var _ IncidentRelationsClientAPI = (*securityinsight.IncidentRelationsClient)(nil) + +// WatchlistsClientAPI contains the set of methods on the WatchlistsClient type. +type WatchlistsClientAPI interface { + Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist securityinsight.Watchlist) (result securityinsight.Watchlist, err error) + Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result securityinsight.Watchlist, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.WatchlistListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.WatchlistListIterator, err error) + ListBySubscription(ctx context.Context, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.WatchlistListPage, err error) + ListBySubscriptionComplete(ctx context.Context, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.WatchlistListIterator, err error) +} + +var _ WatchlistsClientAPI = (*securityinsight.WatchlistsClient)(nil) + +// ThreatIntelligenceIndicatorsClientAPI contains the set of methods on the ThreatIntelligenceIndicatorsClient type. +type ThreatIntelligenceIndicatorsClientAPI interface { + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result securityinsight.ThreatIntelligenceResourceListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result securityinsight.ThreatIntelligenceResourceListIterator, err error) +} + +var _ ThreatIntelligenceIndicatorsClientAPI = (*securityinsight.ThreatIntelligenceIndicatorsClient)(nil) + +// ThreatIntelligenceIndicatorClientAPI contains the set of methods on the ThreatIntelligenceIndicatorClient type. +type ThreatIntelligenceIndicatorClientAPI interface { + AppendTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTagsRequestBody securityinsight.ThreatIntelligenceAppendTagsRequestBody) (result autorest.Response, err error) + Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result securityinsight.ThreatIntelligenceResourceModel, err error) + ReplaceTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTagsModel securityinsight.ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result securityinsight.ThreatIntelligenceResourceModel, err error) +} + +var _ ThreatIntelligenceIndicatorClientAPI = (*securityinsight.ThreatIntelligenceIndicatorClient)(nil) + +// ThreatIntelligenceIndicatorUpsertClientAPI contains the set of methods on the ThreatIntelligenceIndicatorUpsertClient type. +type ThreatIntelligenceIndicatorUpsertClientAPI interface { + Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceIndicatorObjectToUpsert securityinsight.ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result securityinsight.ThreatIntelligenceResourceModel, err error) +} + +var _ ThreatIntelligenceIndicatorUpsertClientAPI = (*securityinsight.ThreatIntelligenceIndicatorUpsertClient)(nil) + +// ThreatIntelligenceIndicatorsListClientAPI contains the set of methods on the ThreatIntelligenceIndicatorsListClient type. +type ThreatIntelligenceIndicatorsListClientAPI interface { + Query(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery securityinsight.ThreatIntelligenceArmStixQuery) (result securityinsight.ThreatIntelligenceResourceListPage, err error) + QueryComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery securityinsight.ThreatIntelligenceArmStixQuery) (result securityinsight.ThreatIntelligenceResourceListIterator, err error) +} + +var _ ThreatIntelligenceIndicatorsListClientAPI = (*securityinsight.ThreatIntelligenceIndicatorsListClient)(nil) + +// ThreatIntelligenceIndicatorMetricsClientAPI contains the set of methods on the ThreatIntelligenceIndicatorMetricsClient type. +type ThreatIntelligenceIndicatorMetricsClientAPI interface { + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ctiEntityKind string) (result securityinsight.ThreatIntelligenceMetricResourceList, err error) +} + +var _ ThreatIntelligenceIndicatorMetricsClientAPI = (*securityinsight.ThreatIntelligenceIndicatorMetricsClient)(nil) diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicator.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicator.go new file mode 100644 index 000000000000..32e58973dfc1 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicator.go @@ -0,0 +1,425 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource +// provider +type ThreatIntelligenceIndicatorClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorClient creates an instance of the ThreatIntelligenceIndicatorClient client. +func NewThreatIntelligenceIndicatorClient(subscriptionID string) ThreatIntelligenceIndicatorClient { + return NewThreatIntelligenceIndicatorClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorClient client +// using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign +// clouds, Azure stack). +func NewThreatIntelligenceIndicatorClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorClient { + return ThreatIntelligenceIndicatorClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// AppendTags append tags to a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +// threatIntelligenceAppendTagsRequestBody - the threat intelligence append tags request body +func (client ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTagsRequestBody ThreatIntelligenceAppendTagsRequestBody) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.AppendTags") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", err.Error()) + } + + req, err := client.AppendTagsPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceAppendTagsRequestBody) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", nil, "Failure preparing request") + return + } + + resp, err := client.AppendTagsSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", resp, "Failure sending request") + return + } + + result, err = client.AppendTagsResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", resp, "Failure responding to request") + } + + return +} + +// AppendTagsPreparer prepares the AppendTags request. +func (client ThreatIntelligenceIndicatorClient) AppendTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTagsRequestBody ThreatIntelligenceAppendTagsRequestBody) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags", pathParameters), + autorest.WithJSON(threatIntelligenceAppendTagsRequestBody), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// AppendTagsSender sends the AppendTags request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) AppendTagsSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// AppendTagsResponder handles the response to the AppendTags request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) AppendTagsResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByClosing()) + result.Response = resp + return +} + +// Delete delete a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +func (client ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", resp, "Failure responding to request") + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client ThreatIntelligenceIndicatorClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets a threat intelligence indicator. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +func (client ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client ThreatIntelligenceIndicatorClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) GetResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ReplaceTags replace tags to a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +// threatIntelligenceReplaceTagsModel - the threat intelligence entity properties for updating tags +func (client ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTagsModel ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.ReplaceTags") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", err.Error()) + } + + req, err := client.ReplaceTagsPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceReplaceTagsModel) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", nil, "Failure preparing request") + return + } + + resp, err := client.ReplaceTagsSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", resp, "Failure sending request") + return + } + + result, err = client.ReplaceTagsResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", resp, "Failure responding to request") + } + + return +} + +// ReplaceTagsPreparer prepares the ReplaceTags request. +func (client ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTagsModel ThreatIntelligenceIndicatorWithoutReadOnlyFields) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags", pathParameters), + autorest.WithJSON(threatIntelligenceReplaceTagsModel), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ReplaceTagsSender sends the ReplaceTags request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) ReplaceTagsSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ReplaceTagsResponder handles the response to the ReplaceTags request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) ReplaceTagsResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatormetrics.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatormetrics.go new file mode 100644 index 000000000000..a0c43dce18be --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatormetrics.go @@ -0,0 +1,142 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorMetricsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) +// resource provider +type ThreatIntelligenceIndicatorMetricsClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorMetricsClient creates an instance of the ThreatIntelligenceIndicatorMetricsClient +// client. +func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string) ThreatIntelligenceIndicatorMetricsClient { + return NewThreatIntelligenceIndicatorMetricsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorMetricsClientWithBaseURI creates an instance of the +// ThreatIntelligenceIndicatorMetricsClient client using a custom endpoint. Use this when interacting with an Azure +// cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorMetricsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorMetricsClient { + return ThreatIntelligenceIndicatorMetricsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Get get the threat intelligence metrics. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// ctiEntityKind - the threat intelligence entity kind +func (client ThreatIntelligenceIndicatorMetricsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ctiEntityKind string) (result ThreatIntelligenceMetricResourceList, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorMetricsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, ctiEntityKind) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client ThreatIntelligenceIndicatorMetricsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ctiEntityKind string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(ctiEntityKind) > 0 { + queryParameters["ctiEntityKind"] = autorest.Encode("query", ctiEntityKind) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorMetricsClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorMetricsClient) GetResponder(resp *http.Response) (result ThreatIntelligenceMetricResourceList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicators.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicators.go new file mode 100644 index 000000000000..df15c650aed4 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicators.go @@ -0,0 +1,196 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource +// provider +type ThreatIntelligenceIndicatorsClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorsClient creates an instance of the ThreatIntelligenceIndicatorsClient client. +func NewThreatIntelligenceIndicatorsClient(subscriptionID string) ThreatIntelligenceIndicatorsClient { + return NewThreatIntelligenceIndicatorsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorsClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorsClient +// client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI +// (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorsClient { + return ThreatIntelligenceIndicatorsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// List gets all threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// filter - filters the results, based on a Boolean condition. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +// orderby - sorts the results. Optional. +func (client ThreatIntelligenceIndicatorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceResourceListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsClient.List") + defer func() { + sc := -1 + if result.tirl.Response.Response != nil { + sc = result.tirl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, top, skipToken, orderby) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.tirl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "List", resp, "Failure sending request") + return + } + + result.tirl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "List", resp, "Failure responding to request") + } + if result.tirl.hasNextLink() && result.tirl.IsEmpty() { + err = result.NextWithContext(ctx) + } + + return +} + +// ListPreparer prepares the List request. +func (client ThreatIntelligenceIndicatorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorsClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorsClient) ListResponder(resp *http.Response) (result ThreatIntelligenceResourceList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client ThreatIntelligenceIndicatorsClient) listNextResults(ctx context.Context, lastResults ThreatIntelligenceResourceList) (result ThreatIntelligenceResourceList, err error) { + req, err := lastResults.threatIntelligenceResourceListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client ThreatIntelligenceIndicatorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceResourceListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, top, skipToken, orderby) + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorslist.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorslist.go new file mode 100644 index 000000000000..7d20722c3ac5 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorslist.go @@ -0,0 +1,181 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorsListClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) +// resource provider +type ThreatIntelligenceIndicatorsListClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorsListClient creates an instance of the ThreatIntelligenceIndicatorsListClient client. +func NewThreatIntelligenceIndicatorsListClient(subscriptionID string) ThreatIntelligenceIndicatorsListClient { + return NewThreatIntelligenceIndicatorsListClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorsListClientWithBaseURI creates an instance of the +// ThreatIntelligenceIndicatorsListClient client using a custom endpoint. Use this when interacting with an Azure +// cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorsListClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorsListClient { + return ThreatIntelligenceIndicatorsListClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Query query all threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// threatIntelligenceArmStixQuery - the threat intelligence ARM STIX query +func (client ThreatIntelligenceIndicatorsListClient) Query(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery ThreatIntelligenceArmStixQuery) (result ThreatIntelligenceResourceListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsListClient.Query") + defer func() { + sc := -1 + if result.tirl.Response.Response != nil { + sc = result.tirl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", err.Error()) + } + + result.fn = client.queryNextResults + req, err := client.QueryPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceArmStixQuery) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", nil, "Failure preparing request") + return + } + + resp, err := client.QuerySender(req) + if err != nil { + result.tirl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", resp, "Failure sending request") + return + } + + result.tirl, err = client.QueryResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", resp, "Failure responding to request") + } + if result.tirl.hasNextLink() && result.tirl.IsEmpty() { + err = result.NextWithContext(ctx) + } + + return +} + +// QueryPreparer prepares the Query request. +func (client ThreatIntelligenceIndicatorsListClient) QueryPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery ThreatIntelligenceArmStixQuery) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators", pathParameters), + autorest.WithJSON(threatIntelligenceArmStixQuery), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// QuerySender sends the Query request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorsListClient) QuerySender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// QueryResponder handles the response to the Query request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorsListClient) QueryResponder(resp *http.Response) (result ThreatIntelligenceResourceList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// queryNextResults retrieves the next set of results, if any. +func (client ThreatIntelligenceIndicatorsListClient) queryNextResults(ctx context.Context, lastResults ThreatIntelligenceResourceList) (result ThreatIntelligenceResourceList, err error) { + req, err := lastResults.threatIntelligenceResourceListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "queryNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.QuerySender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "queryNextResults", resp, "Failure sending next results request") + } + result, err = client.QueryResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "queryNextResults", resp, "Failure responding to next results request") + } + return +} + +// QueryComplete enumerates all values, automatically crossing page boundaries as required. +func (client ThreatIntelligenceIndicatorsListClient) QueryComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery ThreatIntelligenceArmStixQuery) (result ThreatIntelligenceResourceListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsListClient.Query") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.Query(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceArmStixQuery) + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorupsert.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorupsert.go new file mode 100644 index 000000000000..ffe9d1351a98 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorupsert.go @@ -0,0 +1,143 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorUpsertClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) +// resource provider +type ThreatIntelligenceIndicatorUpsertClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorUpsertClient creates an instance of the ThreatIntelligenceIndicatorUpsertClient +// client. +func NewThreatIntelligenceIndicatorUpsertClient(subscriptionID string) ThreatIntelligenceIndicatorUpsertClient { + return NewThreatIntelligenceIndicatorUpsertClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorUpsertClientWithBaseURI creates an instance of the +// ThreatIntelligenceIndicatorUpsertClient client using a custom endpoint. Use this when interacting with an Azure +// cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorUpsertClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorUpsertClient { + return ThreatIntelligenceIndicatorUpsertClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Create upsert a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +// threatIntelligenceIndicatorObjectToUpsert - the threat intelligence entity properties for upsert +func (client ThreatIntelligenceIndicatorUpsertClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorUpsertClient.Create") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", err.Error()) + } + + req, err := client.CreatePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceIndicatorObjectToUpsert) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", nil, "Failure preparing request") + return + } + + resp, err := client.CreateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", resp, "Failure sending request") + return + } + + result, err = client.CreateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", resp, "Failure responding to request") + } + + return +} + +// CreatePreparer prepares the Create request. +func (client ThreatIntelligenceIndicatorUpsertClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), + autorest.WithJSON(threatIntelligenceIndicatorObjectToUpsert), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateSender sends the Create request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorUpsertClient) CreateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateResponder handles the response to the Create request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorUpsertClient) CreateResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/watchlists.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/watchlists.go new file mode 100644 index 000000000000..3d2e0ee8e68f --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/watchlists.go @@ -0,0 +1,591 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// WatchlistsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type WatchlistsClient struct { + BaseClient +} + +// NewWatchlistsClient creates an instance of the WatchlistsClient client. +func NewWatchlistsClient(subscriptionID string) WatchlistsClient { + return NewWatchlistsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewWatchlistsClientWithBaseURI creates an instance of the WatchlistsClient client using a custom endpoint. Use this +// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewWatchlistsClientWithBaseURI(baseURI string, subscriptionID string) WatchlistsClient { + return WatchlistsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Create creates a watchlist +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// watchlistAlias - watchlist Alias +// watchlist - the watchlist +func (client WatchlistsClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (result Watchlist, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.Create") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: watchlist, + Constraints: []validation.Constraint{{Target: "watchlist.WatchlistProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "watchlist.WatchlistProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "watchlist.WatchlistProperties.Provider", Name: validation.Null, Rule: true, Chain: nil}, + }}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "Create", err.Error()) + } + + req, err := client.CreatePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, watchlistAlias, watchlist) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Create", nil, "Failure preparing request") + return + } + + resp, err := client.CreateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Create", resp, "Failure sending request") + return + } + + result, err = client.CreateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Create", resp, "Failure responding to request") + } + + return +} + +// CreatePreparer prepares the Create request. +func (client WatchlistsClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "watchlistAlias": autorest.Encode("path", watchlistAlias), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", pathParameters), + autorest.WithJSON(watchlist), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateSender sends the Create request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) CreateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateResponder handles the response to the Create request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) CreateResponder(resp *http.Response) (result Watchlist, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete delete a watchlist. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// watchlistAlias - watchlist Alias +func (client WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, watchlistAlias) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Delete", resp, "Failure responding to request") + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client WatchlistsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "watchlistAlias": autorest.Encode("path", watchlistAlias), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets a watchlist. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// watchlistAlias - watchlist Alias +func (client WatchlistsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result Watchlist, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, watchlistAlias) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client WatchlistsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "watchlistAlias": autorest.Encode("path", watchlistAlias), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) GetResponder(resp *http.Response) (result Watchlist, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all watchlists. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +func (client WatchlistsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.List") + defer func() { + sc := -1 + if result.wl.Response.Response != nil { + sc = result.wl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.wl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "List", resp, "Failure sending request") + return + } + + result.wl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "List", resp, "Failure responding to request") + } + if result.wl.hasNextLink() && result.wl.IsEmpty() { + err = result.NextWithContext(ctx) + } + + return +} + +// ListPreparer prepares the List request. +func (client WatchlistsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) ListResponder(resp *http.Response) (result WatchlistList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client WatchlistsClient) listNextResults(ctx context.Context, lastResults WatchlistList) (result WatchlistList, err error) { + req, err := lastResults.watchlistListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client WatchlistsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + return +} + +// ListBySubscription gets all watchlists in a subscription. +// Parameters: +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +func (client WatchlistsClient) ListBySubscription(ctx context.Context, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.ListBySubscription") + defer func() { + sc := -1 + if result.wl.Response.Response != nil { + sc = result.wl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "ListBySubscription", err.Error()) + } + + result.fn = client.listBySubscriptionNextResults + req, err := client.ListBySubscriptionPreparer(ctx, operationalInsightsResourceProvider, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "ListBySubscription", nil, "Failure preparing request") + return + } + + resp, err := client.ListBySubscriptionSender(req) + if err != nil { + result.wl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "ListBySubscription", resp, "Failure sending request") + return + } + + result.wl, err = client.ListBySubscriptionResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "ListBySubscription", resp, "Failure responding to request") + } + if result.wl.hasNextLink() && result.wl.IsEmpty() { + err = result.NextWithContext(ctx) + } + + return +} + +// ListBySubscriptionPreparer prepares the ListBySubscription request. +func (client WatchlistsClient) ListBySubscriptionPreparer(ctx context.Context, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListBySubscriptionSender sends the ListBySubscription request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) ListBySubscriptionSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListBySubscriptionResponder handles the response to the ListBySubscription request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) ListBySubscriptionResponder(resp *http.Response) (result WatchlistList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listBySubscriptionNextResults retrieves the next set of results, if any. +func (client WatchlistsClient) listBySubscriptionNextResults(ctx context.Context, lastResults WatchlistList) (result WatchlistList, err error) { + req, err := lastResults.watchlistListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listBySubscriptionNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListBySubscriptionSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listBySubscriptionNextResults", resp, "Failure sending next results request") + } + result, err = client.ListBySubscriptionResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listBySubscriptionNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListBySubscriptionComplete enumerates all values, automatically crossing page boundaries as required. +func (client WatchlistsClient) ListBySubscriptionComplete(ctx context.Context, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.ListBySubscription") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListBySubscription(ctx, operationalInsightsResourceProvider, workspaceName) + return +}