diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go index a29c0d5d0ce9..f01ff44f6c1c 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go @@ -21,7 +21,12 @@ package securityinsight // Changes may cause incorrect behavior and will be lost if the code is regenerated. import ( + "context" "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" ) const ( @@ -50,3 +55,98 @@ func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient { SubscriptionID: subscriptionID, } } + +// CreateThreatIntelligence create a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// threatIntelligenceIndicatorObjectToUpsert - the threat intelligence entity properties for upsert +func (client BaseClient) CreateThreatIntelligence(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BaseClient.CreateThreatIntelligence") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.BaseClient", "CreateThreatIntelligence", err.Error()) + } + + req, err := client.CreateThreatIntelligencePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceIndicatorObjectToUpsert) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BaseClient", "CreateThreatIntelligence", nil, "Failure preparing request") + return + } + + resp, err := client.CreateThreatIntelligenceSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.BaseClient", "CreateThreatIntelligence", resp, "Failure sending request") + return + } + + result, err = client.CreateThreatIntelligenceResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BaseClient", "CreateThreatIntelligence", resp, "Failure responding to request") + } + + return +} + +// CreateThreatIntelligencePreparer prepares the CreateThreatIntelligence request. +func (client BaseClient) CreateThreatIntelligencePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator", pathParameters), + autorest.WithJSON(threatIntelligenceIndicatorObjectToUpsert), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateThreatIntelligenceSender sends the CreateThreatIntelligence request. The method will close the +// http.Response Body if it receives an error. +func (client BaseClient) CreateThreatIntelligenceSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateThreatIntelligenceResponder handles the response to the CreateThreatIntelligence request. The method always +// closes the http.Response Body. +func (client BaseClient) CreateThreatIntelligenceResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go index 1525863f1586..28d19fdcd606 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go @@ -100,13 +100,15 @@ const ( LateralMovement AttackTactic = "LateralMovement" // Persistence ... Persistence AttackTactic = "Persistence" + // PreAttack ... + PreAttack AttackTactic = "PreAttack" // PrivilegeEscalation ... PrivilegeEscalation AttackTactic = "PrivilegeEscalation" ) // PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. func PossibleAttackTacticValues() []AttackTactic { - return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation} + return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PreAttack, PrivilegeEscalation} } // CaseSeverity enumerates the values for case severity. @@ -241,6 +243,8 @@ const ( DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" // DataConnectorKindOffice365 ... DataConnectorKindOffice365 DataConnectorKind = "Office365" + // DataConnectorKindOfficeATP ... + DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP" // DataConnectorKindThreatIntelligence ... DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" // DataConnectorKindThreatIntelligenceTaxii ... @@ -249,7 +253,7 @@ const ( // PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. func PossibleDataConnectorKindValues() []DataConnectorKind { - return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence, DataConnectorKindThreatIntelligenceTaxii} + return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindOfficeATP, DataConnectorKindThreatIntelligence, DataConnectorKindThreatIntelligenceTaxii} } // DataConnectorLicenseState enumerates the values for data connector license state. @@ -408,6 +412,21 @@ func PossibleEntityTypeValues() []EntityType { return []EntityType{EntityTypeAccount, EntityTypeAzureResource, EntityTypeCloudApplication, EntityTypeDNS, EntityTypeFile, EntityTypeFileHash, EntityTypeHost, EntityTypeHuntingBookmark, EntityTypeIoTDevice, EntityTypeIP, EntityTypeMalware, EntityTypeProcess, EntityTypeRegistryKey, EntityTypeRegistryValue, EntityTypeSecurityAlert, EntityTypeSecurityGroup, EntityTypeURL} } +// EventGroupingAggregationKind enumerates the values for event grouping aggregation kind. +type EventGroupingAggregationKind string + +const ( + // AlertPerResult ... + AlertPerResult EventGroupingAggregationKind = "AlertPerResult" + // SingleAlert ... + SingleAlert EventGroupingAggregationKind = "SingleAlert" +) + +// PossibleEventGroupingAggregationKindValues returns an array of possible values for the EventGroupingAggregationKind const type. +func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind { + return []EventGroupingAggregationKind{AlertPerResult, SingleAlert} +} + // FileHashAlgorithm enumerates the values for file hash algorithm. type FileHashAlgorithm string @@ -688,6 +707,8 @@ const ( KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" // KindOffice365 ... KindOffice365 KindBasicDataConnector = "Office365" + // KindOfficeATP ... + KindOfficeATP KindBasicDataConnector = "OfficeATP" // KindThreatIntelligence ... KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" // KindThreatIntelligenceTaxii ... @@ -696,7 +717,7 @@ const ( // PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { - return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindThreatIntelligence, KindThreatIntelligenceTaxii} + return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindOfficeATP, KindThreatIntelligence, KindThreatIntelligenceTaxii} } // KindBasicDataConnectorsCheckRequirements enumerates the values for kind basic data connectors check @@ -718,6 +739,8 @@ const ( KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity KindBasicDataConnectorsCheckRequirements = "MicrosoftCloudAppSecurity" // KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection ... KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftDefenderAdvancedThreatProtection" + // KindBasicDataConnectorsCheckRequirementsKindOfficeATP ... + KindBasicDataConnectorsCheckRequirementsKindOfficeATP KindBasicDataConnectorsCheckRequirements = "OfficeATP" // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence ... KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence KindBasicDataConnectorsCheckRequirements = "ThreatIntelligence" // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii ... @@ -726,7 +749,7 @@ const ( // PossibleKindBasicDataConnectorsCheckRequirementsValues returns an array of possible values for the KindBasicDataConnectorsCheckRequirements const type. func PossibleKindBasicDataConnectorsCheckRequirementsValues() []KindBasicDataConnectorsCheckRequirements { - return []KindBasicDataConnectorsCheckRequirements{KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail, KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory, KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter, KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements, KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity, KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii} + return []KindBasicDataConnectorsCheckRequirements{KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail, KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory, KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter, KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements, KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity, KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindOfficeATP, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii} } // KindBasicEntity enumerates the values for kind basic entity. @@ -737,6 +760,8 @@ const ( KindAccount KindBasicEntity = "Account" // KindAzureResource ... KindAzureResource KindBasicEntity = "AzureResource" + // KindBookmark ... + KindBookmark KindBasicEntity = "Bookmark" // KindCloudApplication ... KindCloudApplication KindBasicEntity = "CloudApplication" // KindDNSResolution ... @@ -771,22 +796,41 @@ const ( // PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type. func PossibleKindBasicEntityValues() []KindBasicEntity { - return []KindBasicEntity{KindAccount, KindAzureResource, KindCloudApplication, KindDNSResolution, KindEntity, KindFile, KindFileHash, KindHost, KindIoTDevice, KindIP, KindMalware, KindProcess, KindRegistryKey, KindRegistryValue, KindSecurityAlert, KindSecurityGroup, KindURL} + return []KindBasicEntity{KindAccount, KindAzureResource, KindBookmark, KindCloudApplication, KindDNSResolution, KindEntity, KindFile, KindFileHash, KindHost, KindIoTDevice, KindIP, KindMalware, KindProcess, KindRegistryKey, KindRegistryValue, KindSecurityAlert, KindSecurityGroup, KindURL} } // KindBasicSettings enumerates the values for kind basic settings. type KindBasicSettings string const ( + // KindEntityAnalytics ... + KindEntityAnalytics KindBasicSettings = "EntityAnalytics" // KindEyesOn ... KindEyesOn KindBasicSettings = "EyesOn" // KindSettings ... KindSettings KindBasicSettings = "Settings" + // KindUeba ... + KindUeba KindBasicSettings = "Ueba" ) // PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type. func PossibleKindBasicSettingsValues() []KindBasicSettings { - return []KindBasicSettings{KindEyesOn, KindSettings} + return []KindBasicSettings{KindEntityAnalytics, KindEyesOn, KindSettings, KindUeba} +} + +// KindBasicThreatIntelligenceResource enumerates the values for kind basic threat intelligence resource. +type KindBasicThreatIntelligenceResource string + +const ( + // KindIndicator ... + KindIndicator KindBasicThreatIntelligenceResource = "indicator" + // KindThreatIntelligenceResource ... + KindThreatIntelligenceResource KindBasicThreatIntelligenceResource = "ThreatIntelligenceResource" +) + +// PossibleKindBasicThreatIntelligenceResourceValues returns an array of possible values for the KindBasicThreatIntelligenceResource const type. +func PossibleKindBasicThreatIntelligenceResourceValues() []KindBasicThreatIntelligenceResource { + return []KindBasicThreatIntelligenceResource{KindIndicator, KindThreatIntelligenceResource} } // MicrosoftSecurityProductName enumerates the values for microsoft security product name. @@ -803,11 +847,15 @@ const ( AzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" // MicrosoftCloudAppSecurity ... MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" + // MicrosoftDefenderAdvancedThreatProtection ... + MicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection" + // Office365AdvancedThreatProtection ... + Office365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection" ) // PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type. func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName { - return []MicrosoftSecurityProductName{AzureActiveDirectoryIdentityProtection, AzureAdvancedThreatProtection, AzureSecurityCenter, AzureSecurityCenterforIoT, MicrosoftCloudAppSecurity} + return []MicrosoftSecurityProductName{AzureActiveDirectoryIdentityProtection, AzureAdvancedThreatProtection, AzureSecurityCenter, AzureSecurityCenterforIoT, MicrosoftCloudAppSecurity, MicrosoftDefenderAdvancedThreatProtection, Office365AdvancedThreatProtection} } // OSFamily enumerates the values for os family. @@ -915,6 +963,38 @@ func PossibleRelationTypesValues() []RelationTypes { return []RelationTypes{CasesToBookmarks} } +// SettingKind enumerates the values for setting kind. +type SettingKind string + +const ( + // SettingKindEntityAnalytics ... + SettingKindEntityAnalytics SettingKind = "EntityAnalytics" + // SettingKindEyesOn ... + SettingKindEyesOn SettingKind = "EyesOn" + // SettingKindUeba ... + SettingKindUeba SettingKind = "Ueba" +) + +// PossibleSettingKindValues returns an array of possible values for the SettingKind const type. +func PossibleSettingKindValues() []SettingKind { + return []SettingKind{SettingKindEntityAnalytics, SettingKindEyesOn, SettingKindUeba} +} + +// Source enumerates the values for source. +type Source string + +const ( + // Localfile ... + Localfile Source = "Local file" + // Remotestorage ... + Remotestorage Source = "Remote storage" +) + +// PossibleSourceValues returns an array of possible values for the Source const type. +func PossibleSourceValues() []Source { + return []Source{Localfile, Remotestorage} +} + // TemplateStatus enumerates the values for template status. type TemplateStatus string @@ -932,6 +1012,36 @@ func PossibleTemplateStatusValues() []TemplateStatus { return []TemplateStatus{Available, Installed, NotAvailable} } +// ThreatIntelligenceArmStixSortBy enumerates the values for threat intelligence arm stix sort by. +type ThreatIntelligenceArmStixSortBy string + +const ( + // Ascending ... + Ascending ThreatIntelligenceArmStixSortBy = "ascending" + // Descending ... + Descending ThreatIntelligenceArmStixSortBy = "descending" + // Unsorted ... + Unsorted ThreatIntelligenceArmStixSortBy = "unsorted" +) + +// PossibleThreatIntelligenceArmStixSortByValues returns an array of possible values for the ThreatIntelligenceArmStixSortBy const type. +func PossibleThreatIntelligenceArmStixSortByValues() []ThreatIntelligenceArmStixSortBy { + return []ThreatIntelligenceArmStixSortBy{Ascending, Descending, Unsorted} +} + +// ThreatIntelligenceResourceKind enumerates the values for threat intelligence resource kind. +type ThreatIntelligenceResourceKind string + +const ( + // Indicator Entity represents threat intelligence indicator in the system. + Indicator ThreatIntelligenceResourceKind = "indicator" +) + +// PossibleThreatIntelligenceResourceKindValues returns an array of possible values for the ThreatIntelligenceResourceKind const type. +func PossibleThreatIntelligenceResourceKindValues() []ThreatIntelligenceResourceKind { + return []ThreatIntelligenceResourceKind{Indicator} +} + // TriggerOperator enumerates the values for trigger operator. type TriggerOperator string @@ -950,3 +1060,22 @@ const ( func PossibleTriggerOperatorValues() []TriggerOperator { return []TriggerOperator{Equal, GreaterThan, LessThan, NotEqual} } + +// UebaDataSources enumerates the values for ueba data sources. +type UebaDataSources string + +const ( + // AuditLogs ... + AuditLogs UebaDataSources = "AuditLogs" + // AzureActivity ... + AzureActivity UebaDataSources = "AzureActivity" + // SecurityEvent ... + SecurityEvent UebaDataSources = "SecurityEvent" + // SigninLogs ... + SigninLogs UebaDataSources = "SigninLogs" +) + +// PossibleUebaDataSourcesValues returns an array of possible values for the UebaDataSources const type. +func PossibleUebaDataSourcesValues() []UebaDataSources { + return []UebaDataSources{AuditLogs, AzureActivity, SecurityEvent, SigninLogs} +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidentcomments.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidentcomments.go index a9107bf774c7..11a86f738209 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidentcomments.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidentcomments.go @@ -43,7 +43,7 @@ func NewIncidentCommentsClientWithBaseURI(baseURI string, subscriptionID string) return IncidentCommentsClient{NewWithBaseURI(baseURI, subscriptionID)} } -// CreateComment creates the incident comment. +// CreateComment creates or updates the incident comment. // Parameters: // resourceGroupName - the name of the resource group within the user's subscription. The name is case // insensitive. @@ -145,6 +145,101 @@ func (client IncidentCommentsClient) CreateCommentResponder(resp *http.Response) return } +// DeleteComment delete the incident comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// incidentCommentID - incident comment ID +func (client IncidentCommentsClient) DeleteComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentsClient.DeleteComment") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentCommentsClient", "DeleteComment", err.Error()) + } + + req, err := client.DeleteCommentPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, incidentCommentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "DeleteComment", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteCommentSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "DeleteComment", resp, "Failure sending request") + return + } + + result, err = client.DeleteCommentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "DeleteComment", resp, "Failure responding to request") + } + + return +} + +// DeleteCommentPreparer prepares the DeleteComment request. +func (client IncidentCommentsClient) DeleteCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentCommentId": autorest.Encode("path", incidentCommentID), + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteCommentSender sends the DeleteComment request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentCommentsClient) DeleteCommentSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteCommentResponder handles the response to the DeleteComment request. The method always +// closes the http.Response Body. +func (client IncidentCommentsClient) DeleteCommentResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + // GetComment gets an incident comment. // Parameters: // resourceGroupName - the name of the resource group within the user's subscription. The name is case diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go index 365f36bcdff5..06e06e813205 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go @@ -479,3 +479,285 @@ func (client IncidentsClient) ListComplete(ctx context.Context, resourceGroupNam result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, orderby, top, skipToken) return } + +// ListOfAlerts gets all incident alerts. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +func (client IncidentsClient) ListOfAlerts(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentAlertList, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.ListOfAlerts") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "ListOfAlerts", err.Error()) + } + + req, err := client.ListOfAlertsPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfAlerts", nil, "Failure preparing request") + return + } + + resp, err := client.ListOfAlertsSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfAlerts", resp, "Failure sending request") + return + } + + result, err = client.ListOfAlertsResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfAlerts", resp, "Failure responding to request") + } + + return +} + +// ListOfAlertsPreparer prepares the ListOfAlerts request. +func (client IncidentsClient) ListOfAlertsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListOfAlertsSender sends the ListOfAlerts request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) ListOfAlertsSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListOfAlertsResponder handles the response to the ListOfAlerts request. The method always +// closes the http.Response Body. +func (client IncidentsClient) ListOfAlertsResponder(resp *http.Response) (result IncidentAlertList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListOfBookmarks gets all incident bookmarks. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +func (client IncidentsClient) ListOfBookmarks(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentBookmarkList, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.ListOfBookmarks") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "ListOfBookmarks", err.Error()) + } + + req, err := client.ListOfBookmarksPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfBookmarks", nil, "Failure preparing request") + return + } + + resp, err := client.ListOfBookmarksSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfBookmarks", resp, "Failure sending request") + return + } + + result, err = client.ListOfBookmarksResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfBookmarks", resp, "Failure responding to request") + } + + return +} + +// ListOfBookmarksPreparer prepares the ListOfBookmarks request. +func (client IncidentsClient) ListOfBookmarksPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListOfBookmarksSender sends the ListOfBookmarks request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) ListOfBookmarksSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListOfBookmarksResponder handles the response to the ListOfBookmarks request. The method always +// closes the http.Response Body. +func (client IncidentsClient) ListOfBookmarksResponder(resp *http.Response) (result IncidentBookmarkList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListOfEntities gets all incident related entities. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +func (client IncidentsClient) ListOfEntities(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentEntitiesResponse, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.ListOfEntities") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "ListOfEntities", err.Error()) + } + + req, err := client.ListOfEntitiesPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfEntities", nil, "Failure preparing request") + return + } + + resp, err := client.ListOfEntitiesSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfEntities", resp, "Failure sending request") + return + } + + result, err = client.ListOfEntitiesResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfEntities", resp, "Failure responding to request") + } + + return +} + +// ListOfEntitiesPreparer prepares the ListOfEntities request. +func (client IncidentsClient) ListOfEntitiesPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListOfEntitiesSender sends the ListOfEntities request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) ListOfEntitiesSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListOfEntitiesResponder handles the response to the ListOfEntities request. The method always +// closes the http.Response Body. +func (client IncidentsClient) ListOfEntitiesResponder(resp *http.Response) (result IncidentEntitiesResponse, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go index cfd0c25575eb..9fa97153523d 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go @@ -35,7 +35,7 @@ const fqdn = "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight type AADCheckRequirements struct { // AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties. *AADCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -82,6 +82,11 @@ func (acr AADCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequireme return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements. +func (acr AADCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements. func (acr AADCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -153,7 +158,7 @@ type AADDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -203,6 +208,11 @@ func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector. func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -309,7 +319,7 @@ type AADDataConnectorProperties struct { type AATPCheckRequirements struct { // AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties. *AATPCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -356,6 +366,11 @@ func (acr AATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirem return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements. +func (acr AATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements. func (acr AATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -427,7 +442,7 @@ type AATPDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -477,6 +492,11 @@ func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -589,7 +609,7 @@ type AccountEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -641,6 +661,16 @@ func (ae AccountEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for AccountEntity. func (ae AccountEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -666,11 +696,6 @@ func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity. func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -1960,7 +1985,7 @@ type AlertsDataTypeOfDataConnectorAlerts struct { type ASCCheckRequirements struct { // ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties. *ASCCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -2007,6 +2032,11 @@ func (acr ASCCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequireme return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements. +func (acr ASCCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements. func (acr ASCCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -2078,7 +2108,7 @@ type ASCDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2128,6 +2158,11 @@ func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -2232,7 +2267,7 @@ type ASCDataConnectorProperties struct { // AwsCloudTrailCheckRequirements amazon Web Services CloudTrail requirements check request. type AwsCloudTrailCheckRequirements struct { - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -2276,6 +2311,11 @@ func (actcr AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements() (*MDATPCh return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements. +func (actcr AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements. func (actcr AwsCloudTrailCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -2308,7 +2348,7 @@ type AwsCloudTrailDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2358,6 +2398,11 @@ func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnec return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -2483,7 +2528,7 @@ type AzureResourceEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -2535,6 +2580,16 @@ func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for AzureResourceEntity. func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -2560,11 +2615,6 @@ func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bo return nil, false } -// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity. func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -4008,7 +4058,7 @@ type CloudApplicationEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -4060,6 +4110,16 @@ func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for CloudApplicationEntity. func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -4085,11 +4145,6 @@ func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, return nil, false } -// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity. func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -4250,6 +4305,7 @@ type BasicDataConnector interface { AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsMCASDataConnector() (*MCASDataConnector, bool) AsMDATPDataConnector() (*MDATPDataConnector, bool) + AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) AsOfficeDataConnector() (*OfficeDataConnector, bool) AsTIDataConnector() (*TIDataConnector, bool) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) @@ -4267,7 +4323,7 @@ type DataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -4303,6 +4359,10 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { var mdc MDATPDataConnector err := json.Unmarshal(body, &mdc) return mdc, err + case string(KindOfficeATP): + var oadc OfficeATPDataConnector + err := json.Unmarshal(body, &oadc) + return oadc, err case string(KindOffice365): var odc OfficeDataConnector err := json.Unmarshal(body, &odc) @@ -4383,6 +4443,11 @@ func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector. func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -4416,7 +4481,7 @@ type DataConnectorDataTypeCommon struct { // DataConnectorKind1 describes an Azure resource with kind. type DataConnectorKind1 struct { - // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindOfficeATP', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` } @@ -4651,6 +4716,7 @@ type BasicDataConnectorsCheckRequirements interface { AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) + AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) AsTICheckRequirements() (*TICheckRequirements, bool) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) @@ -4658,7 +4724,7 @@ type BasicDataConnectorsCheckRequirements interface { // DataConnectorsCheckRequirements data connector requirements properties. type DataConnectorsCheckRequirements struct { - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -4694,6 +4760,10 @@ func unmarshalBasicDataConnectorsCheckRequirements(body []byte) (BasicDataConnec var mcr MDATPCheckRequirements err := json.Unmarshal(body, &mcr) return mcr, err + case string(KindBasicDataConnectorsCheckRequirementsKindOfficeATP): + var oacr OfficeATPCheckRequirements + err := json.Unmarshal(body, &oacr) + return oacr, err case string(KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence): var tcr TICheckRequirements err := json.Unmarshal(body, &tcr) @@ -4767,6 +4837,11 @@ func (dccr DataConnectorsCheckRequirements) AsMDATPCheckRequirements() (*MDATPCh return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements. +func (dccr DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements. func (dccr DataConnectorsCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -4809,7 +4884,7 @@ type DNSEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -4861,6 +4936,16 @@ func (de DNSEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for DNSEntity. func (de DNSEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -4886,11 +4971,6 @@ func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity. func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -5007,12 +5087,13 @@ type BasicEntity interface { AsFileEntity() (*FileEntity, bool) AsFileHashEntity() (*FileHashEntity, bool) AsHostEntity() (*HostEntity, bool) + AsHuntingBookmark() (*HuntingBookmark, bool) + AsSecurityAlert() (*SecurityAlert, bool) AsIPEntity() (*IPEntity, bool) AsMalwareEntity() (*MalwareEntity, bool) AsProcessEntity() (*ProcessEntity, bool) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) AsRegistryValueEntity() (*RegistryValueEntity, bool) - AsSecurityAlert() (*SecurityAlert, bool) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) AsURLEntity() (*URLEntity, bool) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) @@ -5028,7 +5109,7 @@ type Entity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5068,6 +5149,14 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var he HostEntity err := json.Unmarshal(body, &he) return he, err + case string(KindBookmark): + var hb HuntingBookmark + err := json.Unmarshal(body, &hb) + return hb, err + case string(KindSecurityAlert): + var sa SecurityAlert + err := json.Unmarshal(body, &sa) + return sa, err case string(KindIP): var ie IPEntity err := json.Unmarshal(body, &ie) @@ -5088,10 +5177,6 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var rve RegistryValueEntity err := json.Unmarshal(body, &rve) return rve, err - case string(KindSecurityAlert): - var sa SecurityAlert - err := json.Unmarshal(body, &sa) - return sa, err case string(KindSecurityGroup): var sge SecurityGroupEntity err := json.Unmarshal(body, &sge) @@ -5174,6 +5259,16 @@ func (e Entity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for Entity. +func (e Entity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for Entity. func (e Entity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -5199,11 +5294,6 @@ func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for Entity. -func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for Entity. func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -5229,6 +5319,138 @@ func (e Entity) AsBasicEntity() (BasicEntity, bool) { return &e, true } +// EntityAnalytics settings with single toggle. +type EntityAnalytics struct { + // EntityAnalyticsProperties - EntityAnalytics properties + *EntityAnalyticsProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' + Kind KindBasicSettings `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for EntityAnalytics. +func (ea EntityAnalytics) MarshalJSON() ([]byte, error) { + ea.Kind = KindEntityAnalytics + objectMap := make(map[string]interface{}) + if ea.EntityAnalyticsProperties != nil { + objectMap["properties"] = ea.EntityAnalyticsProperties + } + if ea.Etag != nil { + objectMap["etag"] = ea.Etag + } + if ea.Kind != "" { + objectMap["kind"] = ea.Kind + } + return json.Marshal(objectMap) +} + +// AsEyesOn is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsEyesOn() (*EyesOn, bool) { + return nil, false +} + +// AsEntityAnalytics is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsEntityAnalytics() (*EntityAnalytics, bool) { + return &ea, true +} + +// AsUeba is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsUeba() (*Ueba, bool) { + return nil, false +} + +// AsSettings is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsSettings() (*Settings, bool) { + return nil, false +} + +// AsBasicSettings is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsBasicSettings() (BasicSettings, bool) { + return &ea, true +} + +// UnmarshalJSON is the custom unmarshaler for EntityAnalytics struct. +func (ea *EntityAnalytics) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var entityAnalyticsProperties EntityAnalyticsProperties + err = json.Unmarshal(*v, &entityAnalyticsProperties) + if err != nil { + return err + } + ea.EntityAnalyticsProperties = &entityAnalyticsProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ea.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ea.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ea.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ea.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicSettings + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ea.Kind = kind + } + } + } + + return nil +} + +// EntityAnalyticsProperties entityAnalytics property bag. +type EntityAnalyticsProperties struct { + // IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled. + IsEnabled *bool `json:"isEnabled,omitempty"` +} + // EntityCommonProperties entity common property bag. type EntityCommonProperties struct { // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. @@ -5765,6 +5987,12 @@ type EntityQueryProperties struct { QueryTemplate *string `json:"queryTemplate,omitempty"` } +// EventGroupingSettings event grouping settings property bag. +type EventGroupingSettings struct { + // AggregationKind - Possible values include: 'SingleAlert', 'AlertPerResult' + AggregationKind EventGroupingAggregationKind `json:"aggregationKind,omitempty"` +} + // ExpansionResultAggregation information of a specific aggregation in the expansion result. type ExpansionResultAggregation struct { // AggregationType - The common type of the aggregation. (for e.g. entity field name) @@ -5795,7 +6023,7 @@ type EyesOn struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindEyesOn' + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -5820,6 +6048,16 @@ func (eo EyesOn) AsEyesOn() (*EyesOn, bool) { return &eo, true } +// AsEntityAnalytics is the BasicSettings implementation for EyesOn. +func (eo EyesOn) AsEntityAnalytics() (*EntityAnalytics, bool) { + return nil, false +} + +// AsUeba is the BasicSettings implementation for EyesOn. +func (eo EyesOn) AsUeba() (*Ueba, bool) { + return nil, false +} + // AsSettings is the BasicSettings implementation for EyesOn. func (eo EyesOn) AsSettings() (*Settings, bool) { return nil, false @@ -5915,7 +6153,7 @@ type FileEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5967,6 +6205,16 @@ func (fe FileEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for FileEntity. func (fe FileEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -5992,11 +6240,6 @@ func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for FileEntity. func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -6114,7 +6357,7 @@ type FileHashEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -6166,6 +6409,16 @@ func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for FileHashEntity. func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -6191,11 +6444,6 @@ func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity. func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -6656,7 +6904,7 @@ type HostEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -6708,6 +6956,16 @@ func (he HostEntity) AsHostEntity() (*HostEntity, bool) { return &he, true } +// AsHuntingBookmark is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for HostEntity. func (he HostEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -6733,11 +6991,6 @@ func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for HostEntity. func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -6858,23 +7111,274 @@ func (hep HostEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// Incident represents an incident in Azure Security Insights. -type Incident struct { - autorest.Response `json:"-"` - // IncidentProperties - Incident properties - *IncidentProperties `json:"properties,omitempty"` +// HuntingBookmark represents a Hunting bookmark entity. +type HuntingBookmark struct { + // HuntingBookmarkProperties - HuntingBookmark entity properties + *HuntingBookmarkProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Etag - Etag of the azure resource - Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for Incident. -func (i Incident) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for HuntingBookmark. +func (hb HuntingBookmark) MarshalJSON() ([]byte, error) { + hb.Kind = KindBookmark + objectMap := make(map[string]interface{}) + if hb.HuntingBookmarkProperties != nil { + objectMap["properties"] = hb.HuntingBookmarkProperties + } + if hb.Kind != "" { + objectMap["kind"] = hb.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsHuntingBookmark is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsHuntingBookmark() (*HuntingBookmark, bool) { + return &hb, true +} + +// AsSecurityAlert is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsIoTDeviceEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsBasicEntity() (BasicEntity, bool) { + return &hb, true +} + +// UnmarshalJSON is the custom unmarshaler for HuntingBookmark struct. +func (hb *HuntingBookmark) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var huntingBookmarkProperties HuntingBookmarkProperties + err = json.Unmarshal(*v, &huntingBookmarkProperties) + if err != nil { + return err + } + hb.HuntingBookmarkProperties = &huntingBookmarkProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + hb.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + hb.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + hb.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + hb.Kind = kind + } + } + } + + return nil +} + +// HuntingBookmarkProperties describes bookmark properties +type HuntingBookmarkProperties struct { + // Created - The time the bookmark was created + Created *date.Time `json:"created,omitempty"` + // CreatedBy - Describes a user that created the bookmark + CreatedBy *UserInfo `json:"createdBy,omitempty"` + // DisplayName - The display name of the bookmark + DisplayName *string `json:"displayName,omitempty"` + // EventTime - The time of the event + EventTime *date.Time `json:"eventTime,omitempty"` + // Labels - List of labels relevant to this bookmark + Labels *[]string `json:"labels,omitempty"` + // Notes - The notes of the bookmark + Notes *string `json:"notes,omitempty"` + // Query - The query of the bookmark. + Query *string `json:"query,omitempty"` + // QueryResult - The query result of the bookmark. + QueryResult *string `json:"queryResult,omitempty"` + // Updated - The last time the bookmark was updated + Updated *date.Time `json:"updated,omitempty"` + // UpdatedBy - Describes a user that updated the bookmark + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` + // IncidentInfo - Describes an incident that relates to bookmark + IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for HuntingBookmarkProperties. +func (hbp HuntingBookmarkProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if hbp.Created != nil { + objectMap["created"] = hbp.Created + } + if hbp.CreatedBy != nil { + objectMap["createdBy"] = hbp.CreatedBy + } + if hbp.DisplayName != nil { + objectMap["displayName"] = hbp.DisplayName + } + if hbp.EventTime != nil { + objectMap["eventTime"] = hbp.EventTime + } + if hbp.Labels != nil { + objectMap["labels"] = hbp.Labels + } + if hbp.Notes != nil { + objectMap["notes"] = hbp.Notes + } + if hbp.Query != nil { + objectMap["query"] = hbp.Query + } + if hbp.QueryResult != nil { + objectMap["queryResult"] = hbp.QueryResult + } + if hbp.Updated != nil { + objectMap["updated"] = hbp.Updated + } + if hbp.UpdatedBy != nil { + objectMap["updatedBy"] = hbp.UpdatedBy + } + if hbp.IncidentInfo != nil { + objectMap["incidentInfo"] = hbp.IncidentInfo + } + return json.Marshal(objectMap) +} + +// Incident represents an incident in Azure Security Insights. +type Incident struct { + autorest.Response `json:"-"` + // IncidentProperties - Incident properties + *IncidentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for Incident. +func (i Incident) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) if i.IncidentProperties != nil { objectMap["properties"] = i.IncidentProperties @@ -6959,6 +7463,20 @@ type IncidentAdditionalData struct { Tactics *[]AttackTactic `json:"tactics,omitempty"` } +// IncidentAlertList list of incident alerts. +type IncidentAlertList struct { + autorest.Response `json:"-"` + // Value - Array of incident alerts. + Value *[]SecurityAlert `json:"value,omitempty"` +} + +// IncidentBookmarkList list of incident bookmarks. +type IncidentBookmarkList struct { + autorest.Response `json:"-"` + // Value - Array of incident bookmarks. + Value *[]HuntingBookmark `json:"value,omitempty"` +} + // IncidentComment represents an incident comment type IncidentComment struct { autorest.Response `json:"-"` @@ -6970,6 +7488,8 @@ type IncidentComment struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` } // MarshalJSON is the custom marshaler for IncidentComment. @@ -6978,6 +7498,9 @@ func (ic IncidentComment) MarshalJSON() ([]byte, error) { if ic.IncidentCommentProperties != nil { objectMap["properties"] = ic.IncidentCommentProperties } + if ic.Etag != nil { + objectMap["etag"] = ic.Etag + } return json.Marshal(objectMap) } @@ -7026,6 +7549,15 @@ func (ic *IncidentComment) UnmarshalJSON(body []byte) error { } ic.Type = &typeVar } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ic.Etag = &etag + } } } @@ -7201,6 +7733,8 @@ func NewIncidentCommentListPage(getNextPage func(context.Context, IncidentCommen type IncidentCommentProperties struct { // CreatedTimeUtc - READ-ONLY; The time the comment was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // LastModifiedTimeUtc - READ-ONLY; The time the comment was updated + LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"` // Message - The comment message Message *string `json:"message,omitempty"` // Author - READ-ONLY; Describes the client that created the comment @@ -7224,6 +7758,56 @@ type IncidentConfiguration struct { GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"` } +// IncidentEntitiesResponse the incident related entities response. +type IncidentEntitiesResponse struct { + autorest.Response `json:"-"` + // Entities - Array of the incident related entities. + Entities *[]BasicEntity `json:"entities,omitempty"` + // MetaData - The metadata from the incident related entities results. + MetaData *[]IncidentEntitiesResultsMetadata `json:"metaData,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for IncidentEntitiesResponse struct. +func (ier *IncidentEntitiesResponse) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "entities": + if v != nil { + entities, err := unmarshalBasicEntityArray(*v) + if err != nil { + return err + } + ier.Entities = &entities + } + case "metaData": + if v != nil { + var metaData []IncidentEntitiesResultsMetadata + err = json.Unmarshal(*v, &metaData) + if err != nil { + return err + } + ier.MetaData = &metaData + } + } + } + + return nil +} + +// IncidentEntitiesResultsMetadata information of a specific aggregation in the incident related entities +// result. +type IncidentEntitiesResultsMetadata struct { + // Count - Total number of aggregations of the given kind in the incident related entities result. + Count *int32 `json:"count,omitempty"` + // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark' + EntityKind EntityKind `json:"entityKind,omitempty"` +} + // IncidentInfo describes related incident information for the bookmark type IncidentInfo struct { // IncidentID - Incident Id @@ -7517,7 +8101,7 @@ type IoTDeviceEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7569,6 +8153,16 @@ func (itde IoTDeviceEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for IoTDeviceEntity. func (itde IoTDeviceEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -7594,11 +8188,6 @@ func (itde IoTDeviceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) return nil, false } -// AsSecurityAlert is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for IoTDeviceEntity. func (itde IoTDeviceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -7724,7 +8313,7 @@ type IPEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7776,6 +8365,16 @@ func (ie IPEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for IPEntity. func (ie IPEntity) AsIPEntity() (*IPEntity, bool) { return &ie, true @@ -7801,11 +8400,6 @@ func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for IPEntity. func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -7924,7 +8518,7 @@ type MalwareEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7976,6 +8570,16 @@ func (me MalwareEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for MalwareEntity. func (me MalwareEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -8001,11 +8605,6 @@ func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity. func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -8117,7 +8716,7 @@ func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error) { type MCASCheckRequirements struct { // MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties. *MCASCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -8164,6 +8763,11 @@ func (mcr MCASCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirem return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements. +func (mcr MCASCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements. func (mcr MCASCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -8235,7 +8839,7 @@ type MCASDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -8285,6 +8889,11 @@ func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -8406,7 +9015,7 @@ type MCASDataConnectorProperties struct { type MDATPCheckRequirements struct { // MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. *MDATPCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -8453,6 +9062,11 @@ func (mcr MDATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequire return &mcr, true } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements. +func (mcr MDATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements. func (mcr MDATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -8525,7 +9139,7 @@ type MDATPDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -8575,6 +9189,11 @@ func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) return &mdc, true } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -8811,7 +9430,7 @@ type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct { DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` - // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` @@ -8833,7 +9452,7 @@ type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` - // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` @@ -9001,7 +9620,7 @@ type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` - // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` @@ -9040,6 +9659,293 @@ func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) Mars return json.Marshal(objectMap) } +// OfficeATPCheckRequirements represents OfficeATP (Office 365 Advanced Threat Protection) requirements check +// request. +type OfficeATPCheckRequirements struct { + // OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. + *OfficeATPCheckRequirementsProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) MarshalJSON() ([]byte, error) { + oacr.Kind = KindBasicDataConnectorsCheckRequirementsKindOfficeATP + objectMap := make(map[string]interface{}) + if oacr.OfficeATPCheckRequirementsProperties != nil { + objectMap["properties"] = oacr.OfficeATPCheckRequirementsProperties + } + if oacr.Kind != "" { + objectMap["kind"] = oacr.Kind + } + return json.Marshal(objectMap) +} + +// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { + return nil, false +} + +// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { + return nil, false +} + +// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { + return nil, false +} + +// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { + return nil, false +} + +// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { + return nil, false +} + +// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { + return nil, false +} + +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return &oacr, true +} + +// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { + return nil, false +} + +// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { + return nil, false +} + +// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { + return nil, false +} + +// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { + return &oacr, true +} + +// UnmarshalJSON is the custom unmarshaler for OfficeATPCheckRequirements struct. +func (oacr *OfficeATPCheckRequirements) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeATPCheckRequirementsProperties OfficeATPCheckRequirementsProperties + err = json.Unmarshal(*v, &officeATPCheckRequirementsProperties) + if err != nil { + return err + } + oacr.OfficeATPCheckRequirementsProperties = &officeATPCheckRequirementsProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnectorsCheckRequirements + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + oacr.Kind = kind + } + } + } + + return nil +} + +// OfficeATPCheckRequirementsProperties officeATP (Office 365 Advanced Threat Protection) requirements check +// properties. +type OfficeATPCheckRequirementsProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// OfficeATPDataConnector represents OfficeATP (Office 365 Advanced Threat Protection) data connector. +type OfficeATPDataConnector struct { + // OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties. + *OfficeATPDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) MarshalJSON() ([]byte, error) { + oadc.Kind = KindOfficeATP + objectMap := make(map[string]interface{}) + if oadc.OfficeATPDataConnectorProperties != nil { + objectMap["properties"] = oadc.OfficeATPDataConnectorProperties + } + if oadc.Etag != nil { + objectMap["etag"] = oadc.Etag + } + if oadc.Kind != "" { + objectMap["kind"] = oadc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return &oadc, true +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &oadc, true +} + +// UnmarshalJSON is the custom unmarshaler for OfficeATPDataConnector struct. +func (oadc *OfficeATPDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeATPDataConnectorProperties OfficeATPDataConnectorProperties + err = json.Unmarshal(*v, &officeATPDataConnectorProperties) + if err != nil { + return err + } + oadc.OfficeATPDataConnectorProperties = &officeATPDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + oadc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + oadc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + oadc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + oadc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + oadc.Kind = kind + } + } + } + + return nil +} + +// OfficeATPDataConnectorProperties officeATP (Office 365 Advanced Threat Protection) data connector +// properties. +type OfficeATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + // OfficeConsent consent for Office365 tenant that already made. type OfficeConsent struct { autorest.Response `json:"-"` @@ -9307,7 +10213,7 @@ type OfficeDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -9357,6 +10263,11 @@ func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return &odc, true @@ -9457,6 +10368,8 @@ type OfficeDataConnectorDataTypes struct { Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` // SharePoint - SharePoint data type connection. SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` + // Teams - Teams data type connection. + Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"` } // OfficeDataConnectorDataTypesExchange exchange data type connection. @@ -9471,6 +10384,12 @@ type OfficeDataConnectorDataTypesSharePoint struct { State DataTypeState `json:"state,omitempty"` } +// OfficeDataConnectorDataTypesTeams teams data type connection. +type OfficeDataConnectorDataTypesTeams struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + // OfficeDataConnectorProperties office data connector properties. type OfficeDataConnectorProperties struct { // DataTypes - The available data types for the connector. @@ -9665,7 +10584,7 @@ type ProcessEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -9717,6 +10636,16 @@ func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for ProcessEntity. func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -9742,11 +10671,6 @@ func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) return nil, false } -// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity. func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -9877,7 +10801,7 @@ type RegistryKeyEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -9929,6 +10853,16 @@ func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for RegistryKeyEntity. func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -9954,11 +10888,6 @@ func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool return nil, false } -// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity. func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -10072,7 +11001,7 @@ type RegistryValueEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -10124,6 +11053,16 @@ func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for RegistryValueEntity. func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -10149,11 +11088,6 @@ func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bo return &rve, true } -// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity. func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -10862,6 +11796,8 @@ type ScheduledAlertRuleCommonProperties struct { TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // EventGroupingSettings - The event grouping settings. + EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` } // ScheduledAlertRuleProperties scheduled alert rule base property bag. @@ -10896,6 +11832,8 @@ type ScheduledAlertRuleProperties struct { TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // EventGroupingSettings - The event grouping settings. + EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` } // MarshalJSON is the custom marshaler for ScheduledAlertRuleProperties. @@ -10943,6 +11881,9 @@ func (sarp ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error) { if sarp.TriggerThreshold != nil { objectMap["triggerThreshold"] = sarp.TriggerThreshold } + if sarp.EventGroupingSettings != nil { + objectMap["eventGroupingSettings"] = sarp.EventGroupingSettings + } return json.Marshal(objectMap) } @@ -11084,6 +12025,8 @@ type ScheduledAlertRuleTemplateProperties struct { TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // EventGroupingSettings - The event grouping settings. + EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` // Tactics - The tactics of the alert rule template Tactics *[]AttackTactic `json:"tactics,omitempty"` } @@ -11124,6 +12067,9 @@ func (sart ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { if sart.TriggerThreshold != nil { objectMap["triggerThreshold"] = sart.TriggerThreshold } + if sart.EventGroupingSettings != nil { + objectMap["eventGroupingSettings"] = sart.EventGroupingSettings + } if sart.Tactics != nil { objectMap["tactics"] = sart.Tactics } @@ -11140,7 +12086,7 @@ type SecurityAlert struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -11192,6 +12138,16 @@ func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { + return &sa, true +} + // AsIPEntity is the BasicEntity implementation for SecurityAlert. func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -11217,11 +12173,6 @@ func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { - return &sa, true -} - // AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert. func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -11392,7 +12343,7 @@ type SecurityGroupEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -11444,6 +12395,16 @@ func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for SecurityGroupEntity. func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -11469,11 +12430,6 @@ func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bo return nil, false } -// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity. func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return &sge, true @@ -11612,6 +12568,8 @@ func (sl *SettingList) UnmarshalJSON(body []byte) error { // BasicSettings the Setting. type BasicSettings interface { AsEyesOn() (*EyesOn, bool) + AsEntityAnalytics() (*EntityAnalytics, bool) + AsUeba() (*Ueba, bool) AsSettings() (*Settings, bool) } @@ -11626,7 +12584,7 @@ type Settings struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindEyesOn' + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -11642,6 +12600,14 @@ func unmarshalBasicSettings(body []byte) (BasicSettings, error) { var eo EyesOn err := json.Unmarshal(body, &eo) return eo, err + case string(KindEntityAnalytics): + var ea EntityAnalytics + err := json.Unmarshal(body, &ea) + return ea, err + case string(KindUeba): + var u Ueba + err := json.Unmarshal(body, &u) + return u, err default: var s Settings err := json.Unmarshal(body, &s) @@ -11685,6 +12651,16 @@ func (s Settings) AsEyesOn() (*EyesOn, bool) { return nil, false } +// AsEntityAnalytics is the BasicSettings implementation for Settings. +func (s Settings) AsEntityAnalytics() (*EntityAnalytics, bool) { + return nil, false +} + +// AsUeba is the BasicSettings implementation for Settings. +func (s Settings) AsUeba() (*Ueba, bool) { + return nil, false +} + // AsSettings is the BasicSettings implementation for Settings. func (s Settings) AsSettings() (*Settings, bool) { return &s, true @@ -11697,8 +12673,8 @@ func (s Settings) AsBasicSettings() (BasicSettings, bool) { // SettingsKind describes an Azure resource with kind. type SettingsKind struct { - // Kind - The kind of the setting - Kind *string `json:"kind,omitempty"` + // Kind - The kind of the setting. Possible values include: 'SettingKindEyesOn', 'SettingKindEntityAnalytics', 'SettingKindUeba' + Kind SettingKind `json:"kind,omitempty"` } // SettingsModel ... @@ -11734,120 +12710,64 @@ type ThreatIntelligence struct { ThreatType *string `json:"threatType,omitempty"` } -// TICheckRequirements represents threat intelligence requirements check request. -type TICheckRequirements struct { - // TICheckRequirementsProperties - TI (Threat Intelligence) requirements check properties. - *TICheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' - Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for TICheckRequirements. -func (tcr TICheckRequirements) MarshalJSON() ([]byte, error) { - tcr.Kind = KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence - objectMap := make(map[string]interface{}) - if tcr.TICheckRequirementsProperties != nil { - objectMap["properties"] = tcr.TICheckRequirementsProperties - } - if tcr.Kind != "" { - objectMap["kind"] = tcr.Kind - } - return json.Marshal(objectMap) -} - -// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { - return nil, false -} - -// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { - return nil, false -} - -// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { - return nil, false -} - -// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { - return nil, false -} - -// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { - return nil, false -} - -// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { - return nil, false -} - -// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { - return &tcr, true -} - -// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { - return nil, false -} - -// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { - return nil, false -} - -// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { - return &tcr, true -} - -// UnmarshalJSON is the custom unmarshaler for TICheckRequirements struct. -func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var tICheckRequirementsProperties TICheckRequirementsProperties - err = json.Unmarshal(*v, &tICheckRequirementsProperties) - if err != nil { - return err - } - tcr.TICheckRequirementsProperties = &tICheckRequirementsProperties - } - case "kind": - if v != nil { - var kind KindBasicDataConnectorsCheckRequirements - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - tcr.Kind = kind - } - } - } - - return nil -} - -// TICheckRequirementsProperties TI (Threat Intelligence) requirements check properties. -type TICheckRequirementsProperties struct { - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` -} - -// TIDataConnector represents threat intelligence data connector. -type TIDataConnector struct { - // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. - *TIDataConnectorProperties `json:"properties,omitempty"` +// ThreatIntelligenceAppendTagsRequestBody describes threat intelligence indicator append tags request body +type ThreatIntelligenceAppendTagsRequestBody struct { + // ThreatIntelligenceTags - List of threat intelligence tags + ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"` +} + +// ThreatIntelligenceArmStixQuery describes threat intelligence ARM STIX query +type ThreatIntelligenceArmStixQuery struct { + // PageSize - Page size + PageSize *int32 `json:"pageSize,omitempty"` + // MinConfidence - Minimum confidence + MinConfidence *int32 `json:"minConfidence,omitempty"` + // MaxConfidence - Maximum confidence + MaxConfidence *int32 `json:"maxConfidence,omitempty"` + // MinValidUntil - Minimum Valid until + MinValidUntil *string `json:"minValidUntil,omitempty"` + // MaxValidUntil - Maximum Valid until + MaxValidUntil *string `json:"maxValidUntil,omitempty"` + // IncludeDisabled - To include disabled indicators + IncludeDisabled *bool `json:"includeDisabled,omitempty"` + // SortBy - List of Sort rules + SortBy *[]ThreatIntelligenceArmStixSortBy1 `json:"sortBy,omitempty"` + // Sources - Sources of a threat intelligence entity + Sources *[]string `json:"sources,omitempty"` + // PatternTypes - Pattern types + PatternTypes *[]string `json:"patternTypes,omitempty"` + // ThreatTypes - Threat types + ThreatTypes *[]string `json:"threatTypes,omitempty"` + // Ids - Ids of threat intelligence entities + Ids *[]string `json:"ids,omitempty"` + // Keywords - Keywords of threat intelligence entities + Keywords *[]string `json:"keywords,omitempty"` + // SkipToken - Skip Token + SkipToken *string `json:"skipToken,omitempty"` +} + +// ThreatIntelligenceArmStixSortBy1 describes an threat intelligence ARM STIX Sort By +type ThreatIntelligenceArmStixSortBy1 struct { + // ItemKey - Item key + ItemKey *string `json:"itemKey,omitempty"` + // SortOrder - Sort order. Possible values include: 'Unsorted', 'Ascending', 'Descending' + SortOrder ThreatIntelligenceArmStixSortBy `json:"sortOrder,omitempty"` +} + +// ThreatIntelligenceGranularMarkingModel describes threat granular marking model entity +type ThreatIntelligenceGranularMarkingModel struct { + // Language - Language granular marking model + Language *string `json:"language,omitempty"` + // MarkingRef - marking reference granular marking model + MarkingRef *int32 `json:"markingRef,omitempty"` + // Selectors - granular marking model selectors + Selectors *[]string `json:"selectors,omitempty"` +} + +// ThreatIntelligenceIndicatorModel threat intelligence indicator entity. +type ThreatIntelligenceIndicatorModel struct { + // ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties + *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name @@ -11856,83 +12776,43 @@ type TIDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindThreatIntelligenceResource', 'KindIndicator' + Kind KindBasicThreatIntelligenceResource `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for TIDataConnector. -func (tdc TIDataConnector) MarshalJSON() ([]byte, error) { - tdc.Kind = KindThreatIntelligence +// MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error) { + tiim.Kind = KindIndicator objectMap := make(map[string]interface{}) - if tdc.TIDataConnectorProperties != nil { - objectMap["properties"] = tdc.TIDataConnectorProperties + if tiim.ThreatIntelligenceIndicatorProperties != nil { + objectMap["properties"] = tiim.ThreatIntelligenceIndicatorProperties } - if tdc.Etag != nil { - objectMap["etag"] = tdc.Etag + if tiim.Etag != nil { + objectMap["etag"] = tiim.Etag } - if tdc.Kind != "" { - objectMap["kind"] = tdc.Kind + if tiim.Kind != "" { + objectMap["kind"] = tiim.Kind } return json.Marshal(objectMap) } -// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return nil, false -} - -// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false -} - -// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { - return nil, false -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false -} - -// AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return nil, false -} - -// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return nil, false -} - -// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false -} - -// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return &tdc, true -} - -// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { - return nil, false +// AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool) { + return &tiim, true } -// AsDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceResource() (*ThreatIntelligenceResource, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &tdc, true +// AsBasicThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceResource() (BasicThreatIntelligenceResource, bool) { + return &tiim, true } -// UnmarshalJSON is the custom unmarshaler for TIDataConnector struct. -func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorModel struct. +func (tiim *ThreatIntelligenceIndicatorModel) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -11942,12 +12822,12 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var tIDataConnectorProperties TIDataConnectorProperties - err = json.Unmarshal(*v, &tIDataConnectorProperties) + var threatIntelligenceIndicatorProperties ThreatIntelligenceIndicatorProperties + err = json.Unmarshal(*v, &threatIntelligenceIndicatorProperties) if err != nil { return err } - tdc.TIDataConnectorProperties = &tIDataConnectorProperties + tiim.ThreatIntelligenceIndicatorProperties = &threatIntelligenceIndicatorProperties } case "id": if v != nil { @@ -11956,7 +12836,7 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - tdc.ID = &ID + tiim.ID = &ID } case "name": if v != nil { @@ -11965,7 +12845,7 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - tdc.Name = &name + tiim.Name = &name } case "type": if v != nil { @@ -11974,7 +12854,7 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - tdc.Type = &typeVar + tiim.Type = &typeVar } case "etag": if v != nil { @@ -11983,16 +12863,16 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - tdc.Etag = &etag + tiim.Etag = &etag } case "kind": if v != nil { - var kind KindBasicDataConnector + var kind KindBasicThreatIntelligenceResource err = json.Unmarshal(*v, &kind) if err != nil { return err } - tdc.Kind = kind + tiim.Kind = kind } } } @@ -12000,99 +12880,152 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { return nil } -// TIDataConnectorDataTypes the available data types for TI (Threat Intelligence) data connector. -type TIDataConnectorDataTypes struct { - // Indicators - Data type for indicators connection. - Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` +// ThreatIntelligenceIndicatorProperties describes threat intelligence entity properties +type ThreatIntelligenceIndicatorProperties struct { + // ThreatIntelligenceTags - List of tags + ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"` + // LastUpdatedTimeUtc - Last updated time in UTC + LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"` + // Source - Source of a threat intelligence entity + Source *string `json:"source,omitempty"` + // DisplayName - Display name of a threat intelligence entity + DisplayName *string `json:"displayName,omitempty"` + // Description - Description of a threat intelligence entity + Description *string `json:"description,omitempty"` + // IndicatorTypes - Indicator types of threat intelligence entities + IndicatorTypes *[]string `json:"indicatorTypes,omitempty"` + // Pattern - Pattern of a threat intelligence entity + Pattern *string `json:"pattern,omitempty"` + // PatternType - Pattern type of a threat intelligence entity + PatternType *string `json:"patternType,omitempty"` + // KillChainPhases - Kill chain phases + KillChainPhases *[]ThreatIntelligenceKillChainPhase `json:"killChainPhases,omitempty"` + // ExternalID - External ID of threat intelligence entity + ExternalID *string `json:"externalId,omitempty"` + // CreatedByRef - Created by reference of threat intelligence entity + CreatedByRef *string `json:"createdByRef,omitempty"` + // ExternalReferences - External References + ExternalReferences *[]string `json:"externalReferences,omitempty"` + // GranularMarkings - Granular Markings + GranularMarkings *[]ThreatIntelligenceGranularMarkingModel `json:"granularMarkings,omitempty"` + // Revoked - Is threat intelligence entity revoked + Revoked *bool `json:"revoked,omitempty"` + // Confidence - Confidence of threat intelligence entity + Confidence *int32 `json:"confidence,omitempty"` + // Labels - Labels of threat intelligence entity + Labels *[]string `json:"labels,omitempty"` + // ThreatTypes - Threat types + ThreatTypes *[]string `json:"threatTypes,omitempty"` + // ValidFrom - Valid from + ValidFrom *string `json:"validFrom,omitempty"` + // ValidUntil - Valid until + ValidUntil *string `json:"validUntil,omitempty"` + // Created - Created by + Created *string `json:"created,omitempty"` + // Modified - Modified by + Modified *string `json:"modified,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } -// TIDataConnectorDataTypesIndicators data type for indicators connection. -type TIDataConnectorDataTypesIndicators struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` +// MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorProperties. +func (tiip ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if tiip.ThreatIntelligenceTags != nil { + objectMap["threatIntelligenceTags"] = tiip.ThreatIntelligenceTags + } + if tiip.LastUpdatedTimeUtc != nil { + objectMap["lastUpdatedTimeUtc"] = tiip.LastUpdatedTimeUtc + } + if tiip.Source != nil { + objectMap["source"] = tiip.Source + } + if tiip.DisplayName != nil { + objectMap["displayName"] = tiip.DisplayName + } + if tiip.Description != nil { + objectMap["description"] = tiip.Description + } + if tiip.IndicatorTypes != nil { + objectMap["indicatorTypes"] = tiip.IndicatorTypes + } + if tiip.Pattern != nil { + objectMap["pattern"] = tiip.Pattern + } + if tiip.PatternType != nil { + objectMap["patternType"] = tiip.PatternType + } + if tiip.KillChainPhases != nil { + objectMap["killChainPhases"] = tiip.KillChainPhases + } + if tiip.ExternalID != nil { + objectMap["externalId"] = tiip.ExternalID + } + if tiip.CreatedByRef != nil { + objectMap["createdByRef"] = tiip.CreatedByRef + } + if tiip.ExternalReferences != nil { + objectMap["externalReferences"] = tiip.ExternalReferences + } + if tiip.GranularMarkings != nil { + objectMap["granularMarkings"] = tiip.GranularMarkings + } + if tiip.Revoked != nil { + objectMap["revoked"] = tiip.Revoked + } + if tiip.Confidence != nil { + objectMap["confidence"] = tiip.Confidence + } + if tiip.Labels != nil { + objectMap["labels"] = tiip.Labels + } + if tiip.ThreatTypes != nil { + objectMap["threatTypes"] = tiip.ThreatTypes + } + if tiip.ValidFrom != nil { + objectMap["validFrom"] = tiip.ValidFrom + } + if tiip.ValidUntil != nil { + objectMap["validUntil"] = tiip.ValidUntil + } + if tiip.Created != nil { + objectMap["created"] = tiip.Created + } + if tiip.Modified != nil { + objectMap["modified"] = tiip.Modified + } + return json.Marshal(objectMap) } -// TIDataConnectorProperties TI (Threat Intelligence) data connector properties. -type TIDataConnectorProperties struct { - // DataTypes - The available data types for the connector. - DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"` - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` +// ThreatIntelligenceIndicatorWithoutReadOnlyFields threat intelligence indicator entity. +type ThreatIntelligenceIndicatorWithoutReadOnlyFields struct { + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties + *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"` + // Kind - The kind of the entity. + Kind *string `json:"kind,omitempty"` } -// TiTaxiiCheckRequirements represents threat intelligence requirements check request. -type TiTaxiiCheckRequirements struct { - // TiTaxiiCheckRequirementsProperties - Ti Taxii (Threat Intelligence Taxii) requirements check properties. - *TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' - Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error) { - ttcr.Kind = KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii +// MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorWithoutReadOnlyFields. +func (tiiwrof ThreatIntelligenceIndicatorWithoutReadOnlyFields) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - if ttcr.TiTaxiiCheckRequirementsProperties != nil { - objectMap["properties"] = ttcr.TiTaxiiCheckRequirementsProperties + if tiiwrof.Etag != nil { + objectMap["etag"] = tiiwrof.Etag } - if ttcr.Kind != "" { - objectMap["kind"] = ttcr.Kind + if tiiwrof.ThreatIntelligenceIndicatorProperties != nil { + objectMap["properties"] = tiiwrof.ThreatIntelligenceIndicatorProperties + } + if tiiwrof.Kind != nil { + objectMap["kind"] = tiiwrof.Kind } return json.Marshal(objectMap) } -// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { - return nil, false -} - -// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { - return nil, false -} - -// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { - return nil, false -} - -// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { - return nil, false -} - -// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { - return nil, false -} - -// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { - return nil, false -} - -// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { - return nil, false -} - -// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { - return &ttcr, true -} - -// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { - return nil, false -} - -// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. -func (ttcr TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { - return &ttcr, true -} - -// UnmarshalJSON is the custom unmarshaler for TiTaxiiCheckRequirements struct. -func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorWithoutReadOnlyFields struct. +func (tiiwrof *ThreatIntelligenceIndicatorWithoutReadOnlyFields) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -12100,23 +13033,32 @@ func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error { } for k, v := range m { switch k { + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + tiiwrof.Etag = &etag + } case "properties": if v != nil { - var tiTaxiiCheckRequirementsProperties TiTaxiiCheckRequirementsProperties - err = json.Unmarshal(*v, &tiTaxiiCheckRequirementsProperties) + var threatIntelligenceIndicatorProperties ThreatIntelligenceIndicatorProperties + err = json.Unmarshal(*v, &threatIntelligenceIndicatorProperties) if err != nil { return err } - ttcr.TiTaxiiCheckRequirementsProperties = &tiTaxiiCheckRequirementsProperties + tiiwrof.ThreatIntelligenceIndicatorProperties = &threatIntelligenceIndicatorProperties } case "kind": if v != nil { - var kind KindBasicDataConnectorsCheckRequirements + var kind string err = json.Unmarshal(*v, &kind) if err != nil { return err } - ttcr.Kind = kind + tiiwrof.Kind = &kind } } } @@ -12124,16 +13066,56 @@ func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error { return nil } -// TiTaxiiCheckRequirementsProperties threat Intelligence taxii client data connector properties. -type TiTaxiiCheckRequirementsProperties struct { - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` +// ThreatIntelligenceKillChainPhase describes threat kill chain phase entity +type ThreatIntelligenceKillChainPhase struct { + // KillChainName - Kill chainName name + KillChainName *string `json:"killChainName,omitempty"` + // PhaseName - Phase name + PhaseName *int32 `json:"phaseName,omitempty"` } -// TiTaxiiDataConnector represents threat intelligence taxii data connector. -type TiTaxiiDataConnector struct { - // TiTaxiiDataConnectorProperties - Threat intelligence taxii client data connector properties. - *TiTaxiiDataConnectorProperties `json:"properties,omitempty"` +// ThreatIntelligenceMetric describes threat intelligence metric +type ThreatIntelligenceMetric struct { + // LastUpdatedTimeUtc - Time Metric + LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"` + // ThreatTypeMetrics - Threat type metrics + ThreatTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"threatTypeMetrics,omitempty"` + // PatternTypeMetrics - Pattern type metrics + PatternTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"patternTypeMetrics,omitempty"` + // SourceMetrics - Source metrics + SourceMetrics *[]ThreatIntelligenceMetricEntity `json:"sourceMetrics,omitempty"` +} + +// ThreatIntelligenceMetricEntity describes threat intelligence metric entity +type ThreatIntelligenceMetricEntity struct { + // MetricName - Metric name + MetricName *string `json:"metricName,omitempty"` + // MetricValue - Metric value + MetricValue *int32 `json:"metricValue,omitempty"` +} + +// ThreatIntelligenceMetricResource threat intelligence metric resource. +type ThreatIntelligenceMetricResource struct { + // Properties - Threat intelligence metric. + Properties *ThreatIntelligenceMetric `json:"properties,omitempty"` +} + +// ThreatIntelligenceMetricResourceList list of all the threat intelligence metric resource. +type ThreatIntelligenceMetricResourceList struct { + autorest.Response `json:"-"` + // Value - Array of threat intelligence metrics resource. + Value *[]ThreatIntelligenceMetricResource `json:"value,omitempty"` +} + +// BasicThreatIntelligenceResource threat intelligence resource. +type BasicThreatIntelligenceResource interface { + AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool) + AsThreatIntelligenceResource() (*ThreatIntelligenceResource, bool) +} + +// ThreatIntelligenceResource threat intelligence resource. +type ThreatIntelligenceResource struct { + autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name @@ -12142,83 +13124,101 @@ type TiTaxiiDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindThreatIntelligenceResource', 'KindIndicator' + Kind KindBasicThreatIntelligenceResource `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) MarshalJSON() ([]byte, error) { - ttdc.Kind = KindThreatIntelligenceTaxii - objectMap := make(map[string]interface{}) - if ttdc.TiTaxiiDataConnectorProperties != nil { - objectMap["properties"] = ttdc.TiTaxiiDataConnectorProperties - } - if ttdc.Etag != nil { - objectMap["etag"] = ttdc.Etag - } - if ttdc.Kind != "" { - objectMap["kind"] = ttdc.Kind +func unmarshalBasicThreatIntelligenceResource(body []byte) (BasicThreatIntelligenceResource, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err } - return json.Marshal(objectMap) -} -// AsAADDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return nil, false -} - -// AsAATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false + switch m["kind"] { + case string(KindIndicator): + var tiim ThreatIntelligenceIndicatorModel + err := json.Unmarshal(body, &tiim) + return tiim, err + default: + var tir ThreatIntelligenceResource + err := json.Unmarshal(body, &tir) + return tir, err + } } +func unmarshalBasicThreatIntelligenceResourceArray(body []byte) ([]BasicThreatIntelligenceResource, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } -// AsASCDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { - return nil, false -} + tirArray := make([]BasicThreatIntelligenceResource, len(rawMessages)) -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false + for index, rawMessage := range rawMessages { + tir, err := unmarshalBasicThreatIntelligenceResource(*rawMessage) + if err != nil { + return nil, err + } + tirArray[index] = tir + } + return tirArray, nil } -// AsMCASDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return nil, false +// MarshalJSON is the custom marshaler for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) MarshalJSON() ([]byte, error) { + tir.Kind = KindThreatIntelligenceResource + objectMap := make(map[string]interface{}) + if tir.Etag != nil { + objectMap["etag"] = tir.Etag + } + if tir.Kind != "" { + objectMap["kind"] = tir.Kind + } + return json.Marshal(objectMap) } -// AsMDATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool) { return nil, false } -// AsOfficeDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false +// AsThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) AsThreatIntelligenceResource() (*ThreatIntelligenceResource, bool) { + return &tir, true } -// AsTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return nil, false +// AsBasicThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) AsBasicThreatIntelligenceResource() (BasicThreatIntelligenceResource, bool) { + return &tir, true } -// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { - return &ttdc, true +// ThreatIntelligenceResourceKind1 describes an entity with kind. +type ThreatIntelligenceResourceKind1 struct { + // Kind - The kind of the entity. + Kind *string `json:"kind,omitempty"` } -// AsDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool) { - return nil, false +// ThreatIntelligenceResourceList list of all the threat intelligence entities. +type ThreatIntelligenceResourceList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of entities. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of threat intelligence entities. + Value *[]BasicThreatIntelligenceResource `json:"value,omitempty"` } -// AsBasicDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &ttdc, true +// MarshalJSON is the custom marshaler for ThreatIntelligenceResourceList. +func (tirl ThreatIntelligenceResourceList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if tirl.Value != nil { + objectMap["value"] = tirl.Value + } + return json.Marshal(objectMap) } -// UnmarshalJSON is the custom unmarshaler for TiTaxiiDataConnector struct. -func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceResourceList struct. +func (tirl *ThreatIntelligenceResourceList) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -12226,59 +13226,22 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { } for k, v := range m { switch k { - case "properties": - if v != nil { - var tiTaxiiDataConnectorProperties TiTaxiiDataConnectorProperties - err = json.Unmarshal(*v, &tiTaxiiDataConnectorProperties) - if err != nil { - return err - } - ttdc.TiTaxiiDataConnectorProperties = &tiTaxiiDataConnectorProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - ttdc.ID = &ID - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - ttdc.Name = &name - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - ttdc.Type = &typeVar - } - case "etag": + case "nextLink": if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) + var nextLink string + err = json.Unmarshal(*v, &nextLink) if err != nil { return err } - ttdc.Etag = &etag + tirl.NextLink = &nextLink } - case "kind": + case "value": if v != nil { - var kind KindBasicDataConnector - err = json.Unmarshal(*v, &kind) + value, err := unmarshalBasicThreatIntelligenceResourceArray(*v) if err != nil { return err } - ttdc.Kind = kind + tirl.Value = &value } } } @@ -12286,157 +13249,249 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { return nil } -// TiTaxiiDataConnectorDataTypes the available data types for Threat Intelligence taxii client data connector. -type TiTaxiiDataConnectorDataTypes struct { - // TaxiiClient - Data type for taxii client. - TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"` +// ThreatIntelligenceResourceListIterator provides access to a complete listing of ThreatIntelligenceResource +// values. +type ThreatIntelligenceResourceListIterator struct { + i int + page ThreatIntelligenceResourceListPage } -// TiTaxiiDataConnectorDataTypesTaxiiClient data type for taxii client. -type TiTaxiiDataConnectorDataTypesTaxiiClient struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *ThreatIntelligenceResourceListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceResourceListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil } -// TiTaxiiDataConnectorProperties threat Intelligence taxii client data connector properties. -type TiTaxiiDataConnectorProperties struct { - // WorkspaceID - The workspace id. - WorkspaceID *string `json:"workspaceId,omitempty"` - // FriendlyName - The friendly name for taxii client connector. - FriendlyName *string `json:"friendlyName,omitempty"` - // TaxiiServer - The API root server for taxii client. - TaxiiServer *string `json:"taxiiServer,omitempty"` - // CollectionID - The taxii collection id. - CollectionID *string `json:"collectionId,omitempty"` - // UserName - The taxii server user name. - UserName *string `json:"userName,omitempty"` - // Password - The taxii server password. - Password *string `json:"password,omitempty"` - // DataTypes - The available data types for the connector. - DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"` - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *ThreatIntelligenceResourceListIterator) Next() error { + return iter.NextWithContext(context.Background()) } -// URLEntity represents a url entity. -type URLEntity struct { - // URLEntityProperties - Url entity properties - *URLEntityProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' - Kind KindBasicEntity `json:"kind,omitempty"` +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter ThreatIntelligenceResourceListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) } -// MarshalJSON is the custom marshaler for URLEntity. -func (ue URLEntity) MarshalJSON() ([]byte, error) { - ue.Kind = KindURL - objectMap := make(map[string]interface{}) - if ue.URLEntityProperties != nil { - objectMap["properties"] = ue.URLEntityProperties +// Response returns the raw server response from the last page request. +func (iter ThreatIntelligenceResourceListIterator) Response() ThreatIntelligenceResourceList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter ThreatIntelligenceResourceListIterator) Value() BasicThreatIntelligenceResource { + if !iter.page.NotDone() { + return ThreatIntelligenceResource{} } - if ue.Kind != "" { - objectMap["kind"] = ue.Kind + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the ThreatIntelligenceResourceListIterator type. +func NewThreatIntelligenceResourceListIterator(page ThreatIntelligenceResourceListPage) ThreatIntelligenceResourceListIterator { + return ThreatIntelligenceResourceListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (tirl ThreatIntelligenceResourceList) IsEmpty() bool { + return tirl.Value == nil || len(*tirl.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (tirl ThreatIntelligenceResourceList) hasNextLink() bool { + return tirl.NextLink != nil && len(*tirl.NextLink) != 0 +} + +// threatIntelligenceResourceListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (tirl ThreatIntelligenceResourceList) threatIntelligenceResourceListPreparer(ctx context.Context) (*http.Request, error) { + if !tirl.hasNextLink() { + return nil, nil } - return json.Marshal(objectMap) + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(tirl.NextLink))) } -// AsAccountEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false +// ThreatIntelligenceResourceListPage contains a page of BasicThreatIntelligenceResource values. +type ThreatIntelligenceResourceListPage struct { + fn func(context.Context, ThreatIntelligenceResourceList) (ThreatIntelligenceResourceList, error) + tirl ThreatIntelligenceResourceList } -// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *ThreatIntelligenceResourceListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceResourceListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.tirl) + if err != nil { + return err + } + page.tirl = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil } -// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *ThreatIntelligenceResourceListPage) Next() error { + return page.NextWithContext(context.Background()) } -// AsDNSEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page ThreatIntelligenceResourceListPage) NotDone() bool { + return !page.tirl.IsEmpty() } -// AsFileEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false +// Response returns the raw server response from the last page request. +func (page ThreatIntelligenceResourceListPage) Response() ThreatIntelligenceResourceList { + return page.tirl } -// AsFileHashEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false +// Values returns the slice of values for the current page or nil if there are no values. +func (page ThreatIntelligenceResourceListPage) Values() []BasicThreatIntelligenceResource { + if page.tirl.IsEmpty() { + return nil + } + return *page.tirl.Value } -// AsHostEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false +// Creates a new instance of the ThreatIntelligenceResourceListPage type. +func NewThreatIntelligenceResourceListPage(getNextPage func(context.Context, ThreatIntelligenceResourceList) (ThreatIntelligenceResourceList, error)) ThreatIntelligenceResourceListPage { + return ThreatIntelligenceResourceListPage{fn: getNextPage} } -// AsIPEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { +// ThreatIntelligenceResourceModel ... +type ThreatIntelligenceResourceModel struct { + autorest.Response `json:"-"` + Value BasicThreatIntelligenceResource `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceResourceModel struct. +func (tirm *ThreatIntelligenceResourceModel) UnmarshalJSON(body []byte) error { + tir, err := unmarshalBasicThreatIntelligenceResource(body) + if err != nil { + return err + } + tirm.Value = tir + + return nil +} + +// TICheckRequirements threat Intelligence Platforms data connector check requirements +type TICheckRequirements struct { + // TICheckRequirementsProperties - Threat Intelligence Platforms data connector check required properties + *TICheckRequirementsProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for TICheckRequirements. +func (tcr TICheckRequirements) MarshalJSON() ([]byte, error) { + tcr.Kind = KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence + objectMap := make(map[string]interface{}) + if tcr.TICheckRequirementsProperties != nil { + objectMap["properties"] = tcr.TICheckRequirementsProperties + } + if tcr.Kind != "" { + objectMap["kind"] = tcr.Kind + } + return json.Marshal(objectMap) +} + +// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { return nil, false } -// AsProcessEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool) { +// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { return nil, false } -// AsURLEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsURLEntity() (*URLEntity, bool) { - return &ue, true +// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { + return &tcr, true } -// AsIoTDeviceEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) { +// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { return nil, false } -// AsEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsEntity() (*Entity, bool) { +// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { return nil, false } -// AsBasicEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsBasicEntity() (BasicEntity, bool) { - return &ue, true +// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { + return &tcr, true } -// UnmarshalJSON is the custom unmarshaler for URLEntity struct. -func (ue *URLEntity) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for TICheckRequirements struct. +func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -12446,48 +13501,21 @@ func (ue *URLEntity) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var URLEntityProperties URLEntityProperties - err = json.Unmarshal(*v, &URLEntityProperties) - if err != nil { - return err - } - ue.URLEntityProperties = &URLEntityProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - ue.ID = &ID - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - ue.Name = &name - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var tICheckRequirementsProperties TICheckRequirementsProperties + err = json.Unmarshal(*v, &tICheckRequirementsProperties) if err != nil { return err } - ue.Type = &typeVar + tcr.TICheckRequirementsProperties = &tICheckRequirementsProperties } case "kind": if v != nil { - var kind KindBasicEntity + var kind KindBasicDataConnectorsCheckRequirements err = json.Unmarshal(*v, &kind) if err != nil { return err } - ue.Kind = kind + tcr.Kind = kind } } } @@ -12495,37 +13523,1230 @@ func (ue *URLEntity) UnmarshalJSON(body []byte) error { return nil } -// URLEntityProperties url entity property bag. -type URLEntityProperties struct { - // URL - READ-ONLY; A full URL the entity points to - URL *string `json:"url,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` -} - -// MarshalJSON is the custom marshaler for URLEntityProperties. -func (uep URLEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) +// TICheckRequirementsProperties threat Intelligence Platforms data connector required properties. +type TICheckRequirementsProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` } -// UserInfo user information that made some action -type UserInfo struct { - // Email - READ-ONLY; The email of the user. - Email *string `json:"email,omitempty"` - // Name - READ-ONLY; The name of the user. +// TIDataConnector data connector to pull threat intelligence data from TIP products. +type TIDataConnector struct { + // TIDataConnectorProperties - Threat Intelligence Platforms data connector properties. + *TIDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // ObjectID - The object id of the user. - ObjectID *uuid.UUID `json:"objectId,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + Kind KindBasicDataConnector `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for UserInfo. -func (UI UserInfo) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) +// MarshalJSON is the custom marshaler for TIDataConnector. +func (tdc TIDataConnector) MarshalJSON() ([]byte, error) { + tdc.Kind = KindThreatIntelligence + objectMap := make(map[string]interface{}) + if tdc.TIDataConnectorProperties != nil { + objectMap["properties"] = tdc.TIDataConnectorProperties + } + if tdc.Etag != nil { + objectMap["etag"] = tdc.Etag + } + if tdc.Kind != "" { + objectMap["kind"] = tdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return &tdc, true +} + +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &tdc, true +} + +// UnmarshalJSON is the custom unmarshaler for TIDataConnector struct. +func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var tIDataConnectorProperties TIDataConnectorProperties + err = json.Unmarshal(*v, &tIDataConnectorProperties) + if err != nil { + return err + } + tdc.TIDataConnectorProperties = &tIDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + tdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + tdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + tdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + tdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + tdc.Kind = kind + } + } + } + + return nil +} + +// TIDataConnectorDataTypes the available data types for Threat Intelligence Platforms data connector. +type TIDataConnectorDataTypes struct { + // Indicators - Data type for Threat Intelligence Platforms data connector. + Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` +} + +// TIDataConnectorDataTypesIndicators data type for Threat Intelligence Platforms data connector. +type TIDataConnectorDataTypesIndicators struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// TIDataConnectorProperties threat Intelligence Platforms data connector properties. +type TIDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// TiTaxiiCheckRequirements threat Intelligence TAXII data connector check requirements +type TiTaxiiCheckRequirements struct { + // TiTaxiiCheckRequirementsProperties - Threat Intelligence TAXII check required properties. + *TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error) { + ttcr.Kind = KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii + objectMap := make(map[string]interface{}) + if ttcr.TiTaxiiCheckRequirementsProperties != nil { + objectMap["properties"] = ttcr.TiTaxiiCheckRequirementsProperties + } + if ttcr.Kind != "" { + objectMap["kind"] = ttcr.Kind + } + return json.Marshal(objectMap) +} + +// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { + return nil, false +} + +// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { + return nil, false +} + +// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { + return nil, false +} + +// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { + return nil, false +} + +// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { + return nil, false +} + +// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { + return nil, false +} + +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + +// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { + return nil, false +} + +// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { + return &ttcr, true +} + +// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { + return nil, false +} + +// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { + return &ttcr, true +} + +// UnmarshalJSON is the custom unmarshaler for TiTaxiiCheckRequirements struct. +func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var tiTaxiiCheckRequirementsProperties TiTaxiiCheckRequirementsProperties + err = json.Unmarshal(*v, &tiTaxiiCheckRequirementsProperties) + if err != nil { + return err + } + ttcr.TiTaxiiCheckRequirementsProperties = &tiTaxiiCheckRequirementsProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnectorsCheckRequirements + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ttcr.Kind = kind + } + } + } + + return nil +} + +// TiTaxiiCheckRequirementsProperties threat Intelligence TAXII data connector required properties. +type TiTaxiiCheckRequirementsProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// TiTaxiiDataConnector data connector to pull Threat intelligence data from TAXII 2.0/2.1 server +type TiTaxiiDataConnector struct { + // TiTaxiiDataConnectorProperties - Threat intelligence TAXII data connector properties. + *TiTaxiiDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) MarshalJSON() ([]byte, error) { + ttdc.Kind = KindThreatIntelligenceTaxii + objectMap := make(map[string]interface{}) + if ttdc.TiTaxiiDataConnectorProperties != nil { + objectMap["properties"] = ttdc.TiTaxiiDataConnectorProperties + } + if ttdc.Etag != nil { + objectMap["etag"] = ttdc.Etag + } + if ttdc.Kind != "" { + objectMap["kind"] = ttdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return &ttdc, true +} + +// AsDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &ttdc, true +} + +// UnmarshalJSON is the custom unmarshaler for TiTaxiiDataConnector struct. +func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var tiTaxiiDataConnectorProperties TiTaxiiDataConnectorProperties + err = json.Unmarshal(*v, &tiTaxiiDataConnectorProperties) + if err != nil { + return err + } + ttdc.TiTaxiiDataConnectorProperties = &tiTaxiiDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ttdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ttdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ttdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ttdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ttdc.Kind = kind + } + } + } + + return nil +} + +// TiTaxiiDataConnectorDataTypes the available data types for Threat Intelligence TAXII data connector. +type TiTaxiiDataConnectorDataTypes struct { + // TaxiiClient - Data type for TAXII connector. + TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"` +} + +// TiTaxiiDataConnectorDataTypesTaxiiClient data type for TAXII connector. +type TiTaxiiDataConnectorDataTypesTaxiiClient struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// TiTaxiiDataConnectorProperties threat Intelligence TAXII data connector properties. +type TiTaxiiDataConnectorProperties struct { + // WorkspaceID - The workspace id. + WorkspaceID *string `json:"workspaceId,omitempty"` + // FriendlyName - The friendly name for the TAXII server. + FriendlyName *string `json:"friendlyName,omitempty"` + // TaxiiServer - The API root for the TAXII server. + TaxiiServer *string `json:"taxiiServer,omitempty"` + // CollectionID - The collection id of the TAXII server. + CollectionID *string `json:"collectionId,omitempty"` + // UserName - The userName for the TAXII server. + UserName *string `json:"userName,omitempty"` + // Password - The password for the TAXII server. + Password *string `json:"password,omitempty"` + // DataTypes - The available data types for Threat Intelligence TAXII data connector. + DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// Ueba settings with single toggle. +type Ueba struct { + // UebaProperties - Ueba properties + *UebaProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' + Kind KindBasicSettings `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for Ueba. +func (u Ueba) MarshalJSON() ([]byte, error) { + u.Kind = KindUeba + objectMap := make(map[string]interface{}) + if u.UebaProperties != nil { + objectMap["properties"] = u.UebaProperties + } + if u.Etag != nil { + objectMap["etag"] = u.Etag + } + if u.Kind != "" { + objectMap["kind"] = u.Kind + } + return json.Marshal(objectMap) +} + +// AsEyesOn is the BasicSettings implementation for Ueba. +func (u Ueba) AsEyesOn() (*EyesOn, bool) { + return nil, false +} + +// AsEntityAnalytics is the BasicSettings implementation for Ueba. +func (u Ueba) AsEntityAnalytics() (*EntityAnalytics, bool) { + return nil, false +} + +// AsUeba is the BasicSettings implementation for Ueba. +func (u Ueba) AsUeba() (*Ueba, bool) { + return &u, true +} + +// AsSettings is the BasicSettings implementation for Ueba. +func (u Ueba) AsSettings() (*Settings, bool) { + return nil, false +} + +// AsBasicSettings is the BasicSettings implementation for Ueba. +func (u Ueba) AsBasicSettings() (BasicSettings, bool) { + return &u, true +} + +// UnmarshalJSON is the custom unmarshaler for Ueba struct. +func (u *Ueba) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var uebaProperties UebaProperties + err = json.Unmarshal(*v, &uebaProperties) + if err != nil { + return err + } + u.UebaProperties = &uebaProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + u.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + u.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + u.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + u.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicSettings + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + u.Kind = kind + } + } + } + + return nil +} + +// UebaProperties ueba property bag. +type UebaProperties struct { + // DataSources - The relevant data sources that enriched by ueba + DataSources *[]UebaDataSources `json:"dataSources,omitempty"` +} + +// URLEntity represents a url entity. +type URLEntity struct { + // URLEntityProperties - Url entity properties + *URLEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for URLEntity. +func (ue URLEntity) MarshalJSON() ([]byte, error) { + ue.Kind = KindURL + objectMap := make(map[string]interface{}) + if ue.URLEntityProperties != nil { + objectMap["properties"] = ue.URLEntityProperties + } + if ue.Kind != "" { + objectMap["kind"] = ue.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsHuntingBookmark is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsURLEntity() (*URLEntity, bool) { + return &ue, true +} + +// AsIoTDeviceEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsBasicEntity() (BasicEntity, bool) { + return &ue, true +} + +// UnmarshalJSON is the custom unmarshaler for URLEntity struct. +func (ue *URLEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var URLEntityProperties URLEntityProperties + err = json.Unmarshal(*v, &URLEntityProperties) + if err != nil { + return err + } + ue.URLEntityProperties = &URLEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ue.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ue.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ue.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ue.Kind = kind + } + } + } + + return nil +} + +// URLEntityProperties url entity property bag. +type URLEntityProperties struct { + // URL - READ-ONLY; A full URL the entity points to + URL *string `json:"url,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for URLEntityProperties. +func (uep URLEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// UserInfo user information that made some action +type UserInfo struct { + // Email - READ-ONLY; The email of the user. + Email *string `json:"email,omitempty"` + // Name - READ-ONLY; The name of the user. + Name *string `json:"name,omitempty"` + // ObjectID - The object id of the user. + ObjectID *uuid.UUID `json:"objectId,omitempty"` +} + +// MarshalJSON is the custom marshaler for UserInfo. +func (UI UserInfo) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) if UI.ObjectID != nil { objectMap["objectId"] = UI.ObjectID } return json.Marshal(objectMap) } + +// Watchlist represents a Watchlist in Azure Security Insights. +type Watchlist struct { + autorest.Response `json:"-"` + // WatchlistProperties - Watchlist properties + *WatchlistProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for Watchlist. +func (w Watchlist) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if w.WatchlistProperties != nil { + objectMap["properties"] = w.WatchlistProperties + } + if w.Etag != nil { + objectMap["etag"] = w.Etag + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for Watchlist struct. +func (w *Watchlist) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var watchlistProperties WatchlistProperties + err = json.Unmarshal(*v, &watchlistProperties) + if err != nil { + return err + } + w.WatchlistProperties = &watchlistProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + w.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + w.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + w.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + w.Etag = &etag + } + } + } + + return nil +} + +// WatchlistItem represents a Watchlist Item in Azure Security Insights. +type WatchlistItem struct { + // WatchlistItemProperties - Watchlist item properties + *WatchlistItemProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for WatchlistItem. +func (wi WatchlistItem) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if wi.WatchlistItemProperties != nil { + objectMap["properties"] = wi.WatchlistItemProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for WatchlistItem struct. +func (wi *WatchlistItem) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var watchlistItemProperties WatchlistItemProperties + err = json.Unmarshal(*v, &watchlistItemProperties) + if err != nil { + return err + } + wi.WatchlistItemProperties = &watchlistItemProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + wi.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + wi.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + wi.Type = &typeVar + } + } + } + + return nil +} + +// WatchlistItemProperties describes watchlist item properties +type WatchlistItemProperties struct { + // CreatedBy - Describes a user that created the watchlist + CreatedBy *UserInfo `json:"createdBy,omitempty"` + // UpdatedBy - Describes a user that updated the watchlist + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` + // WatchlistItemName - Name of the watchlist item + WatchlistItemName *string `json:"watchlistItemName,omitempty"` + // WatchlistItemPair - A key-value pair for a watchlist item + WatchlistItemPair interface{} `json:"watchlistItemPair,omitempty"` + // EntityMapping - A key-value pair for a watchlist item entity mapping + EntityMapping interface{} `json:"entityMapping,omitempty"` + // TenantID - The tenantId to which this watchlist item belongs to + TenantID *string `json:"tenantId,omitempty"` + // CreatedTimeUtc - The time the watchlist item was created + CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // LastUpdatedTimeUtc - The last time the watchlist item was updated + LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` + // TimeToLiveUtc - The time to live for the watchlist item + TimeToLiveUtc *date.Time `json:"timeToLiveUtc,omitempty"` + // WatchlistItemType - The type of the watchlist item + WatchlistItemType *string `json:"watchlistItemType,omitempty"` + // WatchlistID - The watchlist id of the parent of this watchlist item + WatchlistID *string `json:"watchlistId,omitempty"` +} + +// WatchlistList list all the watchlists. +type WatchlistList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of watchlists. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of watchlist. + Value *[]Watchlist `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for WatchlistList. +func (wl WatchlistList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if wl.Value != nil { + objectMap["value"] = wl.Value + } + return json.Marshal(objectMap) +} + +// WatchlistListIterator provides access to a complete listing of Watchlist values. +type WatchlistListIterator struct { + i int + page WatchlistListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *WatchlistListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *WatchlistListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter WatchlistListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter WatchlistListIterator) Response() WatchlistList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter WatchlistListIterator) Value() Watchlist { + if !iter.page.NotDone() { + return Watchlist{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the WatchlistListIterator type. +func NewWatchlistListIterator(page WatchlistListPage) WatchlistListIterator { + return WatchlistListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (wl WatchlistList) IsEmpty() bool { + return wl.Value == nil || len(*wl.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (wl WatchlistList) hasNextLink() bool { + return wl.NextLink != nil && len(*wl.NextLink) != 0 +} + +// watchlistListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (wl WatchlistList) watchlistListPreparer(ctx context.Context) (*http.Request, error) { + if !wl.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(wl.NextLink))) +} + +// WatchlistListPage contains a page of Watchlist values. +type WatchlistListPage struct { + fn func(context.Context, WatchlistList) (WatchlistList, error) + wl WatchlistList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *WatchlistListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.wl) + if err != nil { + return err + } + page.wl = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *WatchlistListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page WatchlistListPage) NotDone() bool { + return !page.wl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page WatchlistListPage) Response() WatchlistList { + return page.wl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page WatchlistListPage) Values() []Watchlist { + if page.wl.IsEmpty() { + return nil + } + return *page.wl.Value +} + +// Creates a new instance of the WatchlistListPage type. +func NewWatchlistListPage(getNextPage func(context.Context, WatchlistList) (WatchlistList, error)) WatchlistListPage { + return WatchlistListPage{fn: getNextPage} +} + +// WatchlistProperties describes watchlist properties +type WatchlistProperties struct { + // CreatedTimeUtc - The time the watchlist was created + CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // CreatedBy - Describes a user that created the watchlist + CreatedBy *UserInfo `json:"createdBy,omitempty"` + // DisplayName - The display name of the watchlist + DisplayName *string `json:"displayName,omitempty"` + // WatchlistType - The type of the watchlist + WatchlistType *string `json:"watchlistType,omitempty"` + // Source - The source of the watchlist. Possible values include: 'Localfile', 'Remotestorage' + Source Source `json:"source,omitempty"` + // Provider - The provider of the watchlist + Provider *string `json:"provider,omitempty"` + // Description - A description of the watchlist + Description *string `json:"description,omitempty"` + // TenantID - The tenantId where the watchlist belongs to. + TenantID *string `json:"tenantId,omitempty"` + // WorkspaceID - The workspaceId where the watchlist belongs to. + WorkspaceID *string `json:"workspaceId,omitempty"` + // Labels - List of labels relevant to this watchlist + Labels *[]string `json:"labels,omitempty"` + // Notes - The notes of the watchlist + Notes *string `json:"notes,omitempty"` + // LastUpdatedTimeUtc - The last time the watchlist was updated + LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` + // UpdatedBy - Describes a user that updated the watchlist + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` + // DefaultDuration - The default duration of a watchlist (in ISO 8601 duration format) + DefaultDuration *string `json:"defaultDuration,omitempty"` + // WatchlistItems - List of watchlist items. + WatchlistItems *[]WatchlistItem `json:"watchlistItems,omitempty"` +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go index 6532d75ba193..7feddaab598b 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go @@ -49,7 +49,7 @@ func NewProductSettingsClientWithBaseURI(baseURI string, subscriptionID string) // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -// settingsName - the setting name. Supports- EyesOn +// settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba func (client ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result autorest.Response, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/ProductSettingsClient.Delete") @@ -142,7 +142,7 @@ func (client ProductSettingsClient) DeleteResponder(resp *http.Response) (result // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -// settingsName - the setting name. Supports- EyesOn +// settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result SettingsModel, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/ProductSettingsClient.Get") @@ -328,7 +328,7 @@ func (client ProductSettingsClient) GetAllResponder(resp *http.Response) (result // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -// settingsName - the setting name. Supports- EyesOn +// settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba // settings - the setting func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (result SettingsModel, err error) { if tracing.IsEnabled() { diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go index 5361049635dc..7798830c874a 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go @@ -23,6 +23,13 @@ import ( "github.com/Azure/go-autorest/autorest" ) +// BaseClientAPI contains the set of methods on the BaseClient type. +type BaseClientAPI interface { + CreateThreatIntelligence(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceIndicatorObjectToUpsert securityinsight.ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result securityinsight.ThreatIntelligenceResourceModel, err error) +} + +var _ BaseClientAPI = (*securityinsight.BaseClient)(nil) + // OperationsClientAPI contains the set of methods on the OperationsClient type. type OperationsClientAPI interface { List(ctx context.Context) (result securityinsight.OperationsListPage, err error) @@ -215,6 +222,9 @@ type IncidentsClientAPI interface { Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result securityinsight.Incident, err error) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentListPage, err error) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentListIterator, err error) + ListOfAlerts(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result securityinsight.IncidentAlertList, err error) + ListOfBookmarks(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result securityinsight.IncidentBookmarkList, err error) + ListOfEntities(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result securityinsight.IncidentEntitiesResponse, err error) } var _ IncidentsClientAPI = (*securityinsight.IncidentsClient)(nil) @@ -222,6 +232,7 @@ var _ IncidentsClientAPI = (*securityinsight.IncidentsClient)(nil) // IncidentCommentsClientAPI contains the set of methods on the IncidentCommentsClient type. type IncidentCommentsClientAPI interface { CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string, incidentComment securityinsight.IncidentComment) (result securityinsight.IncidentComment, err error) + DeleteComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result autorest.Response, err error) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result securityinsight.IncidentComment, err error) ListByIncident(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentCommentListPage, err error) ListByIncidentComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentCommentListIterator, err error) @@ -239,3 +250,56 @@ type IncidentRelationsClientAPI interface { } var _ IncidentRelationsClientAPI = (*securityinsight.IncidentRelationsClient)(nil) + +// WatchlistsClientAPI contains the set of methods on the WatchlistsClient type. +type WatchlistsClientAPI interface { + Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist securityinsight.Watchlist) (result securityinsight.Watchlist, err error) + Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result securityinsight.Watchlist, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.WatchlistListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.WatchlistListIterator, err error) + ListBySubscription(ctx context.Context, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.WatchlistListPage, err error) + ListBySubscriptionComplete(ctx context.Context, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.WatchlistListIterator, err error) +} + +var _ WatchlistsClientAPI = (*securityinsight.WatchlistsClient)(nil) + +// ThreatIntelligenceIndicatorsClientAPI contains the set of methods on the ThreatIntelligenceIndicatorsClient type. +type ThreatIntelligenceIndicatorsClientAPI interface { + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result securityinsight.ThreatIntelligenceResourceListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result securityinsight.ThreatIntelligenceResourceListIterator, err error) +} + +var _ ThreatIntelligenceIndicatorsClientAPI = (*securityinsight.ThreatIntelligenceIndicatorsClient)(nil) + +// ThreatIntelligenceIndicatorClientAPI contains the set of methods on the ThreatIntelligenceIndicatorClient type. +type ThreatIntelligenceIndicatorClientAPI interface { + AppendTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTagsRequestBody securityinsight.ThreatIntelligenceAppendTagsRequestBody) (result autorest.Response, err error) + Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result securityinsight.ThreatIntelligenceResourceModel, err error) + ReplaceTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTagsModel securityinsight.ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result securityinsight.ThreatIntelligenceResourceModel, err error) +} + +var _ ThreatIntelligenceIndicatorClientAPI = (*securityinsight.ThreatIntelligenceIndicatorClient)(nil) + +// ThreatIntelligenceIndicatorUpsertClientAPI contains the set of methods on the ThreatIntelligenceIndicatorUpsertClient type. +type ThreatIntelligenceIndicatorUpsertClientAPI interface { + Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceIndicatorObjectToUpsert securityinsight.ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result securityinsight.ThreatIntelligenceResourceModel, err error) +} + +var _ ThreatIntelligenceIndicatorUpsertClientAPI = (*securityinsight.ThreatIntelligenceIndicatorUpsertClient)(nil) + +// ThreatIntelligenceIndicatorsListClientAPI contains the set of methods on the ThreatIntelligenceIndicatorsListClient type. +type ThreatIntelligenceIndicatorsListClientAPI interface { + Query(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery securityinsight.ThreatIntelligenceArmStixQuery) (result securityinsight.ThreatIntelligenceResourceListPage, err error) + QueryComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery securityinsight.ThreatIntelligenceArmStixQuery) (result securityinsight.ThreatIntelligenceResourceListIterator, err error) +} + +var _ ThreatIntelligenceIndicatorsListClientAPI = (*securityinsight.ThreatIntelligenceIndicatorsListClient)(nil) + +// ThreatIntelligenceIndicatorMetricsClientAPI contains the set of methods on the ThreatIntelligenceIndicatorMetricsClient type. +type ThreatIntelligenceIndicatorMetricsClientAPI interface { + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ctiEntityKind string) (result securityinsight.ThreatIntelligenceMetricResourceList, err error) +} + +var _ ThreatIntelligenceIndicatorMetricsClientAPI = (*securityinsight.ThreatIntelligenceIndicatorMetricsClient)(nil) diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicator.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicator.go new file mode 100644 index 000000000000..32e58973dfc1 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicator.go @@ -0,0 +1,425 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource +// provider +type ThreatIntelligenceIndicatorClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorClient creates an instance of the ThreatIntelligenceIndicatorClient client. +func NewThreatIntelligenceIndicatorClient(subscriptionID string) ThreatIntelligenceIndicatorClient { + return NewThreatIntelligenceIndicatorClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorClient client +// using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign +// clouds, Azure stack). +func NewThreatIntelligenceIndicatorClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorClient { + return ThreatIntelligenceIndicatorClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// AppendTags append tags to a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +// threatIntelligenceAppendTagsRequestBody - the threat intelligence append tags request body +func (client ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTagsRequestBody ThreatIntelligenceAppendTagsRequestBody) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.AppendTags") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", err.Error()) + } + + req, err := client.AppendTagsPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceAppendTagsRequestBody) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", nil, "Failure preparing request") + return + } + + resp, err := client.AppendTagsSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", resp, "Failure sending request") + return + } + + result, err = client.AppendTagsResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", resp, "Failure responding to request") + } + + return +} + +// AppendTagsPreparer prepares the AppendTags request. +func (client ThreatIntelligenceIndicatorClient) AppendTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTagsRequestBody ThreatIntelligenceAppendTagsRequestBody) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags", pathParameters), + autorest.WithJSON(threatIntelligenceAppendTagsRequestBody), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// AppendTagsSender sends the AppendTags request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) AppendTagsSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// AppendTagsResponder handles the response to the AppendTags request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) AppendTagsResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByClosing()) + result.Response = resp + return +} + +// Delete delete a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +func (client ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", resp, "Failure responding to request") + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client ThreatIntelligenceIndicatorClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets a threat intelligence indicator. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +func (client ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client ThreatIntelligenceIndicatorClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) GetResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ReplaceTags replace tags to a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +// threatIntelligenceReplaceTagsModel - the threat intelligence entity properties for updating tags +func (client ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTagsModel ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.ReplaceTags") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", err.Error()) + } + + req, err := client.ReplaceTagsPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceReplaceTagsModel) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", nil, "Failure preparing request") + return + } + + resp, err := client.ReplaceTagsSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", resp, "Failure sending request") + return + } + + result, err = client.ReplaceTagsResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", resp, "Failure responding to request") + } + + return +} + +// ReplaceTagsPreparer prepares the ReplaceTags request. +func (client ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTagsModel ThreatIntelligenceIndicatorWithoutReadOnlyFields) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags", pathParameters), + autorest.WithJSON(threatIntelligenceReplaceTagsModel), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ReplaceTagsSender sends the ReplaceTags request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) ReplaceTagsSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ReplaceTagsResponder handles the response to the ReplaceTags request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) ReplaceTagsResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatormetrics.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatormetrics.go new file mode 100644 index 000000000000..a0c43dce18be --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatormetrics.go @@ -0,0 +1,142 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorMetricsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) +// resource provider +type ThreatIntelligenceIndicatorMetricsClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorMetricsClient creates an instance of the ThreatIntelligenceIndicatorMetricsClient +// client. +func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string) ThreatIntelligenceIndicatorMetricsClient { + return NewThreatIntelligenceIndicatorMetricsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorMetricsClientWithBaseURI creates an instance of the +// ThreatIntelligenceIndicatorMetricsClient client using a custom endpoint. Use this when interacting with an Azure +// cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorMetricsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorMetricsClient { + return ThreatIntelligenceIndicatorMetricsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Get get the threat intelligence metrics. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// ctiEntityKind - the threat intelligence entity kind +func (client ThreatIntelligenceIndicatorMetricsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ctiEntityKind string) (result ThreatIntelligenceMetricResourceList, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorMetricsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, ctiEntityKind) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client ThreatIntelligenceIndicatorMetricsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ctiEntityKind string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(ctiEntityKind) > 0 { + queryParameters["ctiEntityKind"] = autorest.Encode("query", ctiEntityKind) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorMetricsClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorMetricsClient) GetResponder(resp *http.Response) (result ThreatIntelligenceMetricResourceList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicators.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicators.go new file mode 100644 index 000000000000..df15c650aed4 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicators.go @@ -0,0 +1,196 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource +// provider +type ThreatIntelligenceIndicatorsClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorsClient creates an instance of the ThreatIntelligenceIndicatorsClient client. +func NewThreatIntelligenceIndicatorsClient(subscriptionID string) ThreatIntelligenceIndicatorsClient { + return NewThreatIntelligenceIndicatorsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorsClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorsClient +// client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI +// (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorsClient { + return ThreatIntelligenceIndicatorsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// List gets all threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// filter - filters the results, based on a Boolean condition. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +// orderby - sorts the results. Optional. +func (client ThreatIntelligenceIndicatorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceResourceListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsClient.List") + defer func() { + sc := -1 + if result.tirl.Response.Response != nil { + sc = result.tirl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, top, skipToken, orderby) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.tirl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "List", resp, "Failure sending request") + return + } + + result.tirl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "List", resp, "Failure responding to request") + } + if result.tirl.hasNextLink() && result.tirl.IsEmpty() { + err = result.NextWithContext(ctx) + } + + return +} + +// ListPreparer prepares the List request. +func (client ThreatIntelligenceIndicatorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorsClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorsClient) ListResponder(resp *http.Response) (result ThreatIntelligenceResourceList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client ThreatIntelligenceIndicatorsClient) listNextResults(ctx context.Context, lastResults ThreatIntelligenceResourceList) (result ThreatIntelligenceResourceList, err error) { + req, err := lastResults.threatIntelligenceResourceListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client ThreatIntelligenceIndicatorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceResourceListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, top, skipToken, orderby) + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorslist.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorslist.go new file mode 100644 index 000000000000..7d20722c3ac5 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorslist.go @@ -0,0 +1,181 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorsListClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) +// resource provider +type ThreatIntelligenceIndicatorsListClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorsListClient creates an instance of the ThreatIntelligenceIndicatorsListClient client. +func NewThreatIntelligenceIndicatorsListClient(subscriptionID string) ThreatIntelligenceIndicatorsListClient { + return NewThreatIntelligenceIndicatorsListClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorsListClientWithBaseURI creates an instance of the +// ThreatIntelligenceIndicatorsListClient client using a custom endpoint. Use this when interacting with an Azure +// cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorsListClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorsListClient { + return ThreatIntelligenceIndicatorsListClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Query query all threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// threatIntelligenceArmStixQuery - the threat intelligence ARM STIX query +func (client ThreatIntelligenceIndicatorsListClient) Query(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery ThreatIntelligenceArmStixQuery) (result ThreatIntelligenceResourceListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsListClient.Query") + defer func() { + sc := -1 + if result.tirl.Response.Response != nil { + sc = result.tirl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", err.Error()) + } + + result.fn = client.queryNextResults + req, err := client.QueryPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceArmStixQuery) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", nil, "Failure preparing request") + return + } + + resp, err := client.QuerySender(req) + if err != nil { + result.tirl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", resp, "Failure sending request") + return + } + + result.tirl, err = client.QueryResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", resp, "Failure responding to request") + } + if result.tirl.hasNextLink() && result.tirl.IsEmpty() { + err = result.NextWithContext(ctx) + } + + return +} + +// QueryPreparer prepares the Query request. +func (client ThreatIntelligenceIndicatorsListClient) QueryPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery ThreatIntelligenceArmStixQuery) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators", pathParameters), + autorest.WithJSON(threatIntelligenceArmStixQuery), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// QuerySender sends the Query request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorsListClient) QuerySender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// QueryResponder handles the response to the Query request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorsListClient) QueryResponder(resp *http.Response) (result ThreatIntelligenceResourceList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// queryNextResults retrieves the next set of results, if any. +func (client ThreatIntelligenceIndicatorsListClient) queryNextResults(ctx context.Context, lastResults ThreatIntelligenceResourceList) (result ThreatIntelligenceResourceList, err error) { + req, err := lastResults.threatIntelligenceResourceListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "queryNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.QuerySender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "queryNextResults", resp, "Failure sending next results request") + } + result, err = client.QueryResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "queryNextResults", resp, "Failure responding to next results request") + } + return +} + +// QueryComplete enumerates all values, automatically crossing page boundaries as required. +func (client ThreatIntelligenceIndicatorsListClient) QueryComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery ThreatIntelligenceArmStixQuery) (result ThreatIntelligenceResourceListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsListClient.Query") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.Query(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceArmStixQuery) + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorupsert.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorupsert.go new file mode 100644 index 000000000000..ffe9d1351a98 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorupsert.go @@ -0,0 +1,143 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorUpsertClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) +// resource provider +type ThreatIntelligenceIndicatorUpsertClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorUpsertClient creates an instance of the ThreatIntelligenceIndicatorUpsertClient +// client. +func NewThreatIntelligenceIndicatorUpsertClient(subscriptionID string) ThreatIntelligenceIndicatorUpsertClient { + return NewThreatIntelligenceIndicatorUpsertClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorUpsertClientWithBaseURI creates an instance of the +// ThreatIntelligenceIndicatorUpsertClient client using a custom endpoint. Use this when interacting with an Azure +// cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorUpsertClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorUpsertClient { + return ThreatIntelligenceIndicatorUpsertClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Create upsert a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +// threatIntelligenceIndicatorObjectToUpsert - the threat intelligence entity properties for upsert +func (client ThreatIntelligenceIndicatorUpsertClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorUpsertClient.Create") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", err.Error()) + } + + req, err := client.CreatePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceIndicatorObjectToUpsert) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", nil, "Failure preparing request") + return + } + + resp, err := client.CreateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", resp, "Failure sending request") + return + } + + result, err = client.CreateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", resp, "Failure responding to request") + } + + return +} + +// CreatePreparer prepares the Create request. +func (client ThreatIntelligenceIndicatorUpsertClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), + autorest.WithJSON(threatIntelligenceIndicatorObjectToUpsert), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateSender sends the Create request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorUpsertClient) CreateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateResponder handles the response to the Create request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorUpsertClient) CreateResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/watchlists.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/watchlists.go new file mode 100644 index 000000000000..3d2e0ee8e68f --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/watchlists.go @@ -0,0 +1,591 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// WatchlistsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type WatchlistsClient struct { + BaseClient +} + +// NewWatchlistsClient creates an instance of the WatchlistsClient client. +func NewWatchlistsClient(subscriptionID string) WatchlistsClient { + return NewWatchlistsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewWatchlistsClientWithBaseURI creates an instance of the WatchlistsClient client using a custom endpoint. Use this +// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewWatchlistsClientWithBaseURI(baseURI string, subscriptionID string) WatchlistsClient { + return WatchlistsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Create creates a watchlist +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// watchlistAlias - watchlist Alias +// watchlist - the watchlist +func (client WatchlistsClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (result Watchlist, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.Create") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: watchlist, + Constraints: []validation.Constraint{{Target: "watchlist.WatchlistProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "watchlist.WatchlistProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "watchlist.WatchlistProperties.Provider", Name: validation.Null, Rule: true, Chain: nil}, + }}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "Create", err.Error()) + } + + req, err := client.CreatePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, watchlistAlias, watchlist) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Create", nil, "Failure preparing request") + return + } + + resp, err := client.CreateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Create", resp, "Failure sending request") + return + } + + result, err = client.CreateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Create", resp, "Failure responding to request") + } + + return +} + +// CreatePreparer prepares the Create request. +func (client WatchlistsClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "watchlistAlias": autorest.Encode("path", watchlistAlias), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", pathParameters), + autorest.WithJSON(watchlist), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateSender sends the Create request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) CreateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateResponder handles the response to the Create request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) CreateResponder(resp *http.Response) (result Watchlist, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete delete a watchlist. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// watchlistAlias - watchlist Alias +func (client WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, watchlistAlias) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Delete", resp, "Failure responding to request") + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client WatchlistsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "watchlistAlias": autorest.Encode("path", watchlistAlias), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets a watchlist. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// watchlistAlias - watchlist Alias +func (client WatchlistsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result Watchlist, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, watchlistAlias) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client WatchlistsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "watchlistAlias": autorest.Encode("path", watchlistAlias), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) GetResponder(resp *http.Response) (result Watchlist, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all watchlists. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +func (client WatchlistsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.List") + defer func() { + sc := -1 + if result.wl.Response.Response != nil { + sc = result.wl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.wl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "List", resp, "Failure sending request") + return + } + + result.wl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "List", resp, "Failure responding to request") + } + if result.wl.hasNextLink() && result.wl.IsEmpty() { + err = result.NextWithContext(ctx) + } + + return +} + +// ListPreparer prepares the List request. +func (client WatchlistsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) ListResponder(resp *http.Response) (result WatchlistList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client WatchlistsClient) listNextResults(ctx context.Context, lastResults WatchlistList) (result WatchlistList, err error) { + req, err := lastResults.watchlistListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client WatchlistsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + return +} + +// ListBySubscription gets all watchlists in a subscription. +// Parameters: +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +func (client WatchlistsClient) ListBySubscription(ctx context.Context, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.ListBySubscription") + defer func() { + sc := -1 + if result.wl.Response.Response != nil { + sc = result.wl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "ListBySubscription", err.Error()) + } + + result.fn = client.listBySubscriptionNextResults + req, err := client.ListBySubscriptionPreparer(ctx, operationalInsightsResourceProvider, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "ListBySubscription", nil, "Failure preparing request") + return + } + + resp, err := client.ListBySubscriptionSender(req) + if err != nil { + result.wl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "ListBySubscription", resp, "Failure sending request") + return + } + + result.wl, err = client.ListBySubscriptionResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "ListBySubscription", resp, "Failure responding to request") + } + if result.wl.hasNextLink() && result.wl.IsEmpty() { + err = result.NextWithContext(ctx) + } + + return +} + +// ListBySubscriptionPreparer prepares the ListBySubscription request. +func (client WatchlistsClient) ListBySubscriptionPreparer(ctx context.Context, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListBySubscriptionSender sends the ListBySubscription request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) ListBySubscriptionSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListBySubscriptionResponder handles the response to the ListBySubscription request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) ListBySubscriptionResponder(resp *http.Response) (result WatchlistList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listBySubscriptionNextResults retrieves the next set of results, if any. +func (client WatchlistsClient) listBySubscriptionNextResults(ctx context.Context, lastResults WatchlistList) (result WatchlistList, err error) { + req, err := lastResults.watchlistListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listBySubscriptionNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListBySubscriptionSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listBySubscriptionNextResults", resp, "Failure sending next results request") + } + result, err = client.ListBySubscriptionResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listBySubscriptionNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListBySubscriptionComplete enumerates all values, automatically crossing page boundaries as required. +func (client WatchlistsClient) ListBySubscriptionComplete(ctx context.Context, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.ListBySubscription") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListBySubscription(ctx, operationalInsightsResourceProvider, workspaceName) + return +}