diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go index a29c0d5d0ce9..f01ff44f6c1c 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/client.go @@ -21,7 +21,12 @@ package securityinsight // Changes may cause incorrect behavior and will be lost if the code is regenerated. import ( + "context" "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" ) const ( @@ -50,3 +55,98 @@ func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient { SubscriptionID: subscriptionID, } } + +// CreateThreatIntelligence create a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// threatIntelligenceIndicatorObjectToUpsert - the threat intelligence entity properties for upsert +func (client BaseClient) CreateThreatIntelligence(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BaseClient.CreateThreatIntelligence") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.BaseClient", "CreateThreatIntelligence", err.Error()) + } + + req, err := client.CreateThreatIntelligencePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceIndicatorObjectToUpsert) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BaseClient", "CreateThreatIntelligence", nil, "Failure preparing request") + return + } + + resp, err := client.CreateThreatIntelligenceSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.BaseClient", "CreateThreatIntelligence", resp, "Failure sending request") + return + } + + result, err = client.CreateThreatIntelligenceResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BaseClient", "CreateThreatIntelligence", resp, "Failure responding to request") + } + + return +} + +// CreateThreatIntelligencePreparer prepares the CreateThreatIntelligence request. +func (client BaseClient) CreateThreatIntelligencePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator", pathParameters), + autorest.WithJSON(threatIntelligenceIndicatorObjectToUpsert), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateThreatIntelligenceSender sends the CreateThreatIntelligence request. The method will close the +// http.Response Body if it receives an error. +func (client BaseClient) CreateThreatIntelligenceSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateThreatIntelligenceResponder handles the response to the CreateThreatIntelligence request. The method always +// closes the http.Response Body. +func (client BaseClient) CreateThreatIntelligenceResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/entitiesgettimeline.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/entitiesgettimeline.go new file mode 100644 index 000000000000..f8437bca767b --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/entitiesgettimeline.go @@ -0,0 +1,144 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// EntitiesGetTimelineClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type EntitiesGetTimelineClient struct { + BaseClient +} + +// NewEntitiesGetTimelineClient creates an instance of the EntitiesGetTimelineClient client. +func NewEntitiesGetTimelineClient(subscriptionID string) EntitiesGetTimelineClient { + return NewEntitiesGetTimelineClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewEntitiesGetTimelineClientWithBaseURI creates an instance of the EntitiesGetTimelineClient client using a custom +// endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure +// stack). +func NewEntitiesGetTimelineClientWithBaseURI(baseURI string, subscriptionID string) EntitiesGetTimelineClient { + return EntitiesGetTimelineClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// List timeline for an entity. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// entityID - entity ID +// parameters - the parameters required to execute an timeline operation on the given entity. +func (client EntitiesGetTimelineClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityTimelineParameters) (result EntityTimelineResponse, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/EntitiesGetTimelineClient.List") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: parameters, + Constraints: []validation.Constraint{{Target: "parameters.StartTime", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "parameters.EndTime", Name: validation.Null, Rule: true, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.EntitiesGetTimelineClient", "List", err.Error()) + } + + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, entityID, parameters) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesGetTimelineClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesGetTimelineClient", "List", resp, "Failure sending request") + return + } + + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesGetTimelineClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client EntitiesGetTimelineClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityTimelineParameters) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "entityId": autorest.Encode("path", entityID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline", pathParameters), + autorest.WithJSON(parameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client EntitiesGetTimelineClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client EntitiesGetTimelineClient) ListResponder(resp *http.Response) (result EntityTimelineResponse, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go index 1525863f1586..a18f8fc204f3 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/enums.go @@ -100,13 +100,15 @@ const ( LateralMovement AttackTactic = "LateralMovement" // Persistence ... Persistence AttackTactic = "Persistence" + // PreAttack ... + PreAttack AttackTactic = "PreAttack" // PrivilegeEscalation ... PrivilegeEscalation AttackTactic = "PrivilegeEscalation" ) // PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. func PossibleAttackTacticValues() []AttackTactic { - return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation} + return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PreAttack, PrivilegeEscalation} } // CaseSeverity enumerates the values for case severity. @@ -241,6 +243,8 @@ const ( DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" // DataConnectorKindOffice365 ... DataConnectorKindOffice365 DataConnectorKind = "Office365" + // DataConnectorKindOfficeATP ... + DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP" // DataConnectorKindThreatIntelligence ... DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" // DataConnectorKindThreatIntelligenceTaxii ... @@ -249,7 +253,7 @@ const ( // PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. func PossibleDataConnectorKindValues() []DataConnectorKind { - return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence, DataConnectorKindThreatIntelligenceTaxii} + return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindOfficeATP, DataConnectorKindThreatIntelligence, DataConnectorKindThreatIntelligenceTaxii} } // DataConnectorLicenseState enumerates the values for data connector license state. @@ -363,6 +367,23 @@ func PossibleEntityKindValues() []EntityKind { return []EntityKind{EntityKindAccount, EntityKindAzureResource, EntityKindBookmark, EntityKindCloudApplication, EntityKindDNSResolution, EntityKindFile, EntityKindFileHash, EntityKindHost, EntityKindIoTDevice, EntityKindIP, EntityKindMalware, EntityKindProcess, EntityKindRegistryKey, EntityKindRegistryValue, EntityKindSecurityAlert, EntityKindSecurityGroup, EntityKindURL} } +// EntityTimelineKind enumerates the values for entity timeline kind. +type EntityTimelineKind string + +const ( + // EntityTimelineKindActivity activity + EntityTimelineKindActivity EntityTimelineKind = "Activity" + // EntityTimelineKindBookmark bookmarks + EntityTimelineKindBookmark EntityTimelineKind = "Bookmark" + // EntityTimelineKindSecurityAlert security alerts + EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert" +) + +// PossibleEntityTimelineKindValues returns an array of possible values for the EntityTimelineKind const type. +func PossibleEntityTimelineKindValues() []EntityTimelineKind { + return []EntityTimelineKind{EntityTimelineKindActivity, EntityTimelineKindBookmark, EntityTimelineKindSecurityAlert} +} + // EntityType enumerates the values for entity type. type EntityType string @@ -408,6 +429,21 @@ func PossibleEntityTypeValues() []EntityType { return []EntityType{EntityTypeAccount, EntityTypeAzureResource, EntityTypeCloudApplication, EntityTypeDNS, EntityTypeFile, EntityTypeFileHash, EntityTypeHost, EntityTypeHuntingBookmark, EntityTypeIoTDevice, EntityTypeIP, EntityTypeMalware, EntityTypeProcess, EntityTypeRegistryKey, EntityTypeRegistryValue, EntityTypeSecurityAlert, EntityTypeSecurityGroup, EntityTypeURL} } +// EventGroupingAggregationKind enumerates the values for event grouping aggregation kind. +type EventGroupingAggregationKind string + +const ( + // AlertPerResult ... + AlertPerResult EventGroupingAggregationKind = "AlertPerResult" + // SingleAlert ... + SingleAlert EventGroupingAggregationKind = "SingleAlert" +) + +// PossibleEventGroupingAggregationKindValues returns an array of possible values for the EventGroupingAggregationKind const type. +func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind { + return []EventGroupingAggregationKind{AlertPerResult, SingleAlert} +} + // FileHashAlgorithm enumerates the values for file hash algorithm. type FileHashAlgorithm string @@ -688,6 +724,8 @@ const ( KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" // KindOffice365 ... KindOffice365 KindBasicDataConnector = "Office365" + // KindOfficeATP ... + KindOfficeATP KindBasicDataConnector = "OfficeATP" // KindThreatIntelligence ... KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" // KindThreatIntelligenceTaxii ... @@ -696,7 +734,7 @@ const ( // PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { - return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindThreatIntelligence, KindThreatIntelligenceTaxii} + return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindOfficeATP, KindThreatIntelligence, KindThreatIntelligenceTaxii} } // KindBasicDataConnectorsCheckRequirements enumerates the values for kind basic data connectors check @@ -718,6 +756,8 @@ const ( KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity KindBasicDataConnectorsCheckRequirements = "MicrosoftCloudAppSecurity" // KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection ... KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftDefenderAdvancedThreatProtection" + // KindBasicDataConnectorsCheckRequirementsKindOfficeATP ... + KindBasicDataConnectorsCheckRequirementsKindOfficeATP KindBasicDataConnectorsCheckRequirements = "OfficeATP" // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence ... KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence KindBasicDataConnectorsCheckRequirements = "ThreatIntelligence" // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii ... @@ -726,7 +766,7 @@ const ( // PossibleKindBasicDataConnectorsCheckRequirementsValues returns an array of possible values for the KindBasicDataConnectorsCheckRequirements const type. func PossibleKindBasicDataConnectorsCheckRequirementsValues() []KindBasicDataConnectorsCheckRequirements { - return []KindBasicDataConnectorsCheckRequirements{KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail, KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory, KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter, KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements, KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity, KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii} + return []KindBasicDataConnectorsCheckRequirements{KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail, KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory, KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter, KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements, KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity, KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindOfficeATP, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii} } // KindBasicEntity enumerates the values for kind basic entity. @@ -737,6 +777,8 @@ const ( KindAccount KindBasicEntity = "Account" // KindAzureResource ... KindAzureResource KindBasicEntity = "AzureResource" + // KindBookmark ... + KindBookmark KindBasicEntity = "Bookmark" // KindCloudApplication ... KindCloudApplication KindBasicEntity = "CloudApplication" // KindDNSResolution ... @@ -771,22 +813,60 @@ const ( // PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type. func PossibleKindBasicEntityValues() []KindBasicEntity { - return []KindBasicEntity{KindAccount, KindAzureResource, KindCloudApplication, KindDNSResolution, KindEntity, KindFile, KindFileHash, KindHost, KindIoTDevice, KindIP, KindMalware, KindProcess, KindRegistryKey, KindRegistryValue, KindSecurityAlert, KindSecurityGroup, KindURL} + return []KindBasicEntity{KindAccount, KindAzureResource, KindBookmark, KindCloudApplication, KindDNSResolution, KindEntity, KindFile, KindFileHash, KindHost, KindIoTDevice, KindIP, KindMalware, KindProcess, KindRegistryKey, KindRegistryValue, KindSecurityAlert, KindSecurityGroup, KindURL} +} + +// KindBasicEntityTimelineItem enumerates the values for kind basic entity timeline item. +type KindBasicEntityTimelineItem string + +const ( + // KindBasicEntityTimelineItemKindActivity ... + KindBasicEntityTimelineItemKindActivity KindBasicEntityTimelineItem = "Activity" + // KindBasicEntityTimelineItemKindBookmark ... + KindBasicEntityTimelineItemKindBookmark KindBasicEntityTimelineItem = "Bookmark" + // KindBasicEntityTimelineItemKindEntityTimelineItem ... + KindBasicEntityTimelineItemKindEntityTimelineItem KindBasicEntityTimelineItem = "EntityTimelineItem" + // KindBasicEntityTimelineItemKindSecurityAlert ... + KindBasicEntityTimelineItemKindSecurityAlert KindBasicEntityTimelineItem = "SecurityAlert" +) + +// PossibleKindBasicEntityTimelineItemValues returns an array of possible values for the KindBasicEntityTimelineItem const type. +func PossibleKindBasicEntityTimelineItemValues() []KindBasicEntityTimelineItem { + return []KindBasicEntityTimelineItem{KindBasicEntityTimelineItemKindActivity, KindBasicEntityTimelineItemKindBookmark, KindBasicEntityTimelineItemKindEntityTimelineItem, KindBasicEntityTimelineItemKindSecurityAlert} } // KindBasicSettings enumerates the values for kind basic settings. type KindBasicSettings string const ( + // KindEntityAnalytics ... + KindEntityAnalytics KindBasicSettings = "EntityAnalytics" // KindEyesOn ... KindEyesOn KindBasicSettings = "EyesOn" // KindSettings ... KindSettings KindBasicSettings = "Settings" + // KindUeba ... + KindUeba KindBasicSettings = "Ueba" ) // PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type. func PossibleKindBasicSettingsValues() []KindBasicSettings { - return []KindBasicSettings{KindEyesOn, KindSettings} + return []KindBasicSettings{KindEntityAnalytics, KindEyesOn, KindSettings, KindUeba} +} + +// KindBasicThreatIntelligenceResource enumerates the values for kind basic threat intelligence resource. +type KindBasicThreatIntelligenceResource string + +const ( + // KindIndicator ... + KindIndicator KindBasicThreatIntelligenceResource = "indicator" + // KindThreatIntelligenceResource ... + KindThreatIntelligenceResource KindBasicThreatIntelligenceResource = "ThreatIntelligenceResource" +) + +// PossibleKindBasicThreatIntelligenceResourceValues returns an array of possible values for the KindBasicThreatIntelligenceResource const type. +func PossibleKindBasicThreatIntelligenceResourceValues() []KindBasicThreatIntelligenceResource { + return []KindBasicThreatIntelligenceResource{KindIndicator, KindThreatIntelligenceResource} } // MicrosoftSecurityProductName enumerates the values for microsoft security product name. @@ -803,11 +883,15 @@ const ( AzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" // MicrosoftCloudAppSecurity ... MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" + // MicrosoftDefenderAdvancedThreatProtection ... + MicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection" + // Office365AdvancedThreatProtection ... + Office365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection" ) // PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type. func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName { - return []MicrosoftSecurityProductName{AzureActiveDirectoryIdentityProtection, AzureAdvancedThreatProtection, AzureSecurityCenter, AzureSecurityCenterforIoT, MicrosoftCloudAppSecurity} + return []MicrosoftSecurityProductName{AzureActiveDirectoryIdentityProtection, AzureAdvancedThreatProtection, AzureSecurityCenter, AzureSecurityCenterforIoT, MicrosoftCloudAppSecurity, MicrosoftDefenderAdvancedThreatProtection, Office365AdvancedThreatProtection} } // OSFamily enumerates the values for os family. @@ -915,6 +999,38 @@ func PossibleRelationTypesValues() []RelationTypes { return []RelationTypes{CasesToBookmarks} } +// SettingKind enumerates the values for setting kind. +type SettingKind string + +const ( + // SettingKindEntityAnalytics ... + SettingKindEntityAnalytics SettingKind = "EntityAnalytics" + // SettingKindEyesOn ... + SettingKindEyesOn SettingKind = "EyesOn" + // SettingKindUeba ... + SettingKindUeba SettingKind = "Ueba" +) + +// PossibleSettingKindValues returns an array of possible values for the SettingKind const type. +func PossibleSettingKindValues() []SettingKind { + return []SettingKind{SettingKindEntityAnalytics, SettingKindEyesOn, SettingKindUeba} +} + +// Source enumerates the values for source. +type Source string + +const ( + // Localfile ... + Localfile Source = "Local file" + // Remotestorage ... + Remotestorage Source = "Remote storage" +) + +// PossibleSourceValues returns an array of possible values for the Source const type. +func PossibleSourceValues() []Source { + return []Source{Localfile, Remotestorage} +} + // TemplateStatus enumerates the values for template status. type TemplateStatus string @@ -932,6 +1048,36 @@ func PossibleTemplateStatusValues() []TemplateStatus { return []TemplateStatus{Available, Installed, NotAvailable} } +// ThreatIntelligenceArmStixSortBy enumerates the values for threat intelligence arm stix sort by. +type ThreatIntelligenceArmStixSortBy string + +const ( + // Ascending ... + Ascending ThreatIntelligenceArmStixSortBy = "ascending" + // Descending ... + Descending ThreatIntelligenceArmStixSortBy = "descending" + // Unsorted ... + Unsorted ThreatIntelligenceArmStixSortBy = "unsorted" +) + +// PossibleThreatIntelligenceArmStixSortByValues returns an array of possible values for the ThreatIntelligenceArmStixSortBy const type. +func PossibleThreatIntelligenceArmStixSortByValues() []ThreatIntelligenceArmStixSortBy { + return []ThreatIntelligenceArmStixSortBy{Ascending, Descending, Unsorted} +} + +// ThreatIntelligenceResourceKind enumerates the values for threat intelligence resource kind. +type ThreatIntelligenceResourceKind string + +const ( + // Indicator Entity represents threat intelligence indicator in the system. + Indicator ThreatIntelligenceResourceKind = "indicator" +) + +// PossibleThreatIntelligenceResourceKindValues returns an array of possible values for the ThreatIntelligenceResourceKind const type. +func PossibleThreatIntelligenceResourceKindValues() []ThreatIntelligenceResourceKind { + return []ThreatIntelligenceResourceKind{Indicator} +} + // TriggerOperator enumerates the values for trigger operator. type TriggerOperator string @@ -950,3 +1096,22 @@ const ( func PossibleTriggerOperatorValues() []TriggerOperator { return []TriggerOperator{Equal, GreaterThan, LessThan, NotEqual} } + +// UebaDataSources enumerates the values for ueba data sources. +type UebaDataSources string + +const ( + // AuditLogs ... + AuditLogs UebaDataSources = "AuditLogs" + // AzureActivity ... + AzureActivity UebaDataSources = "AzureActivity" + // SecurityEvent ... + SecurityEvent UebaDataSources = "SecurityEvent" + // SigninLogs ... + SigninLogs UebaDataSources = "SigninLogs" +) + +// PossibleUebaDataSourcesValues returns an array of possible values for the UebaDataSources const type. +func PossibleUebaDataSourcesValues() []UebaDataSources { + return []UebaDataSources{AuditLogs, AzureActivity, SecurityEvent, SigninLogs} +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidentcomments.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidentcomments.go index a9107bf774c7..11a86f738209 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidentcomments.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidentcomments.go @@ -43,7 +43,7 @@ func NewIncidentCommentsClientWithBaseURI(baseURI string, subscriptionID string) return IncidentCommentsClient{NewWithBaseURI(baseURI, subscriptionID)} } -// CreateComment creates the incident comment. +// CreateComment creates or updates the incident comment. // Parameters: // resourceGroupName - the name of the resource group within the user's subscription. The name is case // insensitive. @@ -145,6 +145,101 @@ func (client IncidentCommentsClient) CreateCommentResponder(resp *http.Response) return } +// DeleteComment delete the incident comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// incidentCommentID - incident comment ID +func (client IncidentCommentsClient) DeleteComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentsClient.DeleteComment") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentCommentsClient", "DeleteComment", err.Error()) + } + + req, err := client.DeleteCommentPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, incidentCommentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "DeleteComment", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteCommentSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "DeleteComment", resp, "Failure sending request") + return + } + + result, err = client.DeleteCommentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "DeleteComment", resp, "Failure responding to request") + } + + return +} + +// DeleteCommentPreparer prepares the DeleteComment request. +func (client IncidentCommentsClient) DeleteCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentCommentId": autorest.Encode("path", incidentCommentID), + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteCommentSender sends the DeleteComment request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentCommentsClient) DeleteCommentSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteCommentResponder handles the response to the DeleteComment request. The method always +// closes the http.Response Body. +func (client IncidentCommentsClient) DeleteCommentResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + // GetComment gets an incident comment. // Parameters: // resourceGroupName - the name of the resource group within the user's subscription. The name is case diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go index 365f36bcdff5..06e06e813205 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/incidents.go @@ -479,3 +479,285 @@ func (client IncidentsClient) ListComplete(ctx context.Context, resourceGroupNam result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, orderby, top, skipToken) return } + +// ListOfAlerts gets all incident alerts. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +func (client IncidentsClient) ListOfAlerts(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentAlertList, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.ListOfAlerts") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "ListOfAlerts", err.Error()) + } + + req, err := client.ListOfAlertsPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfAlerts", nil, "Failure preparing request") + return + } + + resp, err := client.ListOfAlertsSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfAlerts", resp, "Failure sending request") + return + } + + result, err = client.ListOfAlertsResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfAlerts", resp, "Failure responding to request") + } + + return +} + +// ListOfAlertsPreparer prepares the ListOfAlerts request. +func (client IncidentsClient) ListOfAlertsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListOfAlertsSender sends the ListOfAlerts request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) ListOfAlertsSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListOfAlertsResponder handles the response to the ListOfAlerts request. The method always +// closes the http.Response Body. +func (client IncidentsClient) ListOfAlertsResponder(resp *http.Response) (result IncidentAlertList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListOfBookmarks gets all incident bookmarks. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +func (client IncidentsClient) ListOfBookmarks(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentBookmarkList, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.ListOfBookmarks") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "ListOfBookmarks", err.Error()) + } + + req, err := client.ListOfBookmarksPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfBookmarks", nil, "Failure preparing request") + return + } + + resp, err := client.ListOfBookmarksSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfBookmarks", resp, "Failure sending request") + return + } + + result, err = client.ListOfBookmarksResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfBookmarks", resp, "Failure responding to request") + } + + return +} + +// ListOfBookmarksPreparer prepares the ListOfBookmarks request. +func (client IncidentsClient) ListOfBookmarksPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListOfBookmarksSender sends the ListOfBookmarks request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) ListOfBookmarksSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListOfBookmarksResponder handles the response to the ListOfBookmarks request. The method always +// closes the http.Response Body. +func (client IncidentsClient) ListOfBookmarksResponder(resp *http.Response) (result IncidentBookmarkList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListOfEntities gets all incident related entities. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +func (client IncidentsClient) ListOfEntities(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentEntitiesResponse, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.ListOfEntities") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "ListOfEntities", err.Error()) + } + + req, err := client.ListOfEntitiesPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfEntities", nil, "Failure preparing request") + return + } + + resp, err := client.ListOfEntitiesSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfEntities", resp, "Failure sending request") + return + } + + result, err = client.ListOfEntitiesResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "ListOfEntities", resp, "Failure responding to request") + } + + return +} + +// ListOfEntitiesPreparer prepares the ListOfEntities request. +func (client IncidentsClient) ListOfEntitiesPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListOfEntitiesSender sends the ListOfEntities request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) ListOfEntitiesSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListOfEntitiesResponder handles the response to the ListOfEntities request. The method always +// closes the http.Response Body. +func (client IncidentsClient) ListOfEntitiesResponder(resp *http.Response) (result IncidentEntitiesResponse, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go index cfd0c25575eb..828ed8fef617 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/models.go @@ -35,7 +35,7 @@ const fqdn = "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight type AADCheckRequirements struct { // AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties. *AADCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -82,6 +82,11 @@ func (acr AADCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequireme return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements. +func (acr AADCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements. func (acr AADCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -153,7 +158,7 @@ type AADDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -203,6 +208,11 @@ func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector. func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -309,7 +319,7 @@ type AADDataConnectorProperties struct { type AATPCheckRequirements struct { // AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties. *AATPCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -356,6 +366,11 @@ func (acr AATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirem return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements. +func (acr AATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements. func (acr AATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -427,7 +442,7 @@ type AATPDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -477,6 +492,11 @@ func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -589,7 +609,7 @@ type AccountEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -641,6 +661,16 @@ func (ae AccountEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for AccountEntity. func (ae AccountEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -666,11 +696,6 @@ func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity. func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -1150,8 +1175,87 @@ func (page ActionsListPage) Values() []ActionResponse { } // Creates a new instance of the ActionsListPage type. -func NewActionsListPage(getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage { - return ActionsListPage{fn: getNextPage} +func NewActionsListPage(cur ActionsList, getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage { + return ActionsListPage{ + fn: getNextPage, + al: cur, + } +} + +// ActivityTimelineItem represents Activity timeline item. +type ActivityTimelineItem struct { + // QueryID - The activity query id. + QueryID *string `json:"queryId,omitempty"` + // BucketStartTimeUTC - The grouping bucket start time. + BucketStartTimeUTC *date.Time `json:"bucketStartTimeUTC,omitempty"` + // BucketEndTimeUTC - The grouping bucket end time. + BucketEndTimeUTC *date.Time `json:"bucketEndTimeUTC,omitempty"` + // FirstActivityTimeUTC - The time of the first activity in the grouping bucket. + FirstActivityTimeUTC *date.Time `json:"firstActivityTimeUTC,omitempty"` + // LastActivityTimeUTC - The time of the last activity in the grouping bucket. + LastActivityTimeUTC *date.Time `json:"lastActivityTimeUTC,omitempty"` + // Content - The activity timeline content. + Content *string `json:"content,omitempty"` + // Title - The activity timeline title. + Title *string `json:"title,omitempty"` + // Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark' + Kind KindBasicEntityTimelineItem `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ActivityTimelineItem. +func (ati ActivityTimelineItem) MarshalJSON() ([]byte, error) { + ati.Kind = KindBasicEntityTimelineItemKindActivity + objectMap := make(map[string]interface{}) + if ati.QueryID != nil { + objectMap["queryId"] = ati.QueryID + } + if ati.BucketStartTimeUTC != nil { + objectMap["bucketStartTimeUTC"] = ati.BucketStartTimeUTC + } + if ati.BucketEndTimeUTC != nil { + objectMap["bucketEndTimeUTC"] = ati.BucketEndTimeUTC + } + if ati.FirstActivityTimeUTC != nil { + objectMap["firstActivityTimeUTC"] = ati.FirstActivityTimeUTC + } + if ati.LastActivityTimeUTC != nil { + objectMap["lastActivityTimeUTC"] = ati.LastActivityTimeUTC + } + if ati.Content != nil { + objectMap["content"] = ati.Content + } + if ati.Title != nil { + objectMap["title"] = ati.Title + } + if ati.Kind != "" { + objectMap["kind"] = ati.Kind + } + return json.Marshal(objectMap) +} + +// AsActivityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem. +func (ati ActivityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool) { + return &ati, true +} + +// AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem. +func (ati ActivityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool) { + return nil, false +} + +// AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem. +func (ati ActivityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool) { + return nil, false +} + +// AsEntityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem. +func (ati ActivityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool) { + return nil, false +} + +// AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem. +func (ati ActivityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool) { + return &ati, true } // BasicAggregations the aggregation. @@ -1580,8 +1684,11 @@ func (page AlertRulesListPage) Values() []BasicAlertRule { } // Creates a new instance of the AlertRulesListPage type. -func NewAlertRulesListPage(getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage { - return AlertRulesListPage{fn: getNextPage} +func NewAlertRulesListPage(cur AlertRulesList, getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage { + return AlertRulesListPage{ + fn: getNextPage, + arl: cur, + } } // BasicAlertRuleTemplate alert rule template. @@ -1940,8 +2047,11 @@ func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate { } // Creates a new instance of the AlertRuleTemplatesListPage type. -func NewAlertRuleTemplatesListPage(getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage { - return AlertRuleTemplatesListPage{fn: getNextPage} +func NewAlertRuleTemplatesListPage(cur AlertRuleTemplatesList, getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage { + return AlertRuleTemplatesListPage{ + fn: getNextPage, + artl: cur, + } } // AlertsDataTypeOfDataConnector alerts data type for data connectors. @@ -1960,7 +2070,7 @@ type AlertsDataTypeOfDataConnectorAlerts struct { type ASCCheckRequirements struct { // ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties. *ASCCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -2007,6 +2117,11 @@ func (acr ASCCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequireme return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements. +func (acr ASCCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements. func (acr ASCCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -2078,7 +2193,7 @@ type ASCDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2128,6 +2243,11 @@ func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -2232,7 +2352,7 @@ type ASCDataConnectorProperties struct { // AwsCloudTrailCheckRequirements amazon Web Services CloudTrail requirements check request. type AwsCloudTrailCheckRequirements struct { - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -2276,6 +2396,11 @@ func (actcr AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements() (*MDATPCh return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements. +func (actcr AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements. func (actcr AwsCloudTrailCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -2308,7 +2433,7 @@ type AwsCloudTrailDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2358,6 +2483,11 @@ func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnec return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -2483,7 +2613,7 @@ type AzureResourceEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -2535,6 +2665,16 @@ func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for AzureResourceEntity. func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -2560,11 +2700,6 @@ func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bo return nil, false } -// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity. func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -2964,8 +3099,11 @@ func (page BookmarkListPage) Values() []Bookmark { } // Creates a new instance of the BookmarkListPage type. -func NewBookmarkListPage(getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage { - return BookmarkListPage{fn: getNextPage} +func NewBookmarkListPage(cur BookmarkList, getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage { + return BookmarkListPage{ + fn: getNextPage, + bl: cur, + } } // BookmarkProperties describes bookmark properties @@ -2992,6 +3130,87 @@ type BookmarkProperties struct { IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` } +// BookmarkTimelineItem represents bookmark timeline item. +type BookmarkTimelineItem struct { + // AzureResourceID - The bookmark azure resource id. + AzureResourceID *string `json:"azureResourceId,omitempty"` + // DisplayName - The bookmark display name. + DisplayName *string `json:"displayName,omitempty"` + // Notes - The notes of the bookmark + Notes *string `json:"notes,omitempty"` + // EndTimeUtc - The bookmark end time. + EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` + // StartTimeUtc - TThe bookmark start time. + StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` + // EventTime - The bookmark event time. + EventTime *date.Time `json:"eventTime,omitempty"` + // CreatedBy - Describes a user that created the bookmark + CreatedBy *UserInfo `json:"createdBy,omitempty"` + // Labels - List of labels relevant to this bookmark + Labels *[]string `json:"labels,omitempty"` + // Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark' + Kind KindBasicEntityTimelineItem `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for BookmarkTimelineItem. +func (bti BookmarkTimelineItem) MarshalJSON() ([]byte, error) { + bti.Kind = KindBasicEntityTimelineItemKindBookmark + objectMap := make(map[string]interface{}) + if bti.AzureResourceID != nil { + objectMap["azureResourceId"] = bti.AzureResourceID + } + if bti.DisplayName != nil { + objectMap["displayName"] = bti.DisplayName + } + if bti.Notes != nil { + objectMap["notes"] = bti.Notes + } + if bti.EndTimeUtc != nil { + objectMap["endTimeUtc"] = bti.EndTimeUtc + } + if bti.StartTimeUtc != nil { + objectMap["startTimeUtc"] = bti.StartTimeUtc + } + if bti.EventTime != nil { + objectMap["eventTime"] = bti.EventTime + } + if bti.CreatedBy != nil { + objectMap["createdBy"] = bti.CreatedBy + } + if bti.Labels != nil { + objectMap["labels"] = bti.Labels + } + if bti.Kind != "" { + objectMap["kind"] = bti.Kind + } + return json.Marshal(objectMap) +} + +// AsActivityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem. +func (bti BookmarkTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool) { + return nil, false +} + +// AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem. +func (bti BookmarkTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool) { + return nil, false +} + +// AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem. +func (bti BookmarkTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool) { + return &bti, true +} + +// AsEntityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem. +func (bti BookmarkTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool) { + return nil, false +} + +// AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem. +func (bti BookmarkTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool) { + return &bti, true +} + // Case represents a case in Azure Security Insights. type Case struct { autorest.Response `json:"-"` @@ -3313,8 +3532,11 @@ func (page CaseCommentListPage) Values() []CaseComment { } // Creates a new instance of the CaseCommentListPage type. -func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage { - return CaseCommentListPage{fn: getNextPage} +func NewCaseCommentListPage(cur CaseCommentList, getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage { + return CaseCommentListPage{ + fn: getNextPage, + ccl: cur, + } } // CaseCommentProperties case comment property bag. @@ -3497,8 +3719,11 @@ func (page CaseListPage) Values() []Case { } // Creates a new instance of the CaseListPage type. -func NewCaseListPage(getNextPage func(context.Context, CaseList) (CaseList, error)) CaseListPage { - return CaseListPage{fn: getNextPage} +func NewCaseListPage(cur CaseList, getNextPage func(context.Context, CaseList) (CaseList, error)) CaseListPage { + return CaseListPage{ + fn: getNextPage, + cl: cur, + } } // CaseProperties describes case properties @@ -3834,8 +4059,11 @@ func (page CaseRelationListPage) Values() []CaseRelation { } // Creates a new instance of the CaseRelationListPage type. -func NewCaseRelationListPage(getNextPage func(context.Context, CaseRelationList) (CaseRelationList, error)) CaseRelationListPage { - return CaseRelationListPage{fn: getNextPage} +func NewCaseRelationListPage(cur CaseRelationList, getNextPage func(context.Context, CaseRelationList) (CaseRelationList, error)) CaseRelationListPage { + return CaseRelationListPage{ + fn: getNextPage, + crl: cur, + } } // CaseRelationProperties case relation properties @@ -4008,7 +4236,7 @@ type CloudApplicationEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -4060,6 +4288,16 @@ func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for CloudApplicationEntity. func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -4085,11 +4323,6 @@ func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, return nil, false } -// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity. func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -4250,6 +4483,7 @@ type BasicDataConnector interface { AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsMCASDataConnector() (*MCASDataConnector, bool) AsMDATPDataConnector() (*MDATPDataConnector, bool) + AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) AsOfficeDataConnector() (*OfficeDataConnector, bool) AsTIDataConnector() (*TIDataConnector, bool) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) @@ -4267,7 +4501,7 @@ type DataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -4303,6 +4537,10 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { var mdc MDATPDataConnector err := json.Unmarshal(body, &mdc) return mdc, err + case string(KindOfficeATP): + var oadc OfficeATPDataConnector + err := json.Unmarshal(body, &oadc) + return oadc, err case string(KindOffice365): var odc OfficeDataConnector err := json.Unmarshal(body, &odc) @@ -4383,6 +4621,11 @@ func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector. func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -4416,7 +4659,7 @@ type DataConnectorDataTypeCommon struct { // DataConnectorKind1 describes an Azure resource with kind. type DataConnectorKind1 struct { - // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindOfficeATP', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` } @@ -4613,8 +4856,11 @@ func (page DataConnectorListPage) Values() []BasicDataConnector { } // Creates a new instance of the DataConnectorListPage type. -func NewDataConnectorListPage(getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage { - return DataConnectorListPage{fn: getNextPage} +func NewDataConnectorListPage(cur DataConnectorList, getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage { + return DataConnectorListPage{ + fn: getNextPage, + dcl: cur, + } } // DataConnectorModel ... @@ -4651,6 +4897,7 @@ type BasicDataConnectorsCheckRequirements interface { AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) + AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) AsTICheckRequirements() (*TICheckRequirements, bool) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) @@ -4658,7 +4905,7 @@ type BasicDataConnectorsCheckRequirements interface { // DataConnectorsCheckRequirements data connector requirements properties. type DataConnectorsCheckRequirements struct { - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -4694,6 +4941,10 @@ func unmarshalBasicDataConnectorsCheckRequirements(body []byte) (BasicDataConnec var mcr MDATPCheckRequirements err := json.Unmarshal(body, &mcr) return mcr, err + case string(KindBasicDataConnectorsCheckRequirementsKindOfficeATP): + var oacr OfficeATPCheckRequirements + err := json.Unmarshal(body, &oacr) + return oacr, err case string(KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence): var tcr TICheckRequirements err := json.Unmarshal(body, &tcr) @@ -4767,6 +5018,11 @@ func (dccr DataConnectorsCheckRequirements) AsMDATPCheckRequirements() (*MDATPCh return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements. +func (dccr DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements. func (dccr DataConnectorsCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -4809,7 +5065,7 @@ type DNSEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -4861,6 +5117,16 @@ func (de DNSEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for DNSEntity. func (de DNSEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -4886,11 +5152,6 @@ func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity. func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -5007,12 +5268,13 @@ type BasicEntity interface { AsFileEntity() (*FileEntity, bool) AsFileHashEntity() (*FileHashEntity, bool) AsHostEntity() (*HostEntity, bool) + AsHuntingBookmark() (*HuntingBookmark, bool) + AsSecurityAlert() (*SecurityAlert, bool) AsIPEntity() (*IPEntity, bool) AsMalwareEntity() (*MalwareEntity, bool) AsProcessEntity() (*ProcessEntity, bool) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) AsRegistryValueEntity() (*RegistryValueEntity, bool) - AsSecurityAlert() (*SecurityAlert, bool) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) AsURLEntity() (*URLEntity, bool) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) @@ -5028,7 +5290,7 @@ type Entity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5068,6 +5330,14 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var he HostEntity err := json.Unmarshal(body, &he) return he, err + case string(KindBookmark): + var hb HuntingBookmark + err := json.Unmarshal(body, &hb) + return hb, err + case string(KindSecurityAlert): + var sa SecurityAlert + err := json.Unmarshal(body, &sa) + return sa, err case string(KindIP): var ie IPEntity err := json.Unmarshal(body, &ie) @@ -5088,10 +5358,6 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var rve RegistryValueEntity err := json.Unmarshal(body, &rve) return rve, err - case string(KindSecurityAlert): - var sa SecurityAlert - err := json.Unmarshal(body, &sa) - return sa, err case string(KindSecurityGroup): var sge SecurityGroupEntity err := json.Unmarshal(body, &sge) @@ -5174,6 +5440,16 @@ func (e Entity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for Entity. +func (e Entity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for Entity. func (e Entity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -5199,11 +5475,6 @@ func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for Entity. -func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for Entity. func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -5229,47 +5500,65 @@ func (e Entity) AsBasicEntity() (BasicEntity, bool) { return &e, true } -// EntityCommonProperties entity common property bag. -type EntityCommonProperties struct { - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` +// EntityAnalytics settings with single toggle. +type EntityAnalytics struct { + // EntityAnalyticsProperties - EntityAnalytics properties + *EntityAnalyticsProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' + Kind KindBasicSettings `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for EntityCommonProperties. -func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for EntityAnalytics. +func (ea EntityAnalytics) MarshalJSON() ([]byte, error) { + ea.Kind = KindEntityAnalytics objectMap := make(map[string]interface{}) + if ea.EntityAnalyticsProperties != nil { + objectMap["properties"] = ea.EntityAnalyticsProperties + } + if ea.Etag != nil { + objectMap["etag"] = ea.Etag + } + if ea.Kind != "" { + objectMap["kind"] = ea.Kind + } return json.Marshal(objectMap) } -// EntityExpandParameters the parameters required to execute an expand operation on the given entity. -type EntityExpandParameters struct { - // EndTime - The end date filter, so the only expansion results returned are before this date. - EndTime *date.Time `json:"endTime,omitempty"` - // ExpansionID - The Id of the expansion to perform. - ExpansionID *uuid.UUID `json:"expansionId,omitempty"` - // StartTime - The start date filter, so the only expansion results returned are after this date. - StartTime *date.Time `json:"startTime,omitempty"` +// AsEyesOn is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsEyesOn() (*EyesOn, bool) { + return nil, false } -// EntityExpandResponse the entity expansion result operation response. -type EntityExpandResponse struct { - autorest.Response `json:"-"` - // MetaData - The metadata from the expansion operation results. - MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` - // Value - The expansion result values. - Value *EntityExpandResponseValue `json:"value,omitempty"` +// AsEntityAnalytics is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsEntityAnalytics() (*EntityAnalytics, bool) { + return &ea, true } -// EntityExpandResponseValue the expansion result values. -type EntityExpandResponseValue struct { - // Entities - Array of the expansion result entities. - Entities *[]BasicEntity `json:"entities,omitempty"` +// AsUeba is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsUeba() (*Ueba, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct. -func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error { +// AsSettings is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsSettings() (*Settings, bool) { + return nil, false +} + +// AsBasicSettings is the BasicSettings implementation for EntityAnalytics. +func (ea EntityAnalytics) AsBasicSettings() (BasicSettings, bool) { + return &ea, true +} + +// UnmarshalJSON is the custom unmarshaler for EntityAnalytics struct. +func (ea *EntityAnalytics) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -5277,43 +5566,157 @@ func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error { } for k, v := range m { switch k { - case "entities": + case "properties": if v != nil { - entities, err := unmarshalBasicEntityArray(*v) + var entityAnalyticsProperties EntityAnalyticsProperties + err = json.Unmarshal(*v, &entityAnalyticsProperties) if err != nil { return err } - eer.Entities = &entities + ea.EntityAnalyticsProperties = &entityAnalyticsProperties } - } - } - - return nil -} - -// EntityKind1 describes an entity with kind. -type EntityKind1 struct { - // Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark' - Kind EntityKind `json:"kind,omitempty"` -} - -// EntityList list of all the entities. -type EntityList struct { - autorest.Response `json:"-"` - // NextLink - READ-ONLY; URL to fetch the next set of entities. - NextLink *string `json:"nextLink,omitempty"` - // Value - Array of entities. - Value *[]BasicEntity `json:"value,omitempty"` -} - -// MarshalJSON is the custom marshaler for EntityList. -func (el EntityList) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - if el.Value != nil { - objectMap["value"] = el.Value - } - return json.Marshal(objectMap) -} + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ea.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ea.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ea.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ea.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicSettings + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ea.Kind = kind + } + } + } + + return nil +} + +// EntityAnalyticsProperties entityAnalytics property bag. +type EntityAnalyticsProperties struct { + // IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled. + IsEnabled *bool `json:"isEnabled,omitempty"` +} + +// EntityCommonProperties entity common property bag. +type EntityCommonProperties struct { + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for EntityCommonProperties. +func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// EntityExpandParameters the parameters required to execute an expand operation on the given entity. +type EntityExpandParameters struct { + // EndTime - The end date filter, so the only expansion results returned are before this date. + EndTime *date.Time `json:"endTime,omitempty"` + // ExpansionID - The Id of the expansion to perform. + ExpansionID *uuid.UUID `json:"expansionId,omitempty"` + // StartTime - The start date filter, so the only expansion results returned are after this date. + StartTime *date.Time `json:"startTime,omitempty"` +} + +// EntityExpandResponse the entity expansion result operation response. +type EntityExpandResponse struct { + autorest.Response `json:"-"` + // MetaData - The metadata from the expansion operation results. + MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` + // Value - The expansion result values. + Value *EntityExpandResponseValue `json:"value,omitempty"` +} + +// EntityExpandResponseValue the expansion result values. +type EntityExpandResponseValue struct { + // Entities - Array of the expansion result entities. + Entities *[]BasicEntity `json:"entities,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct. +func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "entities": + if v != nil { + entities, err := unmarshalBasicEntityArray(*v) + if err != nil { + return err + } + eer.Entities = &entities + } + } + } + + return nil +} + +// EntityKind1 describes an entity with kind. +type EntityKind1 struct { + // Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark' + Kind EntityKind `json:"kind,omitempty"` +} + +// EntityList list of all the entities. +type EntityList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of entities. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of entities. + Value *[]BasicEntity `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for EntityList. +func (el EntityList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if el.Value != nil { + objectMap["value"] = el.Value + } + return json.Marshal(objectMap) +} // UnmarshalJSON is the custom unmarshaler for EntityList struct. func (el *EntityList) UnmarshalJSON(body []byte) error { @@ -5490,8 +5893,11 @@ func (page EntityListPage) Values() []BasicEntity { } // Creates a new instance of the EntityListPage type. -func NewEntityListPage(getNextPage func(context.Context, EntityList) (EntityList, error)) EntityListPage { - return EntityListPage{fn: getNextPage} +func NewEntityListPage(cur EntityList, getNextPage func(context.Context, EntityList) (EntityList, error)) EntityListPage { + return EntityListPage{ + fn: getNextPage, + el: cur, + } } // EntityModel ... @@ -5745,8 +6151,11 @@ func (page EntityQueryListPage) Values() []EntityQuery { } // Creates a new instance of the EntityQueryListPage type. -func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage { - return EntityQueryListPage{fn: getNextPage} +func NewEntityQueryListPage(cur EntityQueryList, getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage { + return EntityQueryListPage{ + fn: getNextPage, + eql: cur, + } } // EntityQueryProperties describes entity query properties @@ -5765,6 +6174,159 @@ type EntityQueryProperties struct { QueryTemplate *string `json:"queryTemplate,omitempty"` } +// BasicEntityTimelineItem entity timeline Item. +type BasicEntityTimelineItem interface { + AsActivityTimelineItem() (*ActivityTimelineItem, bool) + AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool) + AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool) + AsEntityTimelineItem() (*EntityTimelineItem, bool) +} + +// EntityTimelineItem entity timeline Item. +type EntityTimelineItem struct { + // Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark' + Kind KindBasicEntityTimelineItem `json:"kind,omitempty"` +} + +func unmarshalBasicEntityTimelineItem(body []byte) (BasicEntityTimelineItem, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindBasicEntityTimelineItemKindActivity): + var ati ActivityTimelineItem + err := json.Unmarshal(body, &ati) + return ati, err + case string(KindBasicEntityTimelineItemKindSecurityAlert): + var sati SecurityAlertTimelineItem + err := json.Unmarshal(body, &sati) + return sati, err + case string(KindBasicEntityTimelineItemKindBookmark): + var bti BookmarkTimelineItem + err := json.Unmarshal(body, &bti) + return bti, err + default: + var eti EntityTimelineItem + err := json.Unmarshal(body, &eti) + return eti, err + } +} +func unmarshalBasicEntityTimelineItemArray(body []byte) ([]BasicEntityTimelineItem, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + etiArray := make([]BasicEntityTimelineItem, len(rawMessages)) + + for index, rawMessage := range rawMessages { + eti, err := unmarshalBasicEntityTimelineItem(*rawMessage) + if err != nil { + return nil, err + } + etiArray[index] = eti + } + return etiArray, nil +} + +// MarshalJSON is the custom marshaler for EntityTimelineItem. +func (eti EntityTimelineItem) MarshalJSON() ([]byte, error) { + eti.Kind = KindBasicEntityTimelineItemKindEntityTimelineItem + objectMap := make(map[string]interface{}) + if eti.Kind != "" { + objectMap["kind"] = eti.Kind + } + return json.Marshal(objectMap) +} + +// AsActivityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem. +func (eti EntityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool) { + return nil, false +} + +// AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem. +func (eti EntityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool) { + return nil, false +} + +// AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem. +func (eti EntityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool) { + return nil, false +} + +// AsEntityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem. +func (eti EntityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool) { + return &eti, true +} + +// AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem. +func (eti EntityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool) { + return &eti, true +} + +// EntityTimelineParameters the parameters required to execute s timeline operation on the given entity. +type EntityTimelineParameters struct { + // Kinds - Array of timeline Item kinds. + Kinds *[]EntityTimelineKind `json:"kinds,omitempty"` + // StartTime - The start timeline date, so the results returned are after this date. + StartTime *date.Time `json:"startTime,omitempty"` + // EndTime - The end timeline date, so the results returned are before this date. + EndTime *date.Time `json:"endTime,omitempty"` + // NumberOfBucket - The number of bucket for timeline queries aggregation. + NumberOfBucket *int32 `json:"numberOfBucket,omitempty"` +} + +// EntityTimelineResponse the entity timeline result operation response. +type EntityTimelineResponse struct { + autorest.Response `json:"-"` + // MetaData - The metadata from the timeline operation results. + MetaData *TimelineResultsMetadata `json:"metaData,omitempty"` + // Value - The timeline result values. + Value *[]BasicEntityTimelineItem `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for EntityTimelineResponse struct. +func (etr *EntityTimelineResponse) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "metaData": + if v != nil { + var metaData TimelineResultsMetadata + err = json.Unmarshal(*v, &metaData) + if err != nil { + return err + } + etr.MetaData = &metaData + } + case "value": + if v != nil { + value, err := unmarshalBasicEntityTimelineItemArray(*v) + if err != nil { + return err + } + etr.Value = &value + } + } + } + + return nil +} + +// EventGroupingSettings event grouping settings property bag. +type EventGroupingSettings struct { + // AggregationKind - Possible values include: 'SingleAlert', 'AlertPerResult' + AggregationKind EventGroupingAggregationKind `json:"aggregationKind,omitempty"` +} + // ExpansionResultAggregation information of a specific aggregation in the expansion result. type ExpansionResultAggregation struct { // AggregationType - The common type of the aggregation. (for e.g. entity field name) @@ -5795,7 +6357,7 @@ type EyesOn struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindEyesOn' + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -5820,6 +6382,16 @@ func (eo EyesOn) AsEyesOn() (*EyesOn, bool) { return &eo, true } +// AsEntityAnalytics is the BasicSettings implementation for EyesOn. +func (eo EyesOn) AsEntityAnalytics() (*EntityAnalytics, bool) { + return nil, false +} + +// AsUeba is the BasicSettings implementation for EyesOn. +func (eo EyesOn) AsUeba() (*Ueba, bool) { + return nil, false +} + // AsSettings is the BasicSettings implementation for EyesOn. func (eo EyesOn) AsSettings() (*Settings, bool) { return nil, false @@ -5915,7 +6487,7 @@ type FileEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5967,6 +6539,16 @@ func (fe FileEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for FileEntity. func (fe FileEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -5992,11 +6574,6 @@ func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for FileEntity. func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -6114,7 +6691,7 @@ type FileHashEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -6166,6 +6743,16 @@ func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for FileHashEntity. func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -6191,11 +6778,6 @@ func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity. func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -6656,7 +7238,7 @@ type HostEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -6708,6 +7290,16 @@ func (he HostEntity) AsHostEntity() (*HostEntity, bool) { return &he, true } +// AsHuntingBookmark is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for HostEntity. func (he HostEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -6733,11 +7325,6 @@ func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for HostEntity. func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -6858,6 +7445,257 @@ func (hep HostEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// HuntingBookmark represents a Hunting bookmark entity. +type HuntingBookmark struct { + // HuntingBookmarkProperties - HuntingBookmark entity properties + *HuntingBookmarkProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for HuntingBookmark. +func (hb HuntingBookmark) MarshalJSON() ([]byte, error) { + hb.Kind = KindBookmark + objectMap := make(map[string]interface{}) + if hb.HuntingBookmarkProperties != nil { + objectMap["properties"] = hb.HuntingBookmarkProperties + } + if hb.Kind != "" { + objectMap["kind"] = hb.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsHuntingBookmark is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsHuntingBookmark() (*HuntingBookmark, bool) { + return &hb, true +} + +// AsSecurityAlert is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsIoTDeviceEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for HuntingBookmark. +func (hb HuntingBookmark) AsBasicEntity() (BasicEntity, bool) { + return &hb, true +} + +// UnmarshalJSON is the custom unmarshaler for HuntingBookmark struct. +func (hb *HuntingBookmark) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var huntingBookmarkProperties HuntingBookmarkProperties + err = json.Unmarshal(*v, &huntingBookmarkProperties) + if err != nil { + return err + } + hb.HuntingBookmarkProperties = &huntingBookmarkProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + hb.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + hb.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + hb.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + hb.Kind = kind + } + } + } + + return nil +} + +// HuntingBookmarkProperties describes bookmark properties +type HuntingBookmarkProperties struct { + // Created - The time the bookmark was created + Created *date.Time `json:"created,omitempty"` + // CreatedBy - Describes a user that created the bookmark + CreatedBy *UserInfo `json:"createdBy,omitempty"` + // DisplayName - The display name of the bookmark + DisplayName *string `json:"displayName,omitempty"` + // EventTime - The time of the event + EventTime *date.Time `json:"eventTime,omitempty"` + // Labels - List of labels relevant to this bookmark + Labels *[]string `json:"labels,omitempty"` + // Notes - The notes of the bookmark + Notes *string `json:"notes,omitempty"` + // Query - The query of the bookmark. + Query *string `json:"query,omitempty"` + // QueryResult - The query result of the bookmark. + QueryResult *string `json:"queryResult,omitempty"` + // Updated - The last time the bookmark was updated + Updated *date.Time `json:"updated,omitempty"` + // UpdatedBy - Describes a user that updated the bookmark + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` + // IncidentInfo - Describes an incident that relates to bookmark + IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for HuntingBookmarkProperties. +func (hbp HuntingBookmarkProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if hbp.Created != nil { + objectMap["created"] = hbp.Created + } + if hbp.CreatedBy != nil { + objectMap["createdBy"] = hbp.CreatedBy + } + if hbp.DisplayName != nil { + objectMap["displayName"] = hbp.DisplayName + } + if hbp.EventTime != nil { + objectMap["eventTime"] = hbp.EventTime + } + if hbp.Labels != nil { + objectMap["labels"] = hbp.Labels + } + if hbp.Notes != nil { + objectMap["notes"] = hbp.Notes + } + if hbp.Query != nil { + objectMap["query"] = hbp.Query + } + if hbp.QueryResult != nil { + objectMap["queryResult"] = hbp.QueryResult + } + if hbp.Updated != nil { + objectMap["updated"] = hbp.Updated + } + if hbp.UpdatedBy != nil { + objectMap["updatedBy"] = hbp.UpdatedBy + } + if hbp.IncidentInfo != nil { + objectMap["incidentInfo"] = hbp.IncidentInfo + } + return json.Marshal(objectMap) +} + // Incident represents an incident in Azure Security Insights. type Incident struct { autorest.Response `json:"-"` @@ -6959,6 +7797,20 @@ type IncidentAdditionalData struct { Tactics *[]AttackTactic `json:"tactics,omitempty"` } +// IncidentAlertList list of incident alerts. +type IncidentAlertList struct { + autorest.Response `json:"-"` + // Value - Array of incident alerts. + Value *[]SecurityAlert `json:"value,omitempty"` +} + +// IncidentBookmarkList list of incident bookmarks. +type IncidentBookmarkList struct { + autorest.Response `json:"-"` + // Value - Array of incident bookmarks. + Value *[]HuntingBookmark `json:"value,omitempty"` +} + // IncidentComment represents an incident comment type IncidentComment struct { autorest.Response `json:"-"` @@ -6970,6 +7822,8 @@ type IncidentComment struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` } // MarshalJSON is the custom marshaler for IncidentComment. @@ -6978,6 +7832,9 @@ func (ic IncidentComment) MarshalJSON() ([]byte, error) { if ic.IncidentCommentProperties != nil { objectMap["properties"] = ic.IncidentCommentProperties } + if ic.Etag != nil { + objectMap["etag"] = ic.Etag + } return json.Marshal(objectMap) } @@ -7026,6 +7883,15 @@ func (ic *IncidentComment) UnmarshalJSON(body []byte) error { } ic.Type = &typeVar } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ic.Etag = &etag + } } } @@ -7193,14 +8059,19 @@ func (page IncidentCommentListPage) Values() []IncidentComment { } // Creates a new instance of the IncidentCommentListPage type. -func NewIncidentCommentListPage(getNextPage func(context.Context, IncidentCommentList) (IncidentCommentList, error)) IncidentCommentListPage { - return IncidentCommentListPage{fn: getNextPage} +func NewIncidentCommentListPage(cur IncidentCommentList, getNextPage func(context.Context, IncidentCommentList) (IncidentCommentList, error)) IncidentCommentListPage { + return IncidentCommentListPage{ + fn: getNextPage, + icl: cur, + } } // IncidentCommentProperties incident comment property bag. type IncidentCommentProperties struct { // CreatedTimeUtc - READ-ONLY; The time the comment was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // LastModifiedTimeUtc - READ-ONLY; The time the comment was updated + LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"` // Message - The comment message Message *string `json:"message,omitempty"` // Author - READ-ONLY; Describes the client that created the comment @@ -7224,6 +8095,56 @@ type IncidentConfiguration struct { GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"` } +// IncidentEntitiesResponse the incident related entities response. +type IncidentEntitiesResponse struct { + autorest.Response `json:"-"` + // Entities - Array of the incident related entities. + Entities *[]BasicEntity `json:"entities,omitempty"` + // MetaData - The metadata from the incident related entities results. + MetaData *[]IncidentEntitiesResultsMetadata `json:"metaData,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for IncidentEntitiesResponse struct. +func (ier *IncidentEntitiesResponse) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "entities": + if v != nil { + entities, err := unmarshalBasicEntityArray(*v) + if err != nil { + return err + } + ier.Entities = &entities + } + case "metaData": + if v != nil { + var metaData []IncidentEntitiesResultsMetadata + err = json.Unmarshal(*v, &metaData) + if err != nil { + return err + } + ier.MetaData = &metaData + } + } + } + + return nil +} + +// IncidentEntitiesResultsMetadata information of a specific aggregation in the incident related entities +// result. +type IncidentEntitiesResultsMetadata struct { + // Count - Total number of aggregations of the given kind in the incident related entities result. + Count *int32 `json:"count,omitempty"` + // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark' + EntityKind EntityKind `json:"entityKind,omitempty"` +} + // IncidentInfo describes related incident information for the bookmark type IncidentInfo struct { // IncidentID - Incident Id @@ -7414,8 +8335,11 @@ func (page IncidentListPage) Values() []Incident { } // Creates a new instance of the IncidentListPage type. -func NewIncidentListPage(getNextPage func(context.Context, IncidentList) (IncidentList, error)) IncidentListPage { - return IncidentListPage{fn: getNextPage} +func NewIncidentListPage(cur IncidentList, getNextPage func(context.Context, IncidentList) (IncidentList, error)) IncidentListPage { + return IncidentListPage{ + fn: getNextPage, + il: cur, + } } // IncidentOwnerInfo information on the user an incident is assigned to @@ -7517,7 +8441,7 @@ type IoTDeviceEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7569,6 +8493,16 @@ func (itde IoTDeviceEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for IoTDeviceEntity. func (itde IoTDeviceEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -7594,11 +8528,6 @@ func (itde IoTDeviceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) return nil, false } -// AsSecurityAlert is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for IoTDeviceEntity. func (itde IoTDeviceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -7724,7 +8653,7 @@ type IPEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7776,6 +8705,16 @@ func (ie IPEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for IPEntity. func (ie IPEntity) AsIPEntity() (*IPEntity, bool) { return &ie, true @@ -7801,11 +8740,6 @@ func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for IPEntity. func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -7924,7 +8858,7 @@ type MalwareEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7976,6 +8910,16 @@ func (me MalwareEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for MalwareEntity. func (me MalwareEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -8001,11 +8945,6 @@ func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity. func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -8117,7 +9056,7 @@ func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error) { type MCASCheckRequirements struct { // MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties. *MCASCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -8164,6 +9103,11 @@ func (mcr MCASCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirem return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements. +func (mcr MCASCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements. func (mcr MCASCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -8235,7 +9179,7 @@ type MCASDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -8285,6 +9229,11 @@ func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -8379,7 +9328,8 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { return nil } -// MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data connector. +// MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data +// connector. type MCASDataConnectorDataTypes struct { // DiscoveryLogs - Discovery log data type connection. DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"` @@ -8401,12 +9351,12 @@ type MCASDataConnectorProperties struct { TenantID *string `json:"tenantId,omitempty"` } -// MDATPCheckRequirements represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check -// request. +// MDATPCheckRequirements represents MDATP (Microsoft Defender Advanced Threat Protection) requirements +// check request. type MDATPCheckRequirements struct { // MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. *MDATPCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -8453,6 +9403,11 @@ func (mcr MDATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequire return &mcr, true } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements. +func (mcr MDATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements. func (mcr MDATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -8506,8 +9461,8 @@ func (mcr *MDATPCheckRequirements) UnmarshalJSON(body []byte) error { return nil } -// MDATPCheckRequirementsProperties MDATP (Microsoft Defender Advanced Threat Protection) requirements check -// properties. +// MDATPCheckRequirementsProperties MDATP (Microsoft Defender Advanced Threat Protection) requirements +// check properties. type MDATPCheckRequirementsProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` @@ -8525,7 +9480,7 @@ type MDATPDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -8575,6 +9530,11 @@ func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) return &mdc, true } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false @@ -8811,13 +9771,14 @@ type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct { DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` - // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` } -// MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property bag. +// MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property +// bag. type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` @@ -8833,7 +9794,7 @@ type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` - // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` @@ -8982,8 +9943,8 @@ func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON return nil } -// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule template -// properties +// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule +// template properties type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` @@ -9001,7 +9962,7 @@ type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` - // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` @@ -9040,6 +10001,293 @@ func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) Mars return json.Marshal(objectMap) } +// OfficeATPCheckRequirements represents OfficeATP (Office 365 Advanced Threat Protection) requirements +// check request. +type OfficeATPCheckRequirements struct { + // OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. + *OfficeATPCheckRequirementsProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) MarshalJSON() ([]byte, error) { + oacr.Kind = KindBasicDataConnectorsCheckRequirementsKindOfficeATP + objectMap := make(map[string]interface{}) + if oacr.OfficeATPCheckRequirementsProperties != nil { + objectMap["properties"] = oacr.OfficeATPCheckRequirementsProperties + } + if oacr.Kind != "" { + objectMap["kind"] = oacr.Kind + } + return json.Marshal(objectMap) +} + +// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { + return nil, false +} + +// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { + return nil, false +} + +// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { + return nil, false +} + +// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { + return nil, false +} + +// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { + return nil, false +} + +// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { + return nil, false +} + +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return &oacr, true +} + +// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { + return nil, false +} + +// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { + return nil, false +} + +// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { + return nil, false +} + +// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements. +func (oacr OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { + return &oacr, true +} + +// UnmarshalJSON is the custom unmarshaler for OfficeATPCheckRequirements struct. +func (oacr *OfficeATPCheckRequirements) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeATPCheckRequirementsProperties OfficeATPCheckRequirementsProperties + err = json.Unmarshal(*v, &officeATPCheckRequirementsProperties) + if err != nil { + return err + } + oacr.OfficeATPCheckRequirementsProperties = &officeATPCheckRequirementsProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnectorsCheckRequirements + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + oacr.Kind = kind + } + } + } + + return nil +} + +// OfficeATPCheckRequirementsProperties officeATP (Office 365 Advanced Threat Protection) requirements +// check properties. +type OfficeATPCheckRequirementsProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// OfficeATPDataConnector represents OfficeATP (Office 365 Advanced Threat Protection) data connector. +type OfficeATPDataConnector struct { + // OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties. + *OfficeATPDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) MarshalJSON() ([]byte, error) { + oadc.Kind = KindOfficeATP + objectMap := make(map[string]interface{}) + if oadc.OfficeATPDataConnectorProperties != nil { + objectMap["properties"] = oadc.OfficeATPDataConnectorProperties + } + if oadc.Etag != nil { + objectMap["etag"] = oadc.Etag + } + if oadc.Kind != "" { + objectMap["kind"] = oadc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return &oadc, true +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector. +func (oadc OfficeATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &oadc, true +} + +// UnmarshalJSON is the custom unmarshaler for OfficeATPDataConnector struct. +func (oadc *OfficeATPDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeATPDataConnectorProperties OfficeATPDataConnectorProperties + err = json.Unmarshal(*v, &officeATPDataConnectorProperties) + if err != nil { + return err + } + oadc.OfficeATPDataConnectorProperties = &officeATPDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + oadc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + oadc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + oadc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + oadc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + oadc.Kind = kind + } + } + } + + return nil +} + +// OfficeATPDataConnectorProperties officeATP (Office 365 Advanced Threat Protection) data connector +// properties. +type OfficeATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + // OfficeConsent consent for Office365 tenant that already made. type OfficeConsent struct { autorest.Response `json:"-"` @@ -9274,8 +10522,11 @@ func (page OfficeConsentListPage) Values() []OfficeConsent { } // Creates a new instance of the OfficeConsentListPage type. -func NewOfficeConsentListPage(getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage { - return OfficeConsentListPage{fn: getNextPage} +func NewOfficeConsentListPage(cur OfficeConsentList, getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage { + return OfficeConsentListPage{ + fn: getNextPage, + ocl: cur, + } } // OfficeConsentProperties consent property bag. @@ -9307,7 +10558,7 @@ type OfficeDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -9357,6 +10608,11 @@ func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool return nil, false } +// AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + // AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return &odc, true @@ -9457,6 +10713,8 @@ type OfficeDataConnectorDataTypes struct { Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` // SharePoint - SharePoint data type connection. SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` + // Teams - Teams data type connection. + Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"` } // OfficeDataConnectorDataTypesExchange exchange data type connection. @@ -9471,6 +10729,12 @@ type OfficeDataConnectorDataTypesSharePoint struct { State DataTypeState `json:"state,omitempty"` } +// OfficeDataConnectorDataTypesTeams teams data type connection. +type OfficeDataConnectorDataTypesTeams struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + // OfficeDataConnectorProperties office data connector properties. type OfficeDataConnectorProperties struct { // DataTypes - The available data types for the connector. @@ -9651,8 +10915,11 @@ func (page OperationsListPage) Values() []Operation { } // Creates a new instance of the OperationsListPage type. -func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { - return OperationsListPage{fn: getNextPage} +func NewOperationsListPage(cur OperationsList, getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { + return OperationsListPage{ + fn: getNextPage, + ol: cur, + } } // ProcessEntity represents a process entity. @@ -9665,7 +10932,7 @@ type ProcessEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -9717,6 +10984,16 @@ func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for ProcessEntity. func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -9742,11 +11019,6 @@ func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) return nil, false } -// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity. func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -9877,7 +11149,7 @@ type RegistryKeyEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -9929,6 +11201,16 @@ func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for RegistryKeyEntity. func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -9954,11 +11236,6 @@ func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool return nil, false } -// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity. func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -10072,7 +11349,7 @@ type RegistryValueEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -10124,6 +11401,16 @@ func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for RegistryValueEntity. func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -10149,11 +11436,6 @@ func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bo return &rve, true } -// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity. func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -10532,8 +11814,11 @@ func (page RelationListPage) Values() []Relation { } // Creates a new instance of the RelationListPage type. -func NewRelationListPage(getNextPage func(context.Context, RelationList) (RelationList, error)) RelationListPage { - return RelationListPage{fn: getNextPage} +func NewRelationListPage(cur RelationList, getNextPage func(context.Context, RelationList) (RelationList, error)) RelationListPage { + return RelationListPage{ + fn: getNextPage, + rl: cur, + } } // RelationNode relation node @@ -10862,6 +12147,8 @@ type ScheduledAlertRuleCommonProperties struct { TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // EventGroupingSettings - The event grouping settings. + EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` } // ScheduledAlertRuleProperties scheduled alert rule base property bag. @@ -10896,6 +12183,8 @@ type ScheduledAlertRuleProperties struct { TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // EventGroupingSettings - The event grouping settings. + EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` } // MarshalJSON is the custom marshaler for ScheduledAlertRuleProperties. @@ -10943,6 +12232,9 @@ func (sarp ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error) { if sarp.TriggerThreshold != nil { objectMap["triggerThreshold"] = sarp.TriggerThreshold } + if sarp.EventGroupingSettings != nil { + objectMap["eventGroupingSettings"] = sarp.EventGroupingSettings + } return json.Marshal(objectMap) } @@ -11084,6 +12376,8 @@ type ScheduledAlertRuleTemplateProperties struct { TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // EventGroupingSettings - The event grouping settings. + EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` // Tactics - The tactics of the alert rule template Tactics *[]AttackTactic `json:"tactics,omitempty"` } @@ -11124,6 +12418,9 @@ func (sart ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { if sart.TriggerThreshold != nil { objectMap["triggerThreshold"] = sart.TriggerThreshold } + if sart.EventGroupingSettings != nil { + objectMap["eventGroupingSettings"] = sart.EventGroupingSettings + } if sart.Tactics != nil { objectMap["tactics"] = sart.Tactics } @@ -11140,7 +12437,7 @@ type SecurityAlert struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -11192,6 +12489,16 @@ func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { + return &sa, true +} + // AsIPEntity is the BasicEntity implementation for SecurityAlert. func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -11217,11 +12524,6 @@ func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { - return &sa, true -} - // AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert. func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -11382,6 +12684,87 @@ type SecurityAlertPropertiesConfidenceReasonsItem struct { ReasonType *string `json:"reasonType,omitempty"` } +// SecurityAlertTimelineItem represents security alert timeline item. +type SecurityAlertTimelineItem struct { + // AzureResourceID - The alert azure resource id. + AzureResourceID *string `json:"azureResourceId,omitempty"` + // ProductName - The alert product name. + ProductName *string `json:"productName,omitempty"` + // DisplayName - The alert name. + DisplayName *string `json:"displayName,omitempty"` + // Severity - The alert severity. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // EndTimeUtc - The alert end time. + EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` + // StartTimeUtc - The alert start time. + StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` + // TimeGenerated - The alert generated time. + TimeGenerated *date.Time `json:"timeGenerated,omitempty"` + // AlertType - The name of the alert type. + AlertType *string `json:"alertType,omitempty"` + // Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark' + Kind KindBasicEntityTimelineItem `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for SecurityAlertTimelineItem. +func (sati SecurityAlertTimelineItem) MarshalJSON() ([]byte, error) { + sati.Kind = KindBasicEntityTimelineItemKindSecurityAlert + objectMap := make(map[string]interface{}) + if sati.AzureResourceID != nil { + objectMap["azureResourceId"] = sati.AzureResourceID + } + if sati.ProductName != nil { + objectMap["productName"] = sati.ProductName + } + if sati.DisplayName != nil { + objectMap["displayName"] = sati.DisplayName + } + if sati.Severity != "" { + objectMap["severity"] = sati.Severity + } + if sati.EndTimeUtc != nil { + objectMap["endTimeUtc"] = sati.EndTimeUtc + } + if sati.StartTimeUtc != nil { + objectMap["startTimeUtc"] = sati.StartTimeUtc + } + if sati.TimeGenerated != nil { + objectMap["timeGenerated"] = sati.TimeGenerated + } + if sati.AlertType != nil { + objectMap["alertType"] = sati.AlertType + } + if sati.Kind != "" { + objectMap["kind"] = sati.Kind + } + return json.Marshal(objectMap) +} + +// AsActivityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem. +func (sati SecurityAlertTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool) { + return nil, false +} + +// AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem. +func (sati SecurityAlertTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool) { + return &sati, true +} + +// AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem. +func (sati SecurityAlertTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool) { + return nil, false +} + +// AsEntityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem. +func (sati SecurityAlertTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool) { + return nil, false +} + +// AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem. +func (sati SecurityAlertTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool) { + return &sati, true +} + // SecurityGroupEntity represents a security group entity. type SecurityGroupEntity struct { // SecurityGroupEntityProperties - SecurityGroup entity properties @@ -11392,7 +12775,7 @@ type SecurityGroupEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -11444,6 +12827,16 @@ func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for SecurityGroupEntity. func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -11469,11 +12862,6 @@ func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bo return nil, false } -// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity. func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return &sge, true @@ -11612,6 +13000,8 @@ func (sl *SettingList) UnmarshalJSON(body []byte) error { // BasicSettings the Setting. type BasicSettings interface { AsEyesOn() (*EyesOn, bool) + AsEntityAnalytics() (*EntityAnalytics, bool) + AsUeba() (*Ueba, bool) AsSettings() (*Settings, bool) } @@ -11626,7 +13016,7 @@ type Settings struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindEyesOn' + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -11642,6 +13032,14 @@ func unmarshalBasicSettings(body []byte) (BasicSettings, error) { var eo EyesOn err := json.Unmarshal(body, &eo) return eo, err + case string(KindEntityAnalytics): + var ea EntityAnalytics + err := json.Unmarshal(body, &ea) + return ea, err + case string(KindUeba): + var u Ueba + err := json.Unmarshal(body, &u) + return u, err default: var s Settings err := json.Unmarshal(body, &s) @@ -11685,6 +13083,16 @@ func (s Settings) AsEyesOn() (*EyesOn, bool) { return nil, false } +// AsEntityAnalytics is the BasicSettings implementation for Settings. +func (s Settings) AsEntityAnalytics() (*EntityAnalytics, bool) { + return nil, false +} + +// AsUeba is the BasicSettings implementation for Settings. +func (s Settings) AsUeba() (*Ueba, bool) { + return nil, false +} + // AsSettings is the BasicSettings implementation for Settings. func (s Settings) AsSettings() (*Settings, bool) { return &s, true @@ -11697,8 +13105,8 @@ func (s Settings) AsBasicSettings() (BasicSettings, bool) { // SettingsKind describes an Azure resource with kind. type SettingsKind struct { - // Kind - The kind of the setting - Kind *string `json:"kind,omitempty"` + // Kind - The kind of the setting. Possible values include: 'SettingKindEyesOn', 'SettingKindEntityAnalytics', 'SettingKindUeba' + Kind SettingKind `json:"kind,omitempty"` } // SettingsModel ... @@ -11734,120 +13142,64 @@ type ThreatIntelligence struct { ThreatType *string `json:"threatType,omitempty"` } -// TICheckRequirements represents threat intelligence requirements check request. -type TICheckRequirements struct { - // TICheckRequirementsProperties - TI (Threat Intelligence) requirements check properties. - *TICheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' - Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` -} - -// MarshalJSON is the custom marshaler for TICheckRequirements. -func (tcr TICheckRequirements) MarshalJSON() ([]byte, error) { - tcr.Kind = KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence - objectMap := make(map[string]interface{}) - if tcr.TICheckRequirementsProperties != nil { - objectMap["properties"] = tcr.TICheckRequirementsProperties - } - if tcr.Kind != "" { - objectMap["kind"] = tcr.Kind - } - return json.Marshal(objectMap) -} - -// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { - return nil, false -} - -// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { - return nil, false -} - -// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { - return nil, false -} - -// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { - return nil, false -} - -// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { - return nil, false -} - -// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { - return nil, false -} - -// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { - return &tcr, true -} - -// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { - return nil, false -} - -// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { - return nil, false -} - -// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. -func (tcr TICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { - return &tcr, true -} - -// UnmarshalJSON is the custom unmarshaler for TICheckRequirements struct. -func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var tICheckRequirementsProperties TICheckRequirementsProperties - err = json.Unmarshal(*v, &tICheckRequirementsProperties) - if err != nil { - return err - } - tcr.TICheckRequirementsProperties = &tICheckRequirementsProperties - } - case "kind": - if v != nil { - var kind KindBasicDataConnectorsCheckRequirements - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - tcr.Kind = kind - } - } - } - - return nil -} - -// TICheckRequirementsProperties TI (Threat Intelligence) requirements check properties. -type TICheckRequirementsProperties struct { - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` -} - -// TIDataConnector represents threat intelligence data connector. -type TIDataConnector struct { - // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. - *TIDataConnectorProperties `json:"properties,omitempty"` +// ThreatIntelligenceAppendTagsRequestBody describes threat intelligence indicator append tags request body +type ThreatIntelligenceAppendTagsRequestBody struct { + // ThreatIntelligenceTags - List of threat intelligence tags + ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"` +} + +// ThreatIntelligenceArmStixQuery describes threat intelligence ARM STIX query +type ThreatIntelligenceArmStixQuery struct { + // PageSize - Page size + PageSize *int32 `json:"pageSize,omitempty"` + // MinConfidence - Minimum confidence + MinConfidence *int32 `json:"minConfidence,omitempty"` + // MaxConfidence - Maximum confidence + MaxConfidence *int32 `json:"maxConfidence,omitempty"` + // MinValidUntil - Minimum Valid until + MinValidUntil *string `json:"minValidUntil,omitempty"` + // MaxValidUntil - Maximum Valid until + MaxValidUntil *string `json:"maxValidUntil,omitempty"` + // IncludeDisabled - To include disabled indicators + IncludeDisabled *bool `json:"includeDisabled,omitempty"` + // SortBy - List of Sort rules + SortBy *[]ThreatIntelligenceArmStixSortBy1 `json:"sortBy,omitempty"` + // Sources - Sources of a threat intelligence entity + Sources *[]string `json:"sources,omitempty"` + // PatternTypes - Pattern types + PatternTypes *[]string `json:"patternTypes,omitempty"` + // ThreatTypes - Threat types + ThreatTypes *[]string `json:"threatTypes,omitempty"` + // Ids - Ids of threat intelligence entities + Ids *[]string `json:"ids,omitempty"` + // Keywords - Keywords of threat intelligence entities + Keywords *[]string `json:"keywords,omitempty"` + // SkipToken - Skip Token + SkipToken *string `json:"skipToken,omitempty"` +} + +// ThreatIntelligenceArmStixSortBy1 describes an threat intelligence ARM STIX Sort By +type ThreatIntelligenceArmStixSortBy1 struct { + // ItemKey - Item key + ItemKey *string `json:"itemKey,omitempty"` + // SortOrder - Sort order. Possible values include: 'Unsorted', 'Ascending', 'Descending' + SortOrder ThreatIntelligenceArmStixSortBy `json:"sortOrder,omitempty"` +} + +// ThreatIntelligenceGranularMarkingModel describes threat granular marking model entity +type ThreatIntelligenceGranularMarkingModel struct { + // Language - Language granular marking model + Language *string `json:"language,omitempty"` + // MarkingRef - marking reference granular marking model + MarkingRef *int32 `json:"markingRef,omitempty"` + // Selectors - granular marking model selectors + Selectors *[]string `json:"selectors,omitempty"` +} + +// ThreatIntelligenceIndicatorModel threat intelligence indicator entity. +type ThreatIntelligenceIndicatorModel struct { + // ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties + *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name @@ -11856,83 +13208,43 @@ type TIDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindThreatIntelligenceResource', 'KindIndicator' + Kind KindBasicThreatIntelligenceResource `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for TIDataConnector. -func (tdc TIDataConnector) MarshalJSON() ([]byte, error) { - tdc.Kind = KindThreatIntelligence +// MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error) { + tiim.Kind = KindIndicator objectMap := make(map[string]interface{}) - if tdc.TIDataConnectorProperties != nil { - objectMap["properties"] = tdc.TIDataConnectorProperties + if tiim.ThreatIntelligenceIndicatorProperties != nil { + objectMap["properties"] = tiim.ThreatIntelligenceIndicatorProperties } - if tdc.Etag != nil { - objectMap["etag"] = tdc.Etag + if tiim.Etag != nil { + objectMap["etag"] = tiim.Etag } - if tdc.Kind != "" { - objectMap["kind"] = tdc.Kind + if tiim.Kind != "" { + objectMap["kind"] = tiim.Kind } return json.Marshal(objectMap) } -// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return nil, false -} - -// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return nil, false -} - -// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { - return nil, false -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false -} - -// AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return nil, false -} - -// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { - return nil, false -} - -// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false -} - -// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return &tdc, true -} - -// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { - return nil, false +// AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool) { + return &tiim, true } -// AsDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceResource() (*ThreatIntelligenceResource, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &tdc, true +// AsBasicThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceIndicatorModel. +func (tiim ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceResource() (BasicThreatIntelligenceResource, bool) { + return &tiim, true } -// UnmarshalJSON is the custom unmarshaler for TIDataConnector struct. -func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorModel struct. +func (tiim *ThreatIntelligenceIndicatorModel) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -11942,12 +13254,12 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var tIDataConnectorProperties TIDataConnectorProperties - err = json.Unmarshal(*v, &tIDataConnectorProperties) + var threatIntelligenceIndicatorProperties ThreatIntelligenceIndicatorProperties + err = json.Unmarshal(*v, &threatIntelligenceIndicatorProperties) if err != nil { return err } - tdc.TIDataConnectorProperties = &tIDataConnectorProperties + tiim.ThreatIntelligenceIndicatorProperties = &threatIntelligenceIndicatorProperties } case "id": if v != nil { @@ -11956,7 +13268,7 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - tdc.ID = &ID + tiim.ID = &ID } case "name": if v != nil { @@ -11965,7 +13277,7 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - tdc.Name = &name + tiim.Name = &name } case "type": if v != nil { @@ -11974,7 +13286,7 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - tdc.Type = &typeVar + tiim.Type = &typeVar } case "etag": if v != nil { @@ -11983,16 +13295,16 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - tdc.Etag = &etag + tiim.Etag = &etag } case "kind": if v != nil { - var kind KindBasicDataConnector + var kind KindBasicThreatIntelligenceResource err = json.Unmarshal(*v, &kind) if err != nil { return err } - tdc.Kind = kind + tiim.Kind = kind } } } @@ -12000,19 +13312,832 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { return nil } -// TIDataConnectorDataTypes the available data types for TI (Threat Intelligence) data connector. -type TIDataConnectorDataTypes struct { - // Indicators - Data type for indicators connection. - Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` -} - -// TIDataConnectorDataTypesIndicators data type for indicators connection. -type TIDataConnectorDataTypesIndicators struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` -} +// ThreatIntelligenceIndicatorProperties describes threat intelligence entity properties +type ThreatIntelligenceIndicatorProperties struct { + // ThreatIntelligenceTags - List of tags + ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"` + // LastUpdatedTimeUtc - Last updated time in UTC + LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"` + // Source - Source of a threat intelligence entity + Source *string `json:"source,omitempty"` + // DisplayName - Display name of a threat intelligence entity + DisplayName *string `json:"displayName,omitempty"` + // Description - Description of a threat intelligence entity + Description *string `json:"description,omitempty"` + // IndicatorTypes - Indicator types of threat intelligence entities + IndicatorTypes *[]string `json:"indicatorTypes,omitempty"` + // Pattern - Pattern of a threat intelligence entity + Pattern *string `json:"pattern,omitempty"` + // PatternType - Pattern type of a threat intelligence entity + PatternType *string `json:"patternType,omitempty"` + // KillChainPhases - Kill chain phases + KillChainPhases *[]ThreatIntelligenceKillChainPhase `json:"killChainPhases,omitempty"` + // ExternalID - External ID of threat intelligence entity + ExternalID *string `json:"externalId,omitempty"` + // CreatedByRef - Created by reference of threat intelligence entity + CreatedByRef *string `json:"createdByRef,omitempty"` + // ExternalReferences - External References + ExternalReferences *[]string `json:"externalReferences,omitempty"` + // GranularMarkings - Granular Markings + GranularMarkings *[]ThreatIntelligenceGranularMarkingModel `json:"granularMarkings,omitempty"` + // Revoked - Is threat intelligence entity revoked + Revoked *bool `json:"revoked,omitempty"` + // Confidence - Confidence of threat intelligence entity + Confidence *int32 `json:"confidence,omitempty"` + // Labels - Labels of threat intelligence entity + Labels *[]string `json:"labels,omitempty"` + // ThreatTypes - Threat types + ThreatTypes *[]string `json:"threatTypes,omitempty"` + // ValidFrom - Valid from + ValidFrom *string `json:"validFrom,omitempty"` + // ValidUntil - Valid until + ValidUntil *string `json:"validUntil,omitempty"` + // Created - Created by + Created *string `json:"created,omitempty"` + // Modified - Modified by + Modified *string `json:"modified,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorProperties. +func (tiip ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if tiip.ThreatIntelligenceTags != nil { + objectMap["threatIntelligenceTags"] = tiip.ThreatIntelligenceTags + } + if tiip.LastUpdatedTimeUtc != nil { + objectMap["lastUpdatedTimeUtc"] = tiip.LastUpdatedTimeUtc + } + if tiip.Source != nil { + objectMap["source"] = tiip.Source + } + if tiip.DisplayName != nil { + objectMap["displayName"] = tiip.DisplayName + } + if tiip.Description != nil { + objectMap["description"] = tiip.Description + } + if tiip.IndicatorTypes != nil { + objectMap["indicatorTypes"] = tiip.IndicatorTypes + } + if tiip.Pattern != nil { + objectMap["pattern"] = tiip.Pattern + } + if tiip.PatternType != nil { + objectMap["patternType"] = tiip.PatternType + } + if tiip.KillChainPhases != nil { + objectMap["killChainPhases"] = tiip.KillChainPhases + } + if tiip.ExternalID != nil { + objectMap["externalId"] = tiip.ExternalID + } + if tiip.CreatedByRef != nil { + objectMap["createdByRef"] = tiip.CreatedByRef + } + if tiip.ExternalReferences != nil { + objectMap["externalReferences"] = tiip.ExternalReferences + } + if tiip.GranularMarkings != nil { + objectMap["granularMarkings"] = tiip.GranularMarkings + } + if tiip.Revoked != nil { + objectMap["revoked"] = tiip.Revoked + } + if tiip.Confidence != nil { + objectMap["confidence"] = tiip.Confidence + } + if tiip.Labels != nil { + objectMap["labels"] = tiip.Labels + } + if tiip.ThreatTypes != nil { + objectMap["threatTypes"] = tiip.ThreatTypes + } + if tiip.ValidFrom != nil { + objectMap["validFrom"] = tiip.ValidFrom + } + if tiip.ValidUntil != nil { + objectMap["validUntil"] = tiip.ValidUntil + } + if tiip.Created != nil { + objectMap["created"] = tiip.Created + } + if tiip.Modified != nil { + objectMap["modified"] = tiip.Modified + } + return json.Marshal(objectMap) +} + +// ThreatIntelligenceIndicatorWithoutReadOnlyFields threat intelligence indicator entity. +type ThreatIntelligenceIndicatorWithoutReadOnlyFields struct { + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties + *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"` + // Kind - The kind of the entity. + Kind *string `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorWithoutReadOnlyFields. +func (tiiwrof ThreatIntelligenceIndicatorWithoutReadOnlyFields) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if tiiwrof.Etag != nil { + objectMap["etag"] = tiiwrof.Etag + } + if tiiwrof.ThreatIntelligenceIndicatorProperties != nil { + objectMap["properties"] = tiiwrof.ThreatIntelligenceIndicatorProperties + } + if tiiwrof.Kind != nil { + objectMap["kind"] = tiiwrof.Kind + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorWithoutReadOnlyFields struct. +func (tiiwrof *ThreatIntelligenceIndicatorWithoutReadOnlyFields) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + tiiwrof.Etag = &etag + } + case "properties": + if v != nil { + var threatIntelligenceIndicatorProperties ThreatIntelligenceIndicatorProperties + err = json.Unmarshal(*v, &threatIntelligenceIndicatorProperties) + if err != nil { + return err + } + tiiwrof.ThreatIntelligenceIndicatorProperties = &threatIntelligenceIndicatorProperties + } + case "kind": + if v != nil { + var kind string + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + tiiwrof.Kind = &kind + } + } + } + + return nil +} + +// ThreatIntelligenceKillChainPhase describes threat kill chain phase entity +type ThreatIntelligenceKillChainPhase struct { + // KillChainName - Kill chainName name + KillChainName *string `json:"killChainName,omitempty"` + // PhaseName - Phase name + PhaseName *int32 `json:"phaseName,omitempty"` +} + +// ThreatIntelligenceMetric describes threat intelligence metric +type ThreatIntelligenceMetric struct { + // LastUpdatedTimeUtc - Time Metric + LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"` + // ThreatTypeMetrics - Threat type metrics + ThreatTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"threatTypeMetrics,omitempty"` + // PatternTypeMetrics - Pattern type metrics + PatternTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"patternTypeMetrics,omitempty"` + // SourceMetrics - Source metrics + SourceMetrics *[]ThreatIntelligenceMetricEntity `json:"sourceMetrics,omitempty"` +} + +// ThreatIntelligenceMetricEntity describes threat intelligence metric entity +type ThreatIntelligenceMetricEntity struct { + // MetricName - Metric name + MetricName *string `json:"metricName,omitempty"` + // MetricValue - Metric value + MetricValue *int32 `json:"metricValue,omitempty"` +} + +// ThreatIntelligenceMetricResource threat intelligence metric resource. +type ThreatIntelligenceMetricResource struct { + // Properties - Threat intelligence metric. + Properties *ThreatIntelligenceMetric `json:"properties,omitempty"` +} + +// ThreatIntelligenceMetricResourceList list of all the threat intelligence metric resource. +type ThreatIntelligenceMetricResourceList struct { + autorest.Response `json:"-"` + // Value - Array of threat intelligence metrics resource. + Value *[]ThreatIntelligenceMetricResource `json:"value,omitempty"` +} + +// BasicThreatIntelligenceResource threat intelligence resource. +type BasicThreatIntelligenceResource interface { + AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool) + AsThreatIntelligenceResource() (*ThreatIntelligenceResource, bool) +} + +// ThreatIntelligenceResource threat intelligence resource. +type ThreatIntelligenceResource struct { + autorest.Response `json:"-"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindThreatIntelligenceResource', 'KindIndicator' + Kind KindBasicThreatIntelligenceResource `json:"kind,omitempty"` +} + +func unmarshalBasicThreatIntelligenceResource(body []byte) (BasicThreatIntelligenceResource, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindIndicator): + var tiim ThreatIntelligenceIndicatorModel + err := json.Unmarshal(body, &tiim) + return tiim, err + default: + var tir ThreatIntelligenceResource + err := json.Unmarshal(body, &tir) + return tir, err + } +} +func unmarshalBasicThreatIntelligenceResourceArray(body []byte) ([]BasicThreatIntelligenceResource, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + tirArray := make([]BasicThreatIntelligenceResource, len(rawMessages)) + + for index, rawMessage := range rawMessages { + tir, err := unmarshalBasicThreatIntelligenceResource(*rawMessage) + if err != nil { + return nil, err + } + tirArray[index] = tir + } + return tirArray, nil +} + +// MarshalJSON is the custom marshaler for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) MarshalJSON() ([]byte, error) { + tir.Kind = KindThreatIntelligenceResource + objectMap := make(map[string]interface{}) + if tir.Etag != nil { + objectMap["etag"] = tir.Etag + } + if tir.Kind != "" { + objectMap["kind"] = tir.Kind + } + return json.Marshal(objectMap) +} + +// AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool) { + return nil, false +} + +// AsThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) AsThreatIntelligenceResource() (*ThreatIntelligenceResource, bool) { + return &tir, true +} + +// AsBasicThreatIntelligenceResource is the BasicThreatIntelligenceResource implementation for ThreatIntelligenceResource. +func (tir ThreatIntelligenceResource) AsBasicThreatIntelligenceResource() (BasicThreatIntelligenceResource, bool) { + return &tir, true +} + +// ThreatIntelligenceResourceKind1 describes an entity with kind. +type ThreatIntelligenceResourceKind1 struct { + // Kind - The kind of the entity. + Kind *string `json:"kind,omitempty"` +} + +// ThreatIntelligenceResourceList list of all the threat intelligence entities. +type ThreatIntelligenceResourceList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of entities. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of threat intelligence entities. + Value *[]BasicThreatIntelligenceResource `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for ThreatIntelligenceResourceList. +func (tirl ThreatIntelligenceResourceList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if tirl.Value != nil { + objectMap["value"] = tirl.Value + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceResourceList struct. +func (tirl *ThreatIntelligenceResourceList) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "nextLink": + if v != nil { + var nextLink string + err = json.Unmarshal(*v, &nextLink) + if err != nil { + return err + } + tirl.NextLink = &nextLink + } + case "value": + if v != nil { + value, err := unmarshalBasicThreatIntelligenceResourceArray(*v) + if err != nil { + return err + } + tirl.Value = &value + } + } + } + + return nil +} + +// ThreatIntelligenceResourceListIterator provides access to a complete listing of +// ThreatIntelligenceResource values. +type ThreatIntelligenceResourceListIterator struct { + i int + page ThreatIntelligenceResourceListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *ThreatIntelligenceResourceListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceResourceListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *ThreatIntelligenceResourceListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter ThreatIntelligenceResourceListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter ThreatIntelligenceResourceListIterator) Response() ThreatIntelligenceResourceList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter ThreatIntelligenceResourceListIterator) Value() BasicThreatIntelligenceResource { + if !iter.page.NotDone() { + return ThreatIntelligenceResource{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the ThreatIntelligenceResourceListIterator type. +func NewThreatIntelligenceResourceListIterator(page ThreatIntelligenceResourceListPage) ThreatIntelligenceResourceListIterator { + return ThreatIntelligenceResourceListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (tirl ThreatIntelligenceResourceList) IsEmpty() bool { + return tirl.Value == nil || len(*tirl.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (tirl ThreatIntelligenceResourceList) hasNextLink() bool { + return tirl.NextLink != nil && len(*tirl.NextLink) != 0 +} + +// threatIntelligenceResourceListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (tirl ThreatIntelligenceResourceList) threatIntelligenceResourceListPreparer(ctx context.Context) (*http.Request, error) { + if !tirl.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(tirl.NextLink))) +} + +// ThreatIntelligenceResourceListPage contains a page of BasicThreatIntelligenceResource values. +type ThreatIntelligenceResourceListPage struct { + fn func(context.Context, ThreatIntelligenceResourceList) (ThreatIntelligenceResourceList, error) + tirl ThreatIntelligenceResourceList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *ThreatIntelligenceResourceListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceResourceListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.tirl) + if err != nil { + return err + } + page.tirl = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *ThreatIntelligenceResourceListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page ThreatIntelligenceResourceListPage) NotDone() bool { + return !page.tirl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page ThreatIntelligenceResourceListPage) Response() ThreatIntelligenceResourceList { + return page.tirl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page ThreatIntelligenceResourceListPage) Values() []BasicThreatIntelligenceResource { + if page.tirl.IsEmpty() { + return nil + } + return *page.tirl.Value +} + +// Creates a new instance of the ThreatIntelligenceResourceListPage type. +func NewThreatIntelligenceResourceListPage(cur ThreatIntelligenceResourceList, getNextPage func(context.Context, ThreatIntelligenceResourceList) (ThreatIntelligenceResourceList, error)) ThreatIntelligenceResourceListPage { + return ThreatIntelligenceResourceListPage{ + fn: getNextPage, + tirl: cur, + } +} + +// ThreatIntelligenceResourceModel ... +type ThreatIntelligenceResourceModel struct { + autorest.Response `json:"-"` + Value BasicThreatIntelligenceResource `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceResourceModel struct. +func (tirm *ThreatIntelligenceResourceModel) UnmarshalJSON(body []byte) error { + tir, err := unmarshalBasicThreatIntelligenceResource(body) + if err != nil { + return err + } + tirm.Value = tir + + return nil +} + +// TICheckRequirements threat Intelligence Platforms data connector check requirements +type TICheckRequirements struct { + // TICheckRequirementsProperties - Threat Intelligence Platforms data connector check required properties + *TICheckRequirementsProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for TICheckRequirements. +func (tcr TICheckRequirements) MarshalJSON() ([]byte, error) { + tcr.Kind = KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence + objectMap := make(map[string]interface{}) + if tcr.TICheckRequirementsProperties != nil { + objectMap["properties"] = tcr.TICheckRequirementsProperties + } + if tcr.Kind != "" { + objectMap["kind"] = tcr.Kind + } + return json.Marshal(objectMap) +} + +// AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool) { + return nil, false +} + +// AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) { + return nil, false +} + +// AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool) { + return nil, false +} + +// AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) { + return nil, false +} + +// AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) { + return nil, false +} + +// AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) { + return nil, false +} + +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + +// AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { + return &tcr, true +} + +// AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) { + return nil, false +} + +// AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) { + return nil, false +} + +// AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements. +func (tcr TICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool) { + return &tcr, true +} + +// UnmarshalJSON is the custom unmarshaler for TICheckRequirements struct. +func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var tICheckRequirementsProperties TICheckRequirementsProperties + err = json.Unmarshal(*v, &tICheckRequirementsProperties) + if err != nil { + return err + } + tcr.TICheckRequirementsProperties = &tICheckRequirementsProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnectorsCheckRequirements + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + tcr.Kind = kind + } + } + } + + return nil +} + +// TICheckRequirementsProperties threat Intelligence Platforms data connector required properties. +type TICheckRequirementsProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// TIDataConnector data connector to pull threat intelligence data from TIP products. +type TIDataConnector struct { + // TIDataConnectorProperties - Threat Intelligence Platforms data connector properties. + *TIDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for TIDataConnector. +func (tdc TIDataConnector) MarshalJSON() ([]byte, error) { + tdc.Kind = KindThreatIntelligence + objectMap := make(map[string]interface{}) + if tdc.TIDataConnectorProperties != nil { + objectMap["properties"] = tdc.TIDataConnectorProperties + } + if tdc.Etag != nil { + objectMap["etag"] = tdc.Etag + } + if tdc.Kind != "" { + objectMap["kind"] = tdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} -// TIDataConnectorProperties TI (Threat Intelligence) data connector properties. +// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return &tdc, true +} + +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &tdc, true +} + +// UnmarshalJSON is the custom unmarshaler for TIDataConnector struct. +func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var tIDataConnectorProperties TIDataConnectorProperties + err = json.Unmarshal(*v, &tIDataConnectorProperties) + if err != nil { + return err + } + tdc.TIDataConnectorProperties = &tIDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + tdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + tdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + tdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + tdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + tdc.Kind = kind + } + } + } + + return nil +} + +// TIDataConnectorDataTypes the available data types for Threat Intelligence Platforms data connector. +type TIDataConnectorDataTypes struct { + // Indicators - Data type for Threat Intelligence Platforms data connector. + Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` +} + +// TIDataConnectorDataTypesIndicators data type for Threat Intelligence Platforms data connector. +type TIDataConnectorDataTypesIndicators struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// TIDataConnectorProperties threat Intelligence Platforms data connector properties. type TIDataConnectorProperties struct { // DataTypes - The available data types for the connector. DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"` @@ -12020,11 +14145,39 @@ type TIDataConnectorProperties struct { TenantID *string `json:"tenantId,omitempty"` } -// TiTaxiiCheckRequirements represents threat intelligence requirements check request. +// TimelineAggregation timeline aggregation information per kind +type TimelineAggregation struct { + // Count - the total items found for a kind + Count *int32 `json:"count,omitempty"` + // Kind - the query kind. Possible values include: 'EntityTimelineKindActivity', 'EntityTimelineKindBookmark', 'EntityTimelineKindSecurityAlert' + Kind EntityTimelineKind `json:"kind,omitempty"` +} + +// TimelineError timeline Query Errors. +type TimelineError struct { + // Kind - the query kind. Possible values include: 'EntityTimelineKindActivity', 'EntityTimelineKindBookmark', 'EntityTimelineKindSecurityAlert' + Kind EntityTimelineKind `json:"kind,omitempty"` + // QueryID - the query id + QueryID *string `json:"queryId,omitempty"` + // ErrorMessage - the error message + ErrorMessage *string `json:"errorMessage,omitempty"` +} + +// TimelineResultsMetadata expansion result metadata. +type TimelineResultsMetadata struct { + // TotalCount - the total items found for the timeline request + TotalCount *int32 `json:"totalCount,omitempty"` + // Aggregations - timeline aggregation per kind + Aggregations *[]TimelineAggregation `json:"aggregations,omitempty"` + // Errors - information about the failure queries + Errors *[]TimelineError `json:"errors,omitempty"` +} + +// TiTaxiiCheckRequirements threat Intelligence TAXII data connector check requirements type TiTaxiiCheckRequirements struct { - // TiTaxiiCheckRequirementsProperties - Ti Taxii (Threat Intelligence Taxii) requirements check properties. + // TiTaxiiCheckRequirementsProperties - Threat Intelligence TAXII check required properties. *TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"` - // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` } @@ -12071,6 +14224,11 @@ func (ttcr TiTaxiiCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequ return nil, false } +// AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. +func (ttcr TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) { + return nil, false +} + // AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements. func (ttcr TiTaxiiCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool) { return nil, false @@ -12124,15 +14282,15 @@ func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error { return nil } -// TiTaxiiCheckRequirementsProperties threat Intelligence taxii client data connector properties. +// TiTaxiiCheckRequirementsProperties threat Intelligence TAXII data connector required properties. type TiTaxiiCheckRequirementsProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` } -// TiTaxiiDataConnector represents threat intelligence taxii data connector. +// TiTaxiiDataConnector data connector to pull Threat intelligence data from TAXII 2.0/2.1 server type TiTaxiiDataConnector struct { - // TiTaxiiDataConnectorProperties - Threat intelligence taxii client data connector properties. + // TiTaxiiDataConnectorProperties - Threat intelligence TAXII data connector properties. *TiTaxiiDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` @@ -12142,7 +14300,7 @@ type TiTaxiiDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -12192,33 +14350,196 @@ func (ttdc TiTaxiiDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bo return nil, false } -// AsOfficeDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsOfficeATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return &ttdc, true +} + +// AsDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &ttdc, true +} + +// UnmarshalJSON is the custom unmarshaler for TiTaxiiDataConnector struct. +func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var tiTaxiiDataConnectorProperties TiTaxiiDataConnectorProperties + err = json.Unmarshal(*v, &tiTaxiiDataConnectorProperties) + if err != nil { + return err + } + ttdc.TiTaxiiDataConnectorProperties = &tiTaxiiDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ttdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ttdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ttdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ttdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ttdc.Kind = kind + } + } + } + + return nil +} + +// TiTaxiiDataConnectorDataTypes the available data types for Threat Intelligence TAXII data connector. +type TiTaxiiDataConnectorDataTypes struct { + // TaxiiClient - Data type for TAXII connector. + TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"` +} + +// TiTaxiiDataConnectorDataTypesTaxiiClient data type for TAXII connector. +type TiTaxiiDataConnectorDataTypesTaxiiClient struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// TiTaxiiDataConnectorProperties threat Intelligence TAXII data connector properties. +type TiTaxiiDataConnectorProperties struct { + // WorkspaceID - The workspace id. + WorkspaceID *string `json:"workspaceId,omitempty"` + // FriendlyName - The friendly name for the TAXII server. + FriendlyName *string `json:"friendlyName,omitempty"` + // TaxiiServer - The API root for the TAXII server. + TaxiiServer *string `json:"taxiiServer,omitempty"` + // CollectionID - The collection id of the TAXII server. + CollectionID *string `json:"collectionId,omitempty"` + // UserName - The userName for the TAXII server. + UserName *string `json:"userName,omitempty"` + // Password - The password for the TAXII server. + Password *string `json:"password,omitempty"` + // DataTypes - The available data types for Threat Intelligence TAXII data connector. + DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// Ueba settings with single toggle. +type Ueba struct { + // UebaProperties - Ueba properties + *UebaProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' + Kind KindBasicSettings `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for Ueba. +func (u Ueba) MarshalJSON() ([]byte, error) { + u.Kind = KindUeba + objectMap := make(map[string]interface{}) + if u.UebaProperties != nil { + objectMap["properties"] = u.UebaProperties + } + if u.Etag != nil { + objectMap["etag"] = u.Etag + } + if u.Kind != "" { + objectMap["kind"] = u.Kind + } + return json.Marshal(objectMap) +} + +// AsEyesOn is the BasicSettings implementation for Ueba. +func (u Ueba) AsEyesOn() (*EyesOn, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsEntityAnalytics is the BasicSettings implementation for Ueba. +func (u Ueba) AsEntityAnalytics() (*EntityAnalytics, bool) { return nil, false } -// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { - return &ttdc, true +// AsUeba is the BasicSettings implementation for Ueba. +func (u Ueba) AsUeba() (*Ueba, bool) { + return &u, true } -// AsDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsSettings is the BasicSettings implementation for Ueba. +func (u Ueba) AsSettings() (*Settings, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. -func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &ttdc, true +// AsBasicSettings is the BasicSettings implementation for Ueba. +func (u Ueba) AsBasicSettings() (BasicSettings, bool) { + return &u, true } -// UnmarshalJSON is the custom unmarshaler for TiTaxiiDataConnector struct. -func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for Ueba struct. +func (u *Ueba) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -12228,12 +14549,12 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var tiTaxiiDataConnectorProperties TiTaxiiDataConnectorProperties - err = json.Unmarshal(*v, &tiTaxiiDataConnectorProperties) + var uebaProperties UebaProperties + err = json.Unmarshal(*v, &uebaProperties) if err != nil { return err } - ttdc.TiTaxiiDataConnectorProperties = &tiTaxiiDataConnectorProperties + u.UebaProperties = &uebaProperties } case "id": if v != nil { @@ -12242,7 +14563,7 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - ttdc.ID = &ID + u.ID = &ID } case "name": if v != nil { @@ -12251,7 +14572,7 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - ttdc.Name = &name + u.Name = &name } case "type": if v != nil { @@ -12260,7 +14581,7 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - ttdc.Type = &typeVar + u.Type = &typeVar } case "etag": if v != nil { @@ -12269,16 +14590,16 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - ttdc.Etag = &etag + u.Etag = &etag } case "kind": if v != nil { - var kind KindBasicDataConnector + var kind KindBasicSettings err = json.Unmarshal(*v, &kind) if err != nil { return err } - ttdc.Kind = kind + u.Kind = kind } } } @@ -12286,36 +14607,10 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { return nil } -// TiTaxiiDataConnectorDataTypes the available data types for Threat Intelligence taxii client data connector. -type TiTaxiiDataConnectorDataTypes struct { - // TaxiiClient - Data type for taxii client. - TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"` -} - -// TiTaxiiDataConnectorDataTypesTaxiiClient data type for taxii client. -type TiTaxiiDataConnectorDataTypesTaxiiClient struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` -} - -// TiTaxiiDataConnectorProperties threat Intelligence taxii client data connector properties. -type TiTaxiiDataConnectorProperties struct { - // WorkspaceID - The workspace id. - WorkspaceID *string `json:"workspaceId,omitempty"` - // FriendlyName - The friendly name for taxii client connector. - FriendlyName *string `json:"friendlyName,omitempty"` - // TaxiiServer - The API root server for taxii client. - TaxiiServer *string `json:"taxiiServer,omitempty"` - // CollectionID - The taxii collection id. - CollectionID *string `json:"collectionId,omitempty"` - // UserName - The taxii server user name. - UserName *string `json:"userName,omitempty"` - // Password - The taxii server password. - Password *string `json:"password,omitempty"` - // DataTypes - The available data types for the connector. - DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"` - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` +// UebaProperties ueba property bag. +type UebaProperties struct { + // DataSources - The relevant data sources that enriched by ueba + DataSources *[]UebaDataSources `json:"dataSources,omitempty"` } // URLEntity represents a url entity. @@ -12328,7 +14623,7 @@ type URLEntity struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -12380,6 +14675,16 @@ func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } +// AsHuntingBookmark is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsHuntingBookmark() (*HuntingBookmark, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + // AsIPEntity is the BasicEntity implementation for URLEntity. func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { return nil, false @@ -12405,11 +14710,6 @@ func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - // AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false @@ -12529,3 +14829,298 @@ func (UI UserInfo) MarshalJSON() ([]byte, error) { } return json.Marshal(objectMap) } + +// Watchlist represents a Watchlist in Azure Security Insights. +type Watchlist struct { + autorest.Response `json:"-"` + // WatchlistProperties - Watchlist properties + *WatchlistProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for Watchlist. +func (w Watchlist) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if w.WatchlistProperties != nil { + objectMap["properties"] = w.WatchlistProperties + } + if w.Etag != nil { + objectMap["etag"] = w.Etag + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for Watchlist struct. +func (w *Watchlist) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var watchlistProperties WatchlistProperties + err = json.Unmarshal(*v, &watchlistProperties) + if err != nil { + return err + } + w.WatchlistProperties = &watchlistProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + w.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + w.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + w.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + w.Etag = &etag + } + } + } + + return nil +} + +// WatchlistList list all the watchlists. +type WatchlistList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of watchlists. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of watchlist. + Value *[]Watchlist `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for WatchlistList. +func (wl WatchlistList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if wl.Value != nil { + objectMap["value"] = wl.Value + } + return json.Marshal(objectMap) +} + +// WatchlistListIterator provides access to a complete listing of Watchlist values. +type WatchlistListIterator struct { + i int + page WatchlistListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *WatchlistListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *WatchlistListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter WatchlistListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter WatchlistListIterator) Response() WatchlistList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter WatchlistListIterator) Value() Watchlist { + if !iter.page.NotDone() { + return Watchlist{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the WatchlistListIterator type. +func NewWatchlistListIterator(page WatchlistListPage) WatchlistListIterator { + return WatchlistListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (wl WatchlistList) IsEmpty() bool { + return wl.Value == nil || len(*wl.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (wl WatchlistList) hasNextLink() bool { + return wl.NextLink != nil && len(*wl.NextLink) != 0 +} + +// watchlistListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (wl WatchlistList) watchlistListPreparer(ctx context.Context) (*http.Request, error) { + if !wl.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(wl.NextLink))) +} + +// WatchlistListPage contains a page of Watchlist values. +type WatchlistListPage struct { + fn func(context.Context, WatchlistList) (WatchlistList, error) + wl WatchlistList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *WatchlistListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.wl) + if err != nil { + return err + } + page.wl = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *WatchlistListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page WatchlistListPage) NotDone() bool { + return !page.wl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page WatchlistListPage) Response() WatchlistList { + return page.wl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page WatchlistListPage) Values() []Watchlist { + if page.wl.IsEmpty() { + return nil + } + return *page.wl.Value +} + +// Creates a new instance of the WatchlistListPage type. +func NewWatchlistListPage(cur WatchlistList, getNextPage func(context.Context, WatchlistList) (WatchlistList, error)) WatchlistListPage { + return WatchlistListPage{ + fn: getNextPage, + wl: cur, + } +} + +// WatchlistProperties describes watchlist properties +type WatchlistProperties struct { + // WatchlistID - The id (a Guid) of the watchlist + WatchlistID *string `json:"watchlistId,omitempty"` + // DisplayName - The display name of the watchlist + DisplayName *string `json:"displayName,omitempty"` + // Provider - The provider of the watchlist + Provider *string `json:"provider,omitempty"` + // Source - The source of the watchlist. Possible values include: 'Localfile', 'Remotestorage' + Source Source `json:"source,omitempty"` + // Created - The time the watchlist was created + Created *date.Time `json:"created,omitempty"` + // Updated - The last time the watchlist was updated + Updated *date.Time `json:"updated,omitempty"` + // CreatedBy - Describes a user that created the watchlist + CreatedBy *UserInfo `json:"createdBy,omitempty"` + // UpdatedBy - Describes a user that updated the watchlist + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` + // Description - A description of the watchlist + Description *string `json:"description,omitempty"` + // WatchlistType - The type of the watchlist + WatchlistType *string `json:"watchlistType,omitempty"` + // WatchlistAlias - The alias of the watchlist + WatchlistAlias *string `json:"watchlistAlias,omitempty"` + // IsDeleted - A flag that indicates if the watchlist is deleted or not + IsDeleted *bool `json:"isDeleted,omitempty"` + // Labels - List of labels relevant to this watchlist + Labels *[]string `json:"labels,omitempty"` + // DefaultDuration - The default duration of a watchlist (in ISO 8601 duration format) + DefaultDuration *string `json:"defaultDuration,omitempty"` + // TenantID - The tenantId where the watchlist belongs to + TenantID *string `json:"tenantId,omitempty"` + // NumberOfLinesToSkip - The number of lines in a csv/tsv content to skip before the header + NumberOfLinesToSkip *int32 `json:"numberOfLinesToSkip,omitempty"` + // RawContent - The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint + RawContent *string `json:"rawContent,omitempty"` + // ContentType - The content type of the raw content. Example : text/csv or text/tsv + ContentType *string `json:"contentType,omitempty"` +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go index 6532d75ba193..7feddaab598b 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/productsettings.go @@ -49,7 +49,7 @@ func NewProductSettingsClientWithBaseURI(baseURI string, subscriptionID string) // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -// settingsName - the setting name. Supports- EyesOn +// settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba func (client ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result autorest.Response, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/ProductSettingsClient.Delete") @@ -142,7 +142,7 @@ func (client ProductSettingsClient) DeleteResponder(resp *http.Response) (result // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -// settingsName - the setting name. Supports- EyesOn +// settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result SettingsModel, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/ProductSettingsClient.Get") @@ -328,7 +328,7 @@ func (client ProductSettingsClient) GetAllResponder(resp *http.Response) (result // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -// settingsName - the setting name. Supports- EyesOn +// settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba // settings - the setting func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (result SettingsModel, err error) { if tracing.IsEnabled() { diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go index 5361049635dc..6c079602b161 100644 --- a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/securityinsightapi/interfaces.go @@ -23,6 +23,13 @@ import ( "github.com/Azure/go-autorest/autorest" ) +// BaseClientAPI contains the set of methods on the BaseClient type. +type BaseClientAPI interface { + CreateThreatIntelligence(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceIndicatorObjectToUpsert securityinsight.ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result securityinsight.ThreatIntelligenceResourceModel, err error) +} + +var _ BaseClientAPI = (*securityinsight.BaseClient)(nil) + // OperationsClientAPI contains the set of methods on the OperationsClient type. type OperationsClientAPI interface { List(ctx context.Context) (result securityinsight.OperationsListPage, err error) @@ -157,6 +164,13 @@ type EntitiesClientAPI interface { var _ EntitiesClientAPI = (*securityinsight.EntitiesClient)(nil) +// EntitiesGetTimelineClientAPI contains the set of methods on the EntitiesGetTimelineClient type. +type EntitiesGetTimelineClientAPI interface { + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters securityinsight.EntityTimelineParameters) (result securityinsight.EntityTimelineResponse, err error) +} + +var _ EntitiesGetTimelineClientAPI = (*securityinsight.EntitiesGetTimelineClient)(nil) + // EntitiesRelationsClientAPI contains the set of methods on the EntitiesRelationsClient type. type EntitiesRelationsClientAPI interface { List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.RelationListPage, err error) @@ -215,6 +229,9 @@ type IncidentsClientAPI interface { Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result securityinsight.Incident, err error) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentListPage, err error) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentListIterator, err error) + ListOfAlerts(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result securityinsight.IncidentAlertList, err error) + ListOfBookmarks(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result securityinsight.IncidentBookmarkList, err error) + ListOfEntities(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result securityinsight.IncidentEntitiesResponse, err error) } var _ IncidentsClientAPI = (*securityinsight.IncidentsClient)(nil) @@ -222,6 +239,7 @@ var _ IncidentsClientAPI = (*securityinsight.IncidentsClient)(nil) // IncidentCommentsClientAPI contains the set of methods on the IncidentCommentsClient type. type IncidentCommentsClientAPI interface { CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string, incidentComment securityinsight.IncidentComment) (result securityinsight.IncidentComment, err error) + DeleteComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result autorest.Response, err error) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result securityinsight.IncidentComment, err error) ListByIncident(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentCommentListPage, err error) ListByIncidentComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentCommentListIterator, err error) @@ -239,3 +257,54 @@ type IncidentRelationsClientAPI interface { } var _ IncidentRelationsClientAPI = (*securityinsight.IncidentRelationsClient)(nil) + +// WatchlistsClientAPI contains the set of methods on the WatchlistsClient type. +type WatchlistsClientAPI interface { + Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist securityinsight.Watchlist) (result securityinsight.Watchlist, err error) + Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result securityinsight.Watchlist, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.WatchlistListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.WatchlistListIterator, err error) +} + +var _ WatchlistsClientAPI = (*securityinsight.WatchlistsClient)(nil) + +// ThreatIntelligenceIndicatorsClientAPI contains the set of methods on the ThreatIntelligenceIndicatorsClient type. +type ThreatIntelligenceIndicatorsClientAPI interface { + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result securityinsight.ThreatIntelligenceResourceListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result securityinsight.ThreatIntelligenceResourceListIterator, err error) +} + +var _ ThreatIntelligenceIndicatorsClientAPI = (*securityinsight.ThreatIntelligenceIndicatorsClient)(nil) + +// ThreatIntelligenceIndicatorClientAPI contains the set of methods on the ThreatIntelligenceIndicatorClient type. +type ThreatIntelligenceIndicatorClientAPI interface { + AppendTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTagsRequestBody securityinsight.ThreatIntelligenceAppendTagsRequestBody) (result autorest.Response, err error) + Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result securityinsight.ThreatIntelligenceResourceModel, err error) + ReplaceTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTagsModel securityinsight.ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result securityinsight.ThreatIntelligenceResourceModel, err error) +} + +var _ ThreatIntelligenceIndicatorClientAPI = (*securityinsight.ThreatIntelligenceIndicatorClient)(nil) + +// ThreatIntelligenceIndicatorUpsertClientAPI contains the set of methods on the ThreatIntelligenceIndicatorUpsertClient type. +type ThreatIntelligenceIndicatorUpsertClientAPI interface { + Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceIndicatorObjectToUpsert securityinsight.ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result securityinsight.ThreatIntelligenceResourceModel, err error) +} + +var _ ThreatIntelligenceIndicatorUpsertClientAPI = (*securityinsight.ThreatIntelligenceIndicatorUpsertClient)(nil) + +// ThreatIntelligenceIndicatorsListClientAPI contains the set of methods on the ThreatIntelligenceIndicatorsListClient type. +type ThreatIntelligenceIndicatorsListClientAPI interface { + Query(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery securityinsight.ThreatIntelligenceArmStixQuery) (result securityinsight.ThreatIntelligenceResourceListPage, err error) + QueryComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery securityinsight.ThreatIntelligenceArmStixQuery) (result securityinsight.ThreatIntelligenceResourceListIterator, err error) +} + +var _ ThreatIntelligenceIndicatorsListClientAPI = (*securityinsight.ThreatIntelligenceIndicatorsListClient)(nil) + +// ThreatIntelligenceIndicatorMetricsClientAPI contains the set of methods on the ThreatIntelligenceIndicatorMetricsClient type. +type ThreatIntelligenceIndicatorMetricsClientAPI interface { + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ctiEntityKind string) (result securityinsight.ThreatIntelligenceMetricResourceList, err error) +} + +var _ ThreatIntelligenceIndicatorMetricsClientAPI = (*securityinsight.ThreatIntelligenceIndicatorMetricsClient)(nil) diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicator.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicator.go new file mode 100644 index 000000000000..32e58973dfc1 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicator.go @@ -0,0 +1,425 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource +// provider +type ThreatIntelligenceIndicatorClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorClient creates an instance of the ThreatIntelligenceIndicatorClient client. +func NewThreatIntelligenceIndicatorClient(subscriptionID string) ThreatIntelligenceIndicatorClient { + return NewThreatIntelligenceIndicatorClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorClient client +// using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign +// clouds, Azure stack). +func NewThreatIntelligenceIndicatorClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorClient { + return ThreatIntelligenceIndicatorClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// AppendTags append tags to a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +// threatIntelligenceAppendTagsRequestBody - the threat intelligence append tags request body +func (client ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTagsRequestBody ThreatIntelligenceAppendTagsRequestBody) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.AppendTags") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", err.Error()) + } + + req, err := client.AppendTagsPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceAppendTagsRequestBody) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", nil, "Failure preparing request") + return + } + + resp, err := client.AppendTagsSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", resp, "Failure sending request") + return + } + + result, err = client.AppendTagsResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", resp, "Failure responding to request") + } + + return +} + +// AppendTagsPreparer prepares the AppendTags request. +func (client ThreatIntelligenceIndicatorClient) AppendTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTagsRequestBody ThreatIntelligenceAppendTagsRequestBody) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags", pathParameters), + autorest.WithJSON(threatIntelligenceAppendTagsRequestBody), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// AppendTagsSender sends the AppendTags request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) AppendTagsSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// AppendTagsResponder handles the response to the AppendTags request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) AppendTagsResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByClosing()) + result.Response = resp + return +} + +// Delete delete a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +func (client ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", resp, "Failure responding to request") + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client ThreatIntelligenceIndicatorClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets a threat intelligence indicator. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +func (client ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client ThreatIntelligenceIndicatorClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) GetResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ReplaceTags replace tags to a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +// threatIntelligenceReplaceTagsModel - the threat intelligence entity properties for updating tags +func (client ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTagsModel ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.ReplaceTags") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", err.Error()) + } + + req, err := client.ReplaceTagsPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceReplaceTagsModel) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", nil, "Failure preparing request") + return + } + + resp, err := client.ReplaceTagsSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", resp, "Failure sending request") + return + } + + result, err = client.ReplaceTagsResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", resp, "Failure responding to request") + } + + return +} + +// ReplaceTagsPreparer prepares the ReplaceTags request. +func (client ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTagsModel ThreatIntelligenceIndicatorWithoutReadOnlyFields) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags", pathParameters), + autorest.WithJSON(threatIntelligenceReplaceTagsModel), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ReplaceTagsSender sends the ReplaceTags request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorClient) ReplaceTagsSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ReplaceTagsResponder handles the response to the ReplaceTags request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorClient) ReplaceTagsResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatormetrics.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatormetrics.go new file mode 100644 index 000000000000..a0c43dce18be --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatormetrics.go @@ -0,0 +1,142 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorMetricsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) +// resource provider +type ThreatIntelligenceIndicatorMetricsClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorMetricsClient creates an instance of the ThreatIntelligenceIndicatorMetricsClient +// client. +func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string) ThreatIntelligenceIndicatorMetricsClient { + return NewThreatIntelligenceIndicatorMetricsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorMetricsClientWithBaseURI creates an instance of the +// ThreatIntelligenceIndicatorMetricsClient client using a custom endpoint. Use this when interacting with an Azure +// cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorMetricsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorMetricsClient { + return ThreatIntelligenceIndicatorMetricsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Get get the threat intelligence metrics. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// ctiEntityKind - the threat intelligence entity kind +func (client ThreatIntelligenceIndicatorMetricsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ctiEntityKind string) (result ThreatIntelligenceMetricResourceList, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorMetricsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, ctiEntityKind) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorMetricsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client ThreatIntelligenceIndicatorMetricsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ctiEntityKind string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(ctiEntityKind) > 0 { + queryParameters["ctiEntityKind"] = autorest.Encode("query", ctiEntityKind) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorMetricsClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorMetricsClient) GetResponder(resp *http.Response) (result ThreatIntelligenceMetricResourceList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicators.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicators.go new file mode 100644 index 000000000000..df15c650aed4 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicators.go @@ -0,0 +1,196 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource +// provider +type ThreatIntelligenceIndicatorsClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorsClient creates an instance of the ThreatIntelligenceIndicatorsClient client. +func NewThreatIntelligenceIndicatorsClient(subscriptionID string) ThreatIntelligenceIndicatorsClient { + return NewThreatIntelligenceIndicatorsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorsClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorsClient +// client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI +// (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorsClient { + return ThreatIntelligenceIndicatorsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// List gets all threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// filter - filters the results, based on a Boolean condition. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +// orderby - sorts the results. Optional. +func (client ThreatIntelligenceIndicatorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceResourceListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsClient.List") + defer func() { + sc := -1 + if result.tirl.Response.Response != nil { + sc = result.tirl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, top, skipToken, orderby) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.tirl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "List", resp, "Failure sending request") + return + } + + result.tirl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "List", resp, "Failure responding to request") + } + if result.tirl.hasNextLink() && result.tirl.IsEmpty() { + err = result.NextWithContext(ctx) + } + + return +} + +// ListPreparer prepares the List request. +func (client ThreatIntelligenceIndicatorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorsClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorsClient) ListResponder(resp *http.Response) (result ThreatIntelligenceResourceList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client ThreatIntelligenceIndicatorsClient) listNextResults(ctx context.Context, lastResults ThreatIntelligenceResourceList) (result ThreatIntelligenceResourceList, err error) { + req, err := lastResults.threatIntelligenceResourceListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client ThreatIntelligenceIndicatorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceResourceListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, top, skipToken, orderby) + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorslist.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorslist.go new file mode 100644 index 000000000000..7d20722c3ac5 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorslist.go @@ -0,0 +1,181 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorsListClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) +// resource provider +type ThreatIntelligenceIndicatorsListClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorsListClient creates an instance of the ThreatIntelligenceIndicatorsListClient client. +func NewThreatIntelligenceIndicatorsListClient(subscriptionID string) ThreatIntelligenceIndicatorsListClient { + return NewThreatIntelligenceIndicatorsListClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorsListClientWithBaseURI creates an instance of the +// ThreatIntelligenceIndicatorsListClient client using a custom endpoint. Use this when interacting with an Azure +// cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorsListClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorsListClient { + return ThreatIntelligenceIndicatorsListClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Query query all threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// threatIntelligenceArmStixQuery - the threat intelligence ARM STIX query +func (client ThreatIntelligenceIndicatorsListClient) Query(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery ThreatIntelligenceArmStixQuery) (result ThreatIntelligenceResourceListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsListClient.Query") + defer func() { + sc := -1 + if result.tirl.Response.Response != nil { + sc = result.tirl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", err.Error()) + } + + result.fn = client.queryNextResults + req, err := client.QueryPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceArmStixQuery) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", nil, "Failure preparing request") + return + } + + resp, err := client.QuerySender(req) + if err != nil { + result.tirl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", resp, "Failure sending request") + return + } + + result.tirl, err = client.QueryResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "Query", resp, "Failure responding to request") + } + if result.tirl.hasNextLink() && result.tirl.IsEmpty() { + err = result.NextWithContext(ctx) + } + + return +} + +// QueryPreparer prepares the Query request. +func (client ThreatIntelligenceIndicatorsListClient) QueryPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery ThreatIntelligenceArmStixQuery) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators", pathParameters), + autorest.WithJSON(threatIntelligenceArmStixQuery), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// QuerySender sends the Query request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorsListClient) QuerySender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// QueryResponder handles the response to the Query request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorsListClient) QueryResponder(resp *http.Response) (result ThreatIntelligenceResourceList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// queryNextResults retrieves the next set of results, if any. +func (client ThreatIntelligenceIndicatorsListClient) queryNextResults(ctx context.Context, lastResults ThreatIntelligenceResourceList) (result ThreatIntelligenceResourceList, err error) { + req, err := lastResults.threatIntelligenceResourceListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "queryNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.QuerySender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "queryNextResults", resp, "Failure sending next results request") + } + result, err = client.QueryResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorsListClient", "queryNextResults", resp, "Failure responding to next results request") + } + return +} + +// QueryComplete enumerates all values, automatically crossing page boundaries as required. +func (client ThreatIntelligenceIndicatorsListClient) QueryComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceArmStixQuery ThreatIntelligenceArmStixQuery) (result ThreatIntelligenceResourceListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorsListClient.Query") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.Query(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceArmStixQuery) + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorupsert.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorupsert.go new file mode 100644 index 000000000000..ffe9d1351a98 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/threatintelligenceindicatorupsert.go @@ -0,0 +1,143 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ThreatIntelligenceIndicatorUpsertClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) +// resource provider +type ThreatIntelligenceIndicatorUpsertClient struct { + BaseClient +} + +// NewThreatIntelligenceIndicatorUpsertClient creates an instance of the ThreatIntelligenceIndicatorUpsertClient +// client. +func NewThreatIntelligenceIndicatorUpsertClient(subscriptionID string) ThreatIntelligenceIndicatorUpsertClient { + return NewThreatIntelligenceIndicatorUpsertClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewThreatIntelligenceIndicatorUpsertClientWithBaseURI creates an instance of the +// ThreatIntelligenceIndicatorUpsertClient client using a custom endpoint. Use this when interacting with an Azure +// cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewThreatIntelligenceIndicatorUpsertClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorUpsertClient { + return ThreatIntelligenceIndicatorUpsertClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Create upsert a threat intelligence. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// name - threat Intelligence Identifier +// threatIntelligenceIndicatorObjectToUpsert - the threat intelligence entity properties for upsert +func (client ThreatIntelligenceIndicatorUpsertClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (result ThreatIntelligenceResourceModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorUpsertClient.Create") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", err.Error()) + } + + req, err := client.CreatePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceIndicatorObjectToUpsert) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", nil, "Failure preparing request") + return + } + + resp, err := client.CreateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", resp, "Failure sending request") + return + } + + result, err = client.CreateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorUpsertClient", "Create", resp, "Failure responding to request") + } + + return +} + +// CreatePreparer prepares the Create request. +func (client ThreatIntelligenceIndicatorUpsertClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceIndicatorObjectToUpsert ThreatIntelligenceIndicatorWithoutReadOnlyFields) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "name": autorest.Encode("path", name), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), + autorest.WithJSON(threatIntelligenceIndicatorObjectToUpsert), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateSender sends the Create request. The method will close the +// http.Response Body if it receives an error. +func (client ThreatIntelligenceIndicatorUpsertClient) CreateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateResponder handles the response to the Create request. The method always +// closes the http.Response Body. +func (client ThreatIntelligenceIndicatorUpsertClient) CreateResponder(resp *http.Response) (result ThreatIntelligenceResourceModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/watchlists.go b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/watchlists.go new file mode 100644 index 000000000000..22abf97f05a3 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight/watchlists.go @@ -0,0 +1,467 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// WatchlistsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type WatchlistsClient struct { + BaseClient +} + +// NewWatchlistsClient creates an instance of the WatchlistsClient client. +func NewWatchlistsClient(subscriptionID string) WatchlistsClient { + return NewWatchlistsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewWatchlistsClientWithBaseURI creates an instance of the WatchlistsClient client using a custom endpoint. Use this +// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewWatchlistsClientWithBaseURI(baseURI string, subscriptionID string) WatchlistsClient { + return WatchlistsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Create creates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a +// Watchlist and its Items, we should call this endpoint twice : the first call will create am empty Watchlist, and the +// second one will create its Items. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// watchlistAlias - watchlist Alias +// watchlist - the watchlist +func (client WatchlistsClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (result Watchlist, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.Create") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: watchlist, + Constraints: []validation.Constraint{{Target: "watchlist.WatchlistProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "watchlist.WatchlistProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "watchlist.WatchlistProperties.Provider", Name: validation.Null, Rule: true, Chain: nil}, + }}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "Create", err.Error()) + } + + req, err := client.CreatePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, watchlistAlias, watchlist) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Create", nil, "Failure preparing request") + return + } + + resp, err := client.CreateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Create", resp, "Failure sending request") + return + } + + result, err = client.CreateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Create", resp, "Failure responding to request") + } + + return +} + +// CreatePreparer prepares the Create request. +func (client WatchlistsClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "watchlistAlias": autorest.Encode("path", watchlistAlias), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", pathParameters), + autorest.WithJSON(watchlist), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateSender sends the Create request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) CreateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateResponder handles the response to the Create request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) CreateResponder(resp *http.Response) (result Watchlist, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete delete a watchlist. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// watchlistAlias - watchlist Alias +func (client WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, watchlistAlias) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Delete", resp, "Failure responding to request") + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client WatchlistsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "watchlistAlias": autorest.Encode("path", watchlistAlias), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets a watchlist, without its watchlist items. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// watchlistAlias - watchlist Alias +func (client WatchlistsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result Watchlist, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, watchlistAlias) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client WatchlistsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "watchlistAlias": autorest.Encode("path", watchlistAlias), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) GetResponder(resp *http.Response) (result Watchlist, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all watchlists, without watchlist items. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +func (client WatchlistsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.List") + defer func() { + sc := -1 + if result.wl.Response.Response != nil { + sc = result.wl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.WatchlistsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.wl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "List", resp, "Failure sending request") + return + } + + result.wl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "List", resp, "Failure responding to request") + } + if result.wl.hasNextLink() && result.wl.IsEmpty() { + err = result.NextWithContext(ctx) + } + + return +} + +// ListPreparer prepares the List request. +func (client WatchlistsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client WatchlistsClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client WatchlistsClient) ListResponder(resp *http.Response) (result WatchlistList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client WatchlistsClient) listNextResults(ctx context.Context, lastResults WatchlistList) (result WatchlistList, err error) { + req, err := lastResults.watchlistListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.WatchlistsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client WatchlistsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/WatchlistsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + return +}