diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go index b3dbd8e93239..a4ac3ec5e0f2 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go @@ -233,15 +233,15 @@ const ( type Kind = original.Kind const ( - KindAlertRule Kind = original.KindAlertRule - KindScheduled Kind = original.KindScheduled + KindAggregations Kind = original.KindAggregations + KindCasesAggregation Kind = original.KindCasesAggregation ) -type KindBasicAggregations = original.KindBasicAggregations +type KindBasicAlertRule = original.KindBasicAlertRule const ( - KindAggregations KindBasicAggregations = original.KindAggregations - KindCasesAggregation KindBasicAggregations = original.KindCasesAggregation + KindAlertRule KindBasicAlertRule = original.KindAlertRule + KindScheduled KindBasicAlertRule = original.KindScheduled ) type KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplate @@ -761,12 +761,12 @@ func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { func PossibleKillChainIntentValues() []KillChainIntent { return original.PossibleKillChainIntentValues() } -func PossibleKindBasicAggregationsValues() []KindBasicAggregations { - return original.PossibleKindBasicAggregationsValues() -} func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { return original.PossibleKindBasicAlertRuleTemplateValues() } +func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule { + return original.PossibleKindBasicAlertRuleValues() +} func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { return original.PossibleKindBasicDataConnectorValues() } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go index d324696ba926..20f8c8a83f39 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go @@ -73,12 +73,12 @@ func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupN {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, {TargetValue: bookmark, Constraints: []validation.Constraint{{Target: "bookmark.BookmarkProperties", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, - {Target: "bookmark.BookmarkProperties.CreatedBy", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + {Target: "bookmark.BookmarkProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "bookmark.BookmarkProperties.Query", Name: validation.Null, Rule: true, Chain: nil}, {Target: "bookmark.BookmarkProperties.UpdatedBy", Name: validation.Null, Rule: false, Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.UpdatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, - {Target: "bookmark.BookmarkProperties.Query", Name: validation.Null, Rule: true, Chain: nil}, }}}}}); err != nil { return result, validation.NewError("securityinsight.BookmarksClient", "CreateOrUpdate", err.Error()) } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go index 5f4bc4d1c106..7b2b21a07030 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go @@ -73,10 +73,10 @@ func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, {TargetValue: caseParameter, Constraints: []validation.Constraint{{Target: "caseParameter.CaseProperties", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.StartTimeUtc", Name: validation.Null, Rule: true, Chain: nil}, + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Owner", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Owner.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + {Target: "caseParameter.CaseProperties.StartTimeUtc", Name: validation.Null, Rule: true, Chain: nil}, {Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}, - {Target: "caseParameter.CaseProperties.Owner", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Owner.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, }}}}}); err != nil { return result, validation.NewError("securityinsight.CasesClient", "CreateOrUpdate", err.Error()) } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index a36a38b88823..be357c417018 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -496,30 +496,30 @@ func PossibleKillChainIntentValues() []KillChainIntent { type Kind string const ( - // KindAlertRule ... - KindAlertRule Kind = "AlertRule" - // KindScheduled ... - KindScheduled Kind = "Scheduled" + // KindAggregations ... + KindAggregations Kind = "Aggregations" + // KindCasesAggregation ... + KindCasesAggregation Kind = "CasesAggregation" ) // PossibleKindValues returns an array of possible values for the Kind const type. func PossibleKindValues() []Kind { - return []Kind{KindAlertRule, KindScheduled} + return []Kind{KindAggregations, KindCasesAggregation} } -// KindBasicAggregations enumerates the values for kind basic aggregations. -type KindBasicAggregations string +// KindBasicAlertRule enumerates the values for kind basic alert rule. +type KindBasicAlertRule string const ( - // KindAggregations ... - KindAggregations KindBasicAggregations = "Aggregations" - // KindCasesAggregation ... - KindCasesAggregation KindBasicAggregations = "CasesAggregation" + // KindAlertRule ... + KindAlertRule KindBasicAlertRule = "AlertRule" + // KindScheduled ... + KindScheduled KindBasicAlertRule = "Scheduled" ) -// PossibleKindBasicAggregationsValues returns an array of possible values for the KindBasicAggregations const type. -func PossibleKindBasicAggregationsValues() []KindBasicAggregations { - return []KindBasicAggregations{KindAggregations, KindCasesAggregation} +// PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type. +func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule { + return []KindBasicAlertRule{KindAlertRule, KindScheduled} } // KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. @@ -794,13 +794,13 @@ type AADDataConnector struct { *AADDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -820,13 +820,18 @@ func (adc AADDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return &adc, true +} + +// AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } @@ -835,28 +840,23 @@ func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataCo return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return &adc, true -} - -// AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -897,23 +897,23 @@ func (adc *AADDataConnector) UnmarshalJSON(body []byte) error { } adc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - adc.Type = &typeVar + adc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - adc.Name = &name + adc.Type = &typeVar } case "etag": if v != nil { @@ -953,13 +953,13 @@ type AATPDataConnector struct { *AATPDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -979,13 +979,18 @@ func (adc AATPDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return &adc, true +} + +// AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } @@ -994,28 +999,23 @@ func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataC return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { - return &adc, true -} - -// AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. -func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -1056,23 +1056,23 @@ func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error { } adc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - adc.Type = &typeVar + adc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - adc.Name = &name + adc.Type = &typeVar } case "etag": if v != nil { @@ -1112,11 +1112,11 @@ type AccountEntity struct { *AccountEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -1138,43 +1138,43 @@ func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool) { return &ae, true } -// AsHostEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -1183,23 +1183,23 @@ func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -1245,23 +1245,23 @@ func (ae *AccountEntity) UnmarshalJSON(body []byte) error { } ae.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - ae.Type = &typeVar + ae.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - ae.Name = &name + ae.Type = &typeVar } case "kind": if v != nil { @@ -1280,32 +1280,32 @@ func (ae *AccountEntity) UnmarshalJSON(body []byte) error { // AccountEntityProperties account entity property bag. type AccountEntityProperties struct { - // AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. - AccountName *string `json:"accountName,omitempty"` - // NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY. - NtDomain *string `json:"ntDomain,omitempty"` - // UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. - UpnSuffix *string `json:"upnSuffix,omitempty"` - // Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18. - Sid *string `json:"sid,omitempty"` // AadTenantID - READ-ONLY; The Azure Active Directory tenant id. AadTenantID *string `json:"aadTenantId,omitempty"` // AadUserID - READ-ONLY; The Azure Active Directory user id. AadUserID *string `json:"aadUserId,omitempty"` - // Puid - READ-ONLY; The Azure Active Directory Passport User ID. - Puid *string `json:"puid,omitempty"` - // IsDomainJoined - READ-ONLY; Determines whether this is a domain account. - IsDomainJoined *bool `json:"isDomainJoined,omitempty"` + // AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. + AccountName *string `json:"accountName,omitempty"` // DisplayName - READ-ONLY; The display name of the account. DisplayName *string `json:"displayName,omitempty"` - // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. - ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` // HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined) HostEntityID *string `json:"hostEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // IsDomainJoined - READ-ONLY; Determines whether this is a domain account. + IsDomainJoined *bool `json:"isDomainJoined,omitempty"` + // NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY. + NtDomain *string `json:"ntDomain,omitempty"` + // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. + ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` + // Puid - READ-ONLY; The Azure Active Directory Passport User ID. + Puid *string `json:"puid,omitempty"` + // Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18. + Sid *string `json:"sid,omitempty"` + // UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. + UpnSuffix *string `json:"upnSuffix,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for AccountEntityProperties. @@ -1323,10 +1323,10 @@ type Action struct { *ActionProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for Action. @@ -1377,23 +1377,23 @@ func (a *Action) UnmarshalJSON(body []byte) error { } a.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - a.Type = &typeVar + a.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - a.Name = &name + a.Type = &typeVar } } } @@ -1564,12 +1564,12 @@ type Aggregations struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation' - Kind KindBasicAggregations `json:"kind,omitempty"` + Kind Kind `json:"kind,omitempty"` } func unmarshalBasicAggregations(body []byte) (BasicAggregations, error) { @@ -1668,14 +1668,14 @@ type AlertRule struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' - Kind Kind `json:"kind,omitempty"` + Kind KindBasicAlertRule `json:"kind,omitempty"` } func unmarshalBasicAlertRule(body []byte) (BasicAlertRule, error) { @@ -1946,9 +1946,9 @@ func NewAlertRulesListPage(getNextPage func(context.Context, AlertRulesList) (Al // BasicAlertRuleTemplate alert rule template. type BasicAlertRuleTemplate interface { - AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) + AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) } @@ -1957,13 +1957,13 @@ type AlertRuleTemplate struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } @@ -1975,10 +1975,6 @@ func unmarshalBasicAlertRuleTemplate(body []byte) (BasicAlertRuleTemplate, error } switch m["kind"] { - case string(KindBasicAlertRuleTemplateKindScheduled): - var sart ScheduledAlertRuleTemplate - err := json.Unmarshal(body, &sart) - return sart, err case string(KindBasicAlertRuleTemplateKindFilter): var fart FilterAlertRuleTemplate err := json.Unmarshal(body, &fart) @@ -1987,6 +1983,10 @@ func unmarshalBasicAlertRuleTemplate(body []byte) (BasicAlertRuleTemplate, error var fart FusionAlertRuleTemplate err := json.Unmarshal(body, &fart) return fart, err + case string(KindBasicAlertRuleTemplateKindScheduled): + var sart ScheduledAlertRuleTemplate + err := json.Unmarshal(body, &sart) + return sart, err default: var art AlertRuleTemplate err := json.Unmarshal(body, &art) @@ -2025,11 +2025,6 @@ func (art AlertRuleTemplate) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. -func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { - return nil, false -} - // AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. func (art AlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { return nil, false @@ -2040,6 +2035,11 @@ func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTempla return nil, false } +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + // AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { return &art, true @@ -2263,13 +2263,13 @@ type ASCDataConnector struct { *ASCDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2289,43 +2289,43 @@ func (adc ASCDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } +// AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return &adc, true +} + // AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { - return &adc, true -} - -// AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -2366,23 +2366,23 @@ func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error { } adc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - adc.Type = &typeVar + adc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - adc.Name = &name + adc.Type = &typeVar } case "etag": if v != nil { @@ -2422,13 +2422,13 @@ type AwsCloudTrailDataConnector struct { *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2448,13 +2448,18 @@ func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } @@ -2463,28 +2468,23 @@ func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsClou return &actdc, true } -// AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return nil, false -} - -// AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -2525,23 +2525,23 @@ func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error { } actdc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - actdc.Type = &typeVar + actdc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - actdc.Name = &name + actdc.Type = &typeVar } case "etag": if v != nil { @@ -2594,11 +2594,11 @@ type AzureResourceEntity struct { *AzureResourceEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -2620,18 +2620,23 @@ func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return &are, true +} + +// AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool) { +// AsDNSEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsFileEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } @@ -2640,23 +2645,18 @@ func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsHostEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsIPEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return &are, true -} - -// AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -2665,23 +2665,23 @@ func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity. -func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -2727,23 +2727,23 @@ func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error { } are.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - are.Type = &typeVar + are.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - are.Name = &name + are.Type = &typeVar } case "kind": if v != nil { @@ -2764,10 +2764,10 @@ func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error { type AzureResourceEntityProperties struct { // ResourceID - READ-ONLY; The azure resource id of the resource ResourceID *string `json:"resourceId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for AzureResourceEntityProperties. @@ -2778,20 +2778,20 @@ func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error) { // BaseAlertRuleTemplateProperties base alert rule template property bag. type BaseAlertRuleTemplateProperties struct { - // DisplayName - The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule template. - Description *string `json:"description,omitempty"` - // Tactics - The tactics of the alert rule template - Tactics *[]AttackTactic `json:"tactics,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *string `json:"createdDateUTC,omitempty"` - // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' - Status TemplateStatus `json:"status,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data connectors for this template RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` - // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` } // Bookmark represents a bookmark in Azure Security Insights. @@ -2803,10 +2803,10 @@ type Bookmark struct { *BookmarkProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for Bookmark. @@ -2857,23 +2857,23 @@ func (b *Bookmark) UnmarshalJSON(body []byte) error { } b.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - b.Type = &typeVar + b.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - b.Name = &name + b.Type = &typeVar } } } @@ -3029,24 +3029,24 @@ func NewBookmarkListPage(getNextPage func(context.Context, BookmarkList) (Bookma // BookmarkProperties describes bookmark properties type BookmarkProperties struct { - // DisplayName - The display name of the bookmark - DisplayName *string `json:"displayName,omitempty"` - // Updated - The last time the bookmark was updated - Updated *date.Time `json:"updated,omitempty"` // Created - The time the bookmark was created Created *date.Time `json:"created,omitempty"` // CreatedBy - Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` - // UpdatedBy - Describes a user that updated the bookmark - UpdatedBy *UserInfo `json:"updatedBy,omitempty"` - // Notes - The notes of the bookmark - Notes *string `json:"notes,omitempty"` + // DisplayName - The display name of the bookmark + DisplayName *string `json:"displayName,omitempty"` // Labels - List of labels relevant to this bookmark Labels *[]string `json:"labels,omitempty"` + // Notes - The notes of the bookmark + Notes *string `json:"notes,omitempty"` // Query - The query of the bookmark. Query *string `json:"query,omitempty"` // QueryResult - The query result of the bookmark. QueryResult *string `json:"queryResult,omitempty"` + // Updated - The last time the bookmark was updated + Updated *date.Time `json:"updated,omitempty"` + // UpdatedBy - Describes a user that updated the bookmark + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` } // Case represents a case in Azure Security Insights. @@ -3058,10 +3058,10 @@ type Case struct { *CaseProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for Case. @@ -3112,23 +3112,23 @@ func (c *Case) UnmarshalJSON(body []byte) error { } c.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - c.Type = &typeVar + c.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - c.Name = &name + c.Type = &typeVar } } } @@ -3143,10 +3143,10 @@ type CaseComment struct { *CaseCommentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for CaseComment. @@ -3185,23 +3185,23 @@ func (cc *CaseComment) UnmarshalJSON(body []byte) error { } cc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - cc.Type = &typeVar + cc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - cc.Name = &name + cc.Type = &typeVar } } } @@ -3357,10 +3357,10 @@ func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) ( // CaseCommentProperties case comment property bag. type CaseCommentProperties struct { - // Message - The comment message - Message *string `json:"message,omitempty"` // CreatedTimeUtc - READ-ONLY; The time the comment was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Message - The comment message + Message *string `json:"message,omitempty"` // UserInfo - READ-ONLY; Describes the user that created the comment UserInfo *UserInfo `json:"userInfo,omitempty"` } @@ -3513,36 +3513,36 @@ func NewCaseListPage(getNextPage func(context.Context, CaseList) (CaseList, erro // CaseProperties describes case properties type CaseProperties struct { - // LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated - LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` + // CaseNumber - READ-ONLY; a sequential number + CaseNumber *int32 `json:"caseNumber,omitempty"` + // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other' + CloseReason CloseReason `json:"closeReason,omitempty"` + // ClosedReasonText - the case close reason details + ClosedReasonText *string `json:"closedReasonText,omitempty"` // CreatedTimeUtc - READ-ONLY; The time the case was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Description - The description of the case + Description *string `json:"description,omitempty"` // EndTimeUtc - The end time of the case EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` - // StartTimeUtc - The start time of the case - StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Labels - List of labels relevant to this case Labels *[]string `json:"labels,omitempty"` - // Description - The description of the case - Description *string `json:"description,omitempty"` - // Title - The title of the case - Title *string `json:"title,omitempty"` + // LastComment - READ-ONLY; the last comment in the case + LastComment *string `json:"lastComment,omitempty"` + // LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated + LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` // Owner - Describes a user that the case is assigned to Owner *UserInfo `json:"owner,omitempty"` + // RelatedAlertIds - READ-ONLY; List of related alert identifiers + RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"` // Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational' Severity CaseSeverity `json:"severity,omitempty"` + // StartTimeUtc - The start time of the case + StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed' Status CaseStatus `json:"status,omitempty"` - // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other' - CloseReason CloseReason `json:"closeReason,omitempty"` - // ClosedReasonText - the case close reason details - ClosedReasonText *string `json:"closedReasonText,omitempty"` - // RelatedAlertIds - READ-ONLY; List of related alert identifiers - RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"` - // CaseNumber - READ-ONLY; a sequential number - CaseNumber *int32 `json:"caseNumber,omitempty"` - // LastComment - READ-ONLY; the last comment in the case - LastComment *string `json:"lastComment,omitempty"` + // Title - The title of the case + Title *string `json:"title,omitempty"` // TotalComments - READ-ONLY; the number of total comments in the case TotalComments *int32 `json:"totalComments,omitempty"` } @@ -3553,12 +3553,12 @@ type CasesAggregation struct { *CasesAggregationProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation' - Kind KindBasicAggregations `json:"kind,omitempty"` + Kind Kind `json:"kind,omitempty"` } // MarshalJSON is the custom marshaler for CasesAggregation. @@ -3616,27 +3616,27 @@ func (ca *CasesAggregation) UnmarshalJSON(body []byte) error { } ca.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - ca.Type = &typeVar + ca.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - ca.Name = &name + ca.Type = &typeVar } case "kind": if v != nil { - var kind KindBasicAggregations + var kind Kind err = json.Unmarshal(*v, &kind) if err != nil { return err @@ -3655,24 +3655,24 @@ type CasesAggregationBySeverityProperties struct { TotalCriticalSeverity *int32 `json:"totalCriticalSeverity,omitempty"` // TotalHighSeverity - READ-ONLY; Total amount of open cases with severity High TotalHighSeverity *int32 `json:"totalHighSeverity,omitempty"` - // TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium - TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"` - // TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low - TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"` // TotalInformationalSeverity - READ-ONLY; Total amount of open cases with severity Informational TotalInformationalSeverity *int32 `json:"totalInformationalSeverity,omitempty"` + // TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low + TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"` + // TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium + TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"` } // CasesAggregationByStatusProperties aggregative results of cases by status property bag. type CasesAggregationByStatusProperties struct { - // TotalNewStatus - READ-ONLY; Total amount of open cases with status New - TotalNewStatus *int32 `json:"totalNewStatus,omitempty"` + // TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed + TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"` // TotalInProgressStatus - READ-ONLY; Total amount of open cases with status InProgress TotalInProgressStatus *int32 `json:"totalInProgressStatus,omitempty"` + // TotalNewStatus - READ-ONLY; Total amount of open cases with status New + TotalNewStatus *int32 `json:"totalNewStatus,omitempty"` // TotalResolvedStatus - READ-ONLY; Total amount of open cases with status Resolved TotalResolvedStatus *int32 `json:"totalResolvedStatus,omitempty"` - // TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed - TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"` } // CasesAggregationProperties aggregative results of cases property bag. @@ -3689,11 +3689,11 @@ type CloudApplicationEntity struct { *CloudApplicationEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -3715,18 +3715,23 @@ func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return &cae, true +} + +// AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsFileEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } @@ -3735,48 +3740,43 @@ func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsHostEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsIPEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return &cae, true -} - // AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity. func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity. -func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -3822,23 +3822,23 @@ func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error { } cae.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - cae.Type = &typeVar + cae.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - cae.Name = &name + cae.Type = &typeVar } case "kind": if v != nil { @@ -3863,10 +3863,10 @@ type CloudApplicationEntityProperties struct { AppName *string `json:"appName,omitempty"` // InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. InstanceName *string `json:"instanceName,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for CloudApplicationEntityProperties. @@ -3924,14 +3924,14 @@ type CloudErrorBody struct { // BasicDataConnector data connector. type BasicDataConnector interface { - AsOfficeDataConnector() (*OfficeDataConnector, bool) - AsTIDataConnector() (*TIDataConnector, bool) - AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsAADDataConnector() (*AADDataConnector, bool) + AsAATPDataConnector() (*AATPDataConnector, bool) AsASCDataConnector() (*ASCDataConnector, bool) + AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsMCASDataConnector() (*MCASDataConnector, bool) - AsAATPDataConnector() (*AATPDataConnector, bool) AsMDATPDataConnector() (*MDATPDataConnector, bool) + AsOfficeDataConnector() (*OfficeDataConnector, bool) + AsTIDataConnector() (*TIDataConnector, bool) AsDataConnector() (*DataConnector, bool) } @@ -3940,13 +3940,13 @@ type DataConnector struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -3958,38 +3958,38 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { } switch m["kind"] { - case string(KindOffice365): - var odc OfficeDataConnector - err := json.Unmarshal(body, &odc) - return odc, err - case string(KindThreatIntelligence): - var tdc TIDataConnector - err := json.Unmarshal(body, &tdc) - return tdc, err - case string(KindAmazonWebServicesCloudTrail): - var actdc AwsCloudTrailDataConnector - err := json.Unmarshal(body, &actdc) - return actdc, err case string(KindAzureActiveDirectory): var adc AADDataConnector err := json.Unmarshal(body, &adc) return adc, err + case string(KindAzureAdvancedThreatProtection): + var adc AATPDataConnector + err := json.Unmarshal(body, &adc) + return adc, err case string(KindAzureSecurityCenter): var adc ASCDataConnector err := json.Unmarshal(body, &adc) return adc, err + case string(KindAmazonWebServicesCloudTrail): + var actdc AwsCloudTrailDataConnector + err := json.Unmarshal(body, &actdc) + return actdc, err case string(KindMicrosoftCloudAppSecurity): var mdc MCASDataConnector err := json.Unmarshal(body, &mdc) return mdc, err - case string(KindAzureAdvancedThreatProtection): - var adc AATPDataConnector - err := json.Unmarshal(body, &adc) - return adc, err case string(KindMicrosoftDefenderAdvancedThreatProtection): var mdc MDATPDataConnector err := json.Unmarshal(body, &mdc) return mdc, err + case string(KindOffice365): + var odc OfficeDataConnector + err := json.Unmarshal(body, &odc) + return odc, err + case string(KindThreatIntelligence): + var tdc TIDataConnector + err := json.Unmarshal(body, &tdc) + return tdc, err default: var dc DataConnector err := json.Unmarshal(body, &dc) @@ -4028,43 +4028,43 @@ func (dc DataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsTIDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -4323,11 +4323,11 @@ type DNSEntity struct { *DNSEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -4349,43 +4349,43 @@ func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false +// AsDNSEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool) { + return &de, true } -// AsFileHashEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -4394,23 +4394,23 @@ func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool) { - return &de, true +// AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false } -// AsIPEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for DNSEntity. -func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -4456,23 +4456,23 @@ func (de *DNSEntity) UnmarshalJSON(body []byte) error { } de.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - de.Type = &typeVar + de.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - de.Name = &name + de.Type = &typeVar } case "kind": if v != nil { @@ -4491,18 +4491,18 @@ func (de *DNSEntity) UnmarshalJSON(body []byte) error { // DNSEntityProperties dns entity property bag. type DNSEntityProperties struct { - // DomainName - READ-ONLY; The name of the dns record associated with the alert - DomainName *string `json:"domainName,omitempty"` - // IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address. - IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"` // DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"` + // DomainName - READ-ONLY; The name of the dns record associated with the alert + DomainName *string `json:"domainName,omitempty"` // HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address. + IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for DNSEntityProperties. @@ -4514,19 +4514,19 @@ func (dep DNSEntityProperties) MarshalJSON() ([]byte, error) { // BasicEntity specific entity. type BasicEntity interface { AsAccountEntity() (*AccountEntity, bool) - AsHostEntity() (*HostEntity, bool) - AsFileEntity() (*FileEntity, bool) - AsSecurityAlert() (*SecurityAlert, bool) - AsFileHashEntity() (*FileHashEntity, bool) - AsMalwareEntity() (*MalwareEntity, bool) - AsSecurityGroupEntity() (*SecurityGroupEntity, bool) AsAzureResourceEntity() (*AzureResourceEntity, bool) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) - AsProcessEntity() (*ProcessEntity, bool) AsDNSEntity() (*DNSEntity, bool) + AsFileEntity() (*FileEntity, bool) + AsFileHashEntity() (*FileHashEntity, bool) + AsHostEntity() (*HostEntity, bool) AsIPEntity() (*IPEntity, bool) + AsMalwareEntity() (*MalwareEntity, bool) + AsProcessEntity() (*ProcessEntity, bool) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) AsRegistryValueEntity() (*RegistryValueEntity, bool) + AsSecurityAlert() (*SecurityAlert, bool) + AsSecurityGroupEntity() (*SecurityGroupEntity, bool) AsURLEntity() (*URLEntity, bool) AsEntity() (*Entity, bool) } @@ -4536,11 +4536,11 @@ type Entity struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -4556,30 +4556,6 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var ae AccountEntity err := json.Unmarshal(body, &ae) return ae, err - case string(KindHost): - var he HostEntity - err := json.Unmarshal(body, &he) - return he, err - case string(KindFile): - var fe FileEntity - err := json.Unmarshal(body, &fe) - return fe, err - case string(KindSecurityAlert): - var sa SecurityAlert - err := json.Unmarshal(body, &sa) - return sa, err - case string(KindFileHash): - var fhe FileHashEntity - err := json.Unmarshal(body, &fhe) - return fhe, err - case string(KindMalware): - var me MalwareEntity - err := json.Unmarshal(body, &me) - return me, err - case string(KindSecurityGroup): - var sge SecurityGroupEntity - err := json.Unmarshal(body, &sge) - return sge, err case string(KindAzureResource): var are AzureResourceEntity err := json.Unmarshal(body, &are) @@ -4588,18 +4564,34 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var cae CloudApplicationEntity err := json.Unmarshal(body, &cae) return cae, err - case string(KindProcess): - var peVar ProcessEntity - err := json.Unmarshal(body, &peVar) - return peVar, err case string(KindDNSResolution): var de DNSEntity err := json.Unmarshal(body, &de) return de, err + case string(KindFile): + var fe FileEntity + err := json.Unmarshal(body, &fe) + return fe, err + case string(KindFileHash): + var fhe FileHashEntity + err := json.Unmarshal(body, &fhe) + return fhe, err + case string(KindHost): + var he HostEntity + err := json.Unmarshal(body, &he) + return he, err case string(KindIP): var ie IPEntity err := json.Unmarshal(body, &ie) return ie, err + case string(KindMalware): + var me MalwareEntity + err := json.Unmarshal(body, &me) + return me, err + case string(KindProcess): + var peVar ProcessEntity + err := json.Unmarshal(body, &peVar) + return peVar, err case string(KindRegistryKey): var rke RegistryKeyEntity err := json.Unmarshal(body, &rke) @@ -4608,6 +4600,14 @@ func unmarshalBasicEntity(body []byte) (BasicEntity, error) { var rve RegistryValueEntity err := json.Unmarshal(body, &rve) return rve, err + case string(KindSecurityAlert): + var sa SecurityAlert + err := json.Unmarshal(body, &sa) + return sa, err + case string(KindSecurityGroup): + var sge SecurityGroupEntity + err := json.Unmarshal(body, &sge) + return sge, err case string(KindURL): var ue URLEntity err := json.Unmarshal(body, &ue) @@ -4652,43 +4652,43 @@ func (e Entity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for Entity. -func (e Entity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for Entity. +func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for Entity. -func (e Entity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for Entity. +func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for Entity. -func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for Entity. +func (e Entity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for Entity. -func (e Entity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for Entity. +func (e Entity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for Entity. -func (e Entity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for Entity. +func (e Entity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for Entity. -func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for Entity. +func (e Entity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for Entity. -func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for Entity. +func (e Entity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for Entity. -func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for Entity. +func (e Entity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -4697,23 +4697,23 @@ func (e Entity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for Entity. -func (e Entity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for Entity. +func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for Entity. -func (e Entity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for Entity. +func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for Entity. -func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for Entity. -func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -4734,10 +4734,10 @@ func (e Entity) AsBasicEntity() (BasicEntity, bool) { // EntityCommonProperties entity common property bag. type EntityCommonProperties struct { - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for EntityCommonProperties. @@ -4748,21 +4748,21 @@ func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error) { // EntityExpandParameters the parameters required to execute an expand operation on the given entity. type EntityExpandParameters struct { + // EndTime - The end date filter, so the only expansion results returned are before this date. + EndTime *date.Time `json:"endTime,omitempty"` // ExpansionID - The Id of the expansion to perform. ExpansionID *uuid.UUID `json:"expansionId,omitempty"` // StartTime - The start date filter, so the only expansion results returned are after this date. StartTime *date.Time `json:"startTime,omitempty"` - // EndTime - The end date filter, so the only expansion results returned are before this date. - EndTime *date.Time `json:"endTime,omitempty"` } // EntityExpandResponse the entity expansion result operation response. type EntityExpandResponse struct { autorest.Response `json:"-"` - // Value - The expansion result values. - Value *EntityExpandResponseValue `json:"value,omitempty"` // MetaData - The metadata from the expansion operation results. MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` + // Value - The expansion result values. + Value *EntityExpandResponseValue `json:"value,omitempty"` } // EntityExpandResponseValue the expansion result values. @@ -5002,10 +5002,10 @@ type EntityQuery struct { *EntityQueryProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for EntityQuery. @@ -5044,23 +5044,23 @@ func (eq *EntityQuery) UnmarshalJSON(body []byte) error { } eq.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - eq.Type = &typeVar + eq.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - eq.Name = &name + eq.Type = &typeVar } } } @@ -5216,30 +5216,30 @@ func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) ( // EntityQueryProperties describes entity query properties type EntityQueryProperties struct { - // QueryTemplate - The template query string to be parsed and formatted - QueryTemplate *string `json:"queryTemplate,omitempty"` + // DataSources - List of the data sources that are required to run the query + DataSources *[]string `json:"dataSources,omitempty"` + // DisplayName - The query display name + DisplayName *string `json:"displayName,omitempty"` // InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark' InputEntityType EntityType `json:"inputEntityType,omitempty"` // InputFields - List of the fields of the source entity that are required to run the query InputFields *[]string `json:"inputFields,omitempty"` // OutputEntityTypes - List of the desired output types to be constructed from the result OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"` - // DataSources - List of the data sources that are required to run the query - DataSources *[]string `json:"dataSources,omitempty"` - // DisplayName - The query display name - DisplayName *string `json:"displayName,omitempty"` + // QueryTemplate - The template query string to be parsed and formatted + QueryTemplate *string `json:"queryTemplate,omitempty"` } // ExpansionResultAggregation information of a specific aggregation in the expansion result. type ExpansionResultAggregation struct { - // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' - EntityKind EntityKind `json:"entityKind,omitempty"` - // Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. - Count *int32 `json:"count,omitempty"` // AggregationType - The common type of the aggregation. (for e.g. entity field name) AggregationType *string `json:"aggregationType,omitempty"` + // Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. + Count *int32 `json:"count,omitempty"` // DisplayName - The display name of the aggregation by type. DisplayName *string `json:"displayName,omitempty"` + // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' + EntityKind EntityKind `json:"entityKind,omitempty"` } // ExpansionResultsMetadata expansion result metadata. @@ -5254,11 +5254,11 @@ type FileEntity struct { *FileEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5280,43 +5280,43 @@ func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsFileEntity() (*FileEntity, bool) { - return &fe, true +// AsCloudApplicationEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false } -// AsSecurityAlert is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false +// AsFileEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsFileEntity() (*FileEntity, bool) { + return &fe, true } -// AsMalwareEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -5325,23 +5325,23 @@ func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -5387,23 +5387,23 @@ func (fe *FileEntity) UnmarshalJSON(body []byte) error { } fe.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - fe.Type = &typeVar + fe.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - fe.Name = &name + fe.Type = &typeVar } case "kind": if v != nil { @@ -5424,16 +5424,16 @@ func (fe *FileEntity) UnmarshalJSON(body []byte) error { type FileEntityProperties struct { // Directory - READ-ONLY; The full path to the file. Directory *string `json:"directory,omitempty"` + // FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file + FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"` // FileName - READ-ONLY; The file name without path (some alerts might not include path). FileName *string `json:"fileName,omitempty"` // HostEntityID - READ-ONLY; The Host entity id which the file belongs to HostEntityID *string `json:"hostEntityId,omitempty"` - // FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file - FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for FileEntityProperties. @@ -5448,11 +5448,11 @@ type FileHashEntity struct { *FileHashEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5474,18 +5474,23 @@ func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } @@ -5494,23 +5499,18 @@ func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool) { return &fhe, true } -// AsMalwareEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -5519,23 +5519,23 @@ func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity. -func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -5581,23 +5581,23 @@ func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { } fhe.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - fhe.Type = &typeVar + fhe.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - fhe.Name = &name + fhe.Type = &typeVar } case "kind": if v != nil { @@ -5616,14 +5616,14 @@ func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { // FileHashEntityProperties fileHash entity property bag. type FileHashEntityProperties struct { - // HashValue - READ-ONLY; The file hash value. - HashValue *string `json:"hashValue,omitempty"` // Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC' Algorithm FileHashAlgorithm `json:"algorithm,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // HashValue - READ-ONLY; The file hash value. + HashValue *string `json:"hashValue,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for FileHashEntityProperties. @@ -5638,13 +5638,13 @@ type FilterAlertRuleTemplate struct { *FilterAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } @@ -5664,11 +5664,6 @@ func (fart FilterAlertRuleTemplate) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. -func (fart FilterAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { - return nil, false -} - // AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. func (fart FilterAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { return &fart, true @@ -5679,6 +5674,11 @@ func (fart FilterAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRul return nil, false } +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + // AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. func (fart FilterAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { return nil, false @@ -5716,23 +5716,23 @@ func (fart *FilterAlertRuleTemplate) UnmarshalJSON(body []byte) error { } fart.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - fart.Type = &typeVar + fart.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - fart.Name = &name + fart.Type = &typeVar } case "etag": if v != nil { @@ -5760,20 +5760,20 @@ func (fart *FilterAlertRuleTemplate) UnmarshalJSON(body []byte) error { // FilterAlertRuleTemplateProperties filter alert rule template properties type FilterAlertRuleTemplateProperties struct { - // DisplayName - The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule template. - Description *string `json:"description,omitempty"` - // Tactics - The tactics of the alert rule template - Tactics *[]AttackTactic `json:"tactics,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *string `json:"createdDateUTC,omitempty"` - // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' - Status TemplateStatus `json:"status,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data connectors for this template RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` - // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` // FilterProduct - The filter product name for this template rule. FilterProduct *string `json:"filterProduct,omitempty"` // FilterSeverities - the alert’s severities on which the cases will be generated @@ -5798,13 +5798,13 @@ type FusionAlertRuleTemplate struct { *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } @@ -5824,11 +5824,6 @@ func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. -func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { - return nil, false -} - // AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. func (fart FusionAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { return nil, false @@ -5839,6 +5834,11 @@ func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRul return &fart, true } +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + // AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { return nil, false @@ -5876,23 +5876,23 @@ func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { } fart.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - fart.Type = &typeVar + fart.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - fart.Name = &name + fart.Type = &typeVar } case "etag": if v != nil { @@ -5920,20 +5920,20 @@ func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { // FusionAlertRuleTemplateProperties fusion alert rule template properties type FusionAlertRuleTemplateProperties struct { - // DisplayName - The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule template. - Description *string `json:"description,omitempty"` - // Tactics - The tactics of the alert rule template - Tactics *[]AttackTactic `json:"tactics,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *string `json:"createdDateUTC,omitempty"` - // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' - Status TemplateStatus `json:"status,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data connectors for this template RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` - // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` } @@ -5946,20 +5946,20 @@ type FusionAlertRuleTemplatePropertiesModel struct { // GeoLocation the geo-location context attached to the ip entity type GeoLocation struct { + // Asn - READ-ONLY; Autonomous System Number + Asn *int32 `json:"asn,omitempty"` + // City - READ-ONLY; City name + City *string `json:"city,omitempty"` // CountryCode - READ-ONLY; The country code according to ISO 3166 format CountryCode *string `json:"countryCode,omitempty"` // CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name CountryName *string `json:"countryName,omitempty"` - // State - READ-ONLY; State name - State *string `json:"state,omitempty"` - // City - READ-ONLY; City name - City *string `json:"city,omitempty"` - // Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. - Longitude *float64 `json:"longitude,omitempty"` // Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. Latitude *float64 `json:"latitude,omitempty"` - // Asn - READ-ONLY; Autonomous System Number - Asn *int32 `json:"asn,omitempty"` + // Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. + Longitude *float64 `json:"longitude,omitempty"` + // State - READ-ONLY; State name + State *string `json:"state,omitempty"` } // HostEntity represents a host entity. @@ -5968,11 +5968,11 @@ type HostEntity struct { *HostEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -5994,43 +5994,43 @@ func (he HostEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsHostEntity() (*HostEntity, bool) { - return &he, true +// AsAzureResourceEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false } -// AsFileEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false +// AsHostEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsHostEntity() (*HostEntity, bool) { + return &he, true } -// AsAzureResourceEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -6039,23 +6039,23 @@ func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -6101,23 +6101,23 @@ func (he *HostEntity) UnmarshalJSON(body []byte) error { } he.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - he.Type = &typeVar + he.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - he.Name = &name + he.Type = &typeVar } case "kind": if v != nil { @@ -6136,28 +6136,28 @@ func (he *HostEntity) UnmarshalJSON(body []byte) error { // HostEntityProperties host entity property bag. type HostEntityProperties struct { + // AzureID - READ-ONLY; The azure resource id of the VM. + AzureID *string `json:"azureID,omitempty"` // DNSDomain - READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain DNSDomain *string `json:"dnsDomain,omitempty"` - // NtDomain - READ-ONLY; The NT domain that this host belongs to. - NtDomain *string `json:"ntDomain,omitempty"` // HostName - READ-ONLY; The hostname without the domain suffix. HostName *string `json:"hostName,omitempty"` + // IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain. + IsDomainJoined *bool `json:"isDomainJoined,omitempty"` // NetBiosName - READ-ONLY; The host name (pre-windows2000). NetBiosName *string `json:"netBiosName,omitempty"` - // AzureID - READ-ONLY; The azure resource id of the VM. - AzureID *string `json:"azureID,omitempty"` + // NtDomain - READ-ONLY; The NT domain that this host belongs to. + NtDomain *string `json:"ntDomain,omitempty"` // OmsAgentID - READ-ONLY; The OMS agent id, if the host has OMS agent installed. OmsAgentID *string `json:"omsAgentID,omitempty"` // OsFamily - The operating system type. Possible values include: 'Linux', 'Windows', 'Android', 'IOS' OsFamily OSFamily `json:"osFamily,omitempty"` // OsVersion - READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration OsVersion *string `json:"osVersion,omitempty"` - // IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain. - IsDomainJoined *bool `json:"isDomainJoined,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for HostEntityProperties. @@ -6175,11 +6175,11 @@ type IPEntity struct { *IPEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -6201,43 +6201,43 @@ func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false +// AsIPEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsIPEntity() (*IPEntity, bool) { + return &ie, true } -// AsCloudApplicationEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -6246,23 +6246,23 @@ func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsIPEntity() (*IPEntity, bool) { - return &ie, true +// AsRegistryValueEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -6308,23 +6308,23 @@ func (ie *IPEntity) UnmarshalJSON(body []byte) error { } ie.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - ie.Type = &typeVar + ie.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - ie.Name = &name + ie.Type = &typeVar } case "kind": if v != nil { @@ -6349,10 +6349,10 @@ type IPEntityProperties struct { Location *GeoLocation `json:"location,omitempty"` // ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity. ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for IPEntityProperties. @@ -6370,11 +6370,11 @@ type MalwareEntity struct { *MalwareEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -6396,44 +6396,44 @@ func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return &me, true +// AsFileHashEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false +// AsMalwareEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return &me, true } // AsProcessEntity is the BasicEntity implementation for MalwareEntity. @@ -6441,23 +6441,23 @@ func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity. -func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -6503,23 +6503,23 @@ func (me *MalwareEntity) UnmarshalJSON(body []byte) error { } me.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - me.Type = &typeVar + me.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - me.Name = &name + me.Type = &typeVar } case "kind": if v != nil { @@ -6538,18 +6538,18 @@ func (me *MalwareEntity) UnmarshalJSON(body []byte) error { // MalwareEntityProperties malware entity property bag. type MalwareEntityProperties struct { - // MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn - MalwareName *string `json:"malwareName,omitempty"` // Category - READ-ONLY; The malware category by the vendor, e.g. Trojan Category *string `json:"category,omitempty"` // FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found FileEntityIds *[]string `json:"fileEntityIds,omitempty"` + // MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn + MalwareName *string `json:"malwareName,omitempty"` // ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found. ProcessEntityIds *[]string `json:"processEntityIds,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for MalwareEntityProperties. @@ -6564,13 +6564,13 @@ type MCASDataConnector struct { *MCASDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -6590,28 +6590,23 @@ func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false -} - -// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } @@ -6620,13 +6615,18 @@ func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return &mdc, true } -// AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -6667,23 +6667,23 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { } mdc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - mdc.Type = &typeVar + mdc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - mdc.Name = &name + mdc.Type = &typeVar } case "etag": if v != nil { @@ -6738,13 +6738,13 @@ type MDATPDataConnector struct { *MDATPDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -6764,23 +6764,13 @@ func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false -} - -// AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return nil, false -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } @@ -6789,13 +6779,13 @@ func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. -func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } @@ -6804,6 +6794,16 @@ func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) return &mdc, true } +// AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector. func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -6841,23 +6841,23 @@ func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { } mdc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - mdc.Type = &typeVar + mdc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - mdc.Name = &name + mdc.Type = &typeVar } case "etag": if v != nil { @@ -6899,10 +6899,10 @@ type OfficeConsent struct { *OfficeConsentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for OfficeConsent. @@ -6941,23 +6941,23 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { } oc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - oc.Type = &typeVar + oc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - oc.Name = &name + oc.Type = &typeVar } } } @@ -7125,13 +7125,13 @@ type OfficeDataConnector struct { *OfficeDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -7151,28 +7151,23 @@ func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return &odc, true -} - -// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } @@ -7181,13 +7176,18 @@ func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return &odc, true +} + +// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -7228,23 +7228,23 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { } odc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - odc.Type = &typeVar + odc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - odc.Name = &name + odc.Type = &typeVar } case "etag": if v != nil { @@ -7272,10 +7272,10 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { // OfficeDataConnectorDataTypes the available data types for office data connector. type OfficeDataConnectorDataTypes struct { - // SharePoint - SharePoint data type connection. - SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` // Exchange - Exchange data type connection. Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` + // SharePoint - SharePoint data type connection. + SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` } // OfficeDataConnectorDataTypesExchange exchange data type connection. @@ -7300,22 +7300,22 @@ type OfficeDataConnectorProperties struct { // Operation operation provided by provider type Operation struct { - // Name - Name of the operation - Name *string `json:"name,omitempty"` // Display - Properties of the operation Display *OperationDisplay `json:"display,omitempty"` + // Name - Name of the operation + Name *string `json:"name,omitempty"` } // OperationDisplay properties of the operation type OperationDisplay struct { + // Description - Description of the operation + Description *string `json:"description,omitempty"` + // Operation - Operation name + Operation *string `json:"operation,omitempty"` // Provider - Provider name Provider *string `json:"provider,omitempty"` // Resource - Resource name Resource *string `json:"resource,omitempty"` - // Operation - Operation name - Operation *string `json:"operation,omitempty"` - // Description - Description of the operation - Description *string `json:"description,omitempty"` } // OperationsList lists the operations available in the SecurityInsights RP. @@ -7470,11 +7470,11 @@ type ProcessEntity struct { *ProcessEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7496,43 +7496,43 @@ func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -7541,23 +7541,23 @@ func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool) { return &peVar, true } -// AsDNSEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity. -func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -7603,23 +7603,23 @@ func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error { } peVar.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - peVar.Type = &typeVar + peVar.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - peVar.Name = &name + peVar.Type = &typeVar } case "kind": if v != nil { @@ -7638,28 +7638,28 @@ func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error { // ProcessEntityProperties process entity property bag. type ProcessEntityProperties struct { - // ProcessID - READ-ONLY; The process ID - ProcessID *string `json:"processId,omitempty"` + // AccountEntityID - READ-ONLY; The account entity id running the processes. + AccountEntityID *string `json:"accountEntityId,omitempty"` // CommandLine - READ-ONLY; The command line used to create the process CommandLine *string `json:"commandLine,omitempty"` - // ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited' - ElevationToken ElevationToken `json:"elevationToken,omitempty"` // CreationTimeUtc - READ-ONLY; The time when the process started to run CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"` - // ImageFileEntityID - READ-ONLY; Image file entity id - ImageFileEntityID *string `json:"imageFileEntityId,omitempty"` - // AccountEntityID - READ-ONLY; The account entity id running the processes. - AccountEntityID *string `json:"accountEntityId,omitempty"` - // ParentProcessEntityID - READ-ONLY; The parent process entity id. - ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"` + // ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited' + ElevationToken ElevationToken `json:"elevationToken,omitempty"` // HostEntityID - READ-ONLY; The host entity id on which the process was running HostEntityID *string `json:"hostEntityId,omitempty"` // HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // ImageFileEntityID - READ-ONLY; Image file entity id + ImageFileEntityID *string `json:"imageFileEntityId,omitempty"` + // ParentProcessEntityID - READ-ONLY; The parent process entity id. + ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"` + // ProcessID - READ-ONLY; The process ID + ProcessID *string `json:"processId,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for ProcessEntityProperties. @@ -7677,11 +7677,11 @@ type RegistryKeyEntity struct { *RegistryKeyEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7703,43 +7703,43 @@ func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -7748,16 +7748,6 @@ func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for RegistryKeyEntity. -func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - // AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity. func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return &rke, true @@ -7768,6 +7758,16 @@ func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool return nil, false } +// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + // AsURLEntity is the BasicEntity implementation for RegistryKeyEntity. func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool) { return nil, false @@ -7810,23 +7810,23 @@ func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error { } rke.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - rke.Type = &typeVar + rke.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - rke.Name = &name + rke.Type = &typeVar } case "kind": if v != nil { @@ -7849,10 +7849,10 @@ type RegistryKeyEntityProperties struct { Hive RegistryHive `json:"hive,omitempty"` // Key - READ-ONLY; The registry key path. Key *string `json:"key,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for RegistryKeyEntityProperties. @@ -7867,11 +7867,11 @@ type RegistryValueEntity struct { *RegistryValueEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -7893,43 +7893,43 @@ func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -7938,16 +7938,6 @@ func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - // AsRegistryKeyEntity is the BasicEntity implementation for RegistryValueEntity. func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false @@ -7958,6 +7948,16 @@ func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bo return &rve, true } +// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + // AsURLEntity is the BasicEntity implementation for RegistryValueEntity. func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool) { return nil, false @@ -8000,23 +8000,23 @@ func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error { } rve.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - rve.Type = &typeVar + rve.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - rve.Name = &name + rve.Type = &typeVar } case "kind": if v != nil { @@ -8035,18 +8035,18 @@ func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error { // RegistryValueEntityProperties registryValue entity property bag. type RegistryValueEntityProperties struct { - // ValueName - READ-ONLY; The registry value name. - ValueName *string `json:"valueName,omitempty"` + // KeyEntityID - READ-ONLY; The registry key entity id. + KeyEntityID *string `json:"keyEntityId,omitempty"` // ValueData - READ-ONLY; String formatted representation of the value data. ValueData *string `json:"valueData,omitempty"` + // ValueName - READ-ONLY; The registry value name. + ValueName *string `json:"valueName,omitempty"` // ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord' ValueType RegistryValueKind `json:"valueType,omitempty"` - // KeyEntityID - READ-ONLY; The registry key entity id. - KeyEntityID *string `json:"keyEntityId,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for RegistryValueEntityProperties. @@ -8059,10 +8059,10 @@ func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error) { type Resource struct { // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // ScheduledAlertRule represents scheduled alert rule. @@ -8071,14 +8071,14 @@ type ScheduledAlertRule struct { *ScheduledAlertRuleProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' - Kind Kind `json:"kind,omitempty"` + Kind KindBasicAlertRule `json:"kind,omitempty"` } // MarshalJSON is the custom marshaler for ScheduledAlertRule. @@ -8139,23 +8139,23 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { } sar.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - sar.Type = &typeVar + sar.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - sar.Name = &name + sar.Type = &typeVar } case "etag": if v != nil { @@ -8168,7 +8168,7 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { } case "kind": if v != nil { - var kind Kind + var kind KindBasicAlertRule err = json.Unmarshal(*v, &kind) if err != nil { return err @@ -8183,30 +8183,30 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { // ScheduledAlertRuleProperties alert rule property bag. type ScheduledAlertRuleProperties struct { - // DisplayName - The display name for alerts created by this alert rule. - DisplayName *string `json:"displayName,omitempty"` // Description - The description of the alert rule. Description *string `json:"description,omitempty"` - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` + // DisplayName - The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` // Enabled - Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. + LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. + SuppressionDuration *string `json:"suppressionDuration,omitempty"` + // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. + SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` - // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. - SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` - // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. - SuppressionDuration *string `json:"suppressionDuration,omitempty"` - // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` } // ScheduledAlertRuleTemplate represents scheduled alert rule template. @@ -8215,13 +8215,13 @@ type ScheduledAlertRuleTemplate struct { *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } @@ -8241,11 +8241,6 @@ func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. -func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { - return &sart, true -} - // AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. func (sart ScheduledAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { return nil, false @@ -8256,6 +8251,11 @@ func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlert return nil, false } +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return &sart, true +} + // AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { return nil, false @@ -8293,23 +8293,23 @@ func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { } sart.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - sart.Type = &typeVar + sart.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - sart.Name = &name + sart.Type = &typeVar } case "etag": if v != nil { @@ -8337,28 +8337,28 @@ func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { // ScheduledAlertRuleTemplateProperties scheduled alert rule template properties type ScheduledAlertRuleTemplateProperties struct { - // DisplayName - The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule template. - Description *string `json:"description,omitempty"` - // Tactics - The tactics of the alert rule template - Tactics *[]AttackTactic `json:"tactics,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *string `json:"createdDateUTC,omitempty"` - // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' - Status TemplateStatus `json:"status,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data connectors for this template RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` - // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. @@ -8367,14 +8367,14 @@ type ScheduledAlertRuleTemplateProperties struct { // ScheduledAlertRuleTemplatePropertiesModel schedule alert rule template property bag. type ScheduledAlertRuleTemplatePropertiesModel struct { - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. @@ -8387,11 +8387,11 @@ type SecurityAlert struct { *SecurityAlertProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -8413,43 +8413,43 @@ func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { - return &sa, true +// AsDNSEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool) { + return nil, false } -// AsFileHashEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -8458,23 +8458,23 @@ func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false +// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { + return &sa, true } -// AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert. -func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -8520,23 +8520,23 @@ func (sa *SecurityAlert) UnmarshalJSON(body []byte) error { } sa.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - sa.Type = &typeVar + sa.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - sa.Name = &name + sa.Type = &typeVar } case "kind": if v != nil { @@ -8555,52 +8555,52 @@ func (sa *SecurityAlert) UnmarshalJSON(body []byte) error { // SecurityAlertProperties securityAlert entity property bag. type SecurityAlertProperties struct { - // SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product. - SystemAlertID *string `json:"systemAlertId,omitempty"` + // AlertDisplayName - READ-ONLY; The display name of the alert. + AlertDisplayName *string `json:"alertDisplayName,omitempty"` + // AlertType - READ-ONLY; The type name of the alert. + AlertType *string `json:"alertType,omitempty"` + // CompromisedEntity - READ-ONLY; Display name of the main entity being reported on. + CompromisedEntity *string `json:"compromisedEntity,omitempty"` + // ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh' + ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"` // ConfidenceReasons - READ-ONLY; The confidence reasons ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"` - // ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final' - ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` - // Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact' - Intent KillChainIntent `json:"intent,omitempty"` // ConfidenceScore - READ-ONLY; The confidence score of the alert. ConfidenceScore *float64 `json:"confidenceScore,omitempty"` - // AlertDisplayName - READ-ONLY; The display name of the alert. - AlertDisplayName *string `json:"alertDisplayName,omitempty"` + // ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final' + ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` // Description - READ-ONLY; Alert description. Description *string `json:"description,omitempty"` - // RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert. - RemediationSteps *[]string `json:"remediationSteps,omitempty"` - // ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh' - ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"` - // Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` - // VendorName - READ-ONLY; The name of the vendor that raise the alert. - VendorName *string `json:"vendorName,omitempty"` - // ProductName - READ-ONLY; The name of the product which published this alert. - ProductName *string `json:"productName,omitempty"` + // EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert). + EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` + // Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact' + Intent KillChainIntent `json:"intent,omitempty"` + // ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption. + ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"` // ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert. ProductComponentName *string `json:"productComponentName,omitempty"` - // AlertType - READ-ONLY; The type name of the alert. - AlertType *string `json:"alertType,omitempty"` + // ProductName - READ-ONLY; The name of the product which published this alert. + ProductName *string `json:"productName,omitempty"` // ProductVersion - READ-ONLY; The version of the product generating the alert. ProductVersion *string `json:"productVersion,omitempty"` - // ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption. - ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"` - // Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress' - Status AlertStatus `json:"status,omitempty"` - // EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert). - EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` + // RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert. + RemediationSteps *[]string `json:"remediationSteps,omitempty"` + // Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` // StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert). StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` + // Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress' + Status AlertStatus `json:"status,omitempty"` + // SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product. + SystemAlertID *string `json:"systemAlertId,omitempty"` // TimeGenerated - READ-ONLY; The time the alert was generated. TimeGenerated *date.Time `json:"timeGenerated,omitempty"` - // CompromisedEntity - READ-ONLY; Display name of the main entity being reported on. - CompromisedEntity *string `json:"compromisedEntity,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // VendorName - READ-ONLY; The name of the vendor that raise the alert. + VendorName *string `json:"vendorName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for SecurityAlertProperties. @@ -8614,10 +8614,10 @@ func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error) { // SecurityAlertPropertiesConfidenceReasonsItem confidence reason item type SecurityAlertPropertiesConfidenceReasonsItem struct { - // ReasonType - READ-ONLY; The type (category) of the reason - ReasonType *string `json:"reasonType,omitempty"` // Reason - READ-ONLY; The reason's description Reason *string `json:"reason,omitempty"` + // ReasonType - READ-ONLY; The type (category) of the reason + ReasonType *string `json:"reasonType,omitempty"` } // SecurityGroupEntity represents a security group entity. @@ -8626,11 +8626,11 @@ type SecurityGroupEntity struct { *SecurityGroupEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -8652,43 +8652,43 @@ func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return &sge, true +// AsHostEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -8697,16 +8697,6 @@ func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for SecurityGroupEntity. -func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - // AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity. func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false @@ -8717,6 +8707,16 @@ func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bo return nil, false } +// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return &sge, true +} + // AsURLEntity is the BasicEntity implementation for SecurityGroupEntity. func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool) { return nil, false @@ -8759,23 +8759,23 @@ func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { } sge.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - sge.Type = &typeVar + sge.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - sge.Name = &name + sge.Type = &typeVar } case "kind": if v != nil { @@ -8796,14 +8796,14 @@ func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { type SecurityGroupEntityProperties struct { // DistinguishedName - READ-ONLY; The group distinguished name DistinguishedName *string `json:"distinguishedName,omitempty"` - // Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group - Sid *string `json:"sid,omitempty"` // ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory. ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` + // Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group + Sid *string `json:"sid,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for SecurityGroupEntityProperties. @@ -8814,8 +8814,8 @@ func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) { // BasicSettings the Setting. type BasicSettings interface { - AsUebaSettings() (*UebaSettings, bool) AsToggleSettings() (*ToggleSettings, bool) + AsUebaSettings() (*UebaSettings, bool) AsSettings() (*Settings, bool) } @@ -8824,13 +8824,13 @@ type Settings struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings' + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -8842,14 +8842,14 @@ func unmarshalBasicSettings(body []byte) (BasicSettings, error) { } switch m["kind"] { - case string(KindUebaSettings): - var us UebaSettings - err := json.Unmarshal(body, &us) - return us, err case string(KindToggleSettings): var ts ToggleSettings err := json.Unmarshal(body, &ts) return ts, err + case string(KindUebaSettings): + var us UebaSettings + err := json.Unmarshal(body, &us) + return us, err default: var s Settings err := json.Unmarshal(body, &s) @@ -8888,13 +8888,13 @@ func (s Settings) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsUebaSettings is the BasicSettings implementation for Settings. -func (s Settings) AsUebaSettings() (*UebaSettings, bool) { +// AsToggleSettings is the BasicSettings implementation for Settings. +func (s Settings) AsToggleSettings() (*ToggleSettings, bool) { return nil, false } -// AsToggleSettings is the BasicSettings implementation for Settings. -func (s Settings) AsToggleSettings() (*ToggleSettings, bool) { +// AsUebaSettings is the BasicSettings implementation for Settings. +func (s Settings) AsUebaSettings() (*UebaSettings, bool) { return nil, false } @@ -8933,18 +8933,18 @@ func (sm *SettingsModel) UnmarshalJSON(body []byte) error { // ThreatIntelligence threatIntelligence property bag. type ThreatIntelligence struct { - // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received - ProviderName *string `json:"providerName,omitempty"` - // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") - ThreatType *string `json:"threatType,omitempty"` - // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") - ThreatName *string `json:"threatName,omitempty"` // Confidence - READ-ONLY; Confidence (must be between 0 and 1) Confidence *float64 `json:"confidence,omitempty"` + // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received + ProviderName *string `json:"providerName,omitempty"` // ReportLink - READ-ONLY; Report link ReportLink *string `json:"reportLink,omitempty"` // ThreatDescription - READ-ONLY; Threat description (free text) ThreatDescription *string `json:"threatDescription,omitempty"` + // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") + ThreatName *string `json:"threatName,omitempty"` + // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") + ThreatType *string `json:"threatType,omitempty"` } // TIDataConnector represents threat intelligence data connector. @@ -8953,13 +8953,13 @@ type TIDataConnector struct { *TIDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -8979,28 +8979,23 @@ func (tdc TIDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return &tdc, true -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } @@ -9009,16 +9004,21 @@ func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } +// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return &tdc, true +} + // AsDataConnector is the BasicDataConnector implementation for TIDataConnector. func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -9056,23 +9056,23 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { } tdc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - tdc.Type = &typeVar + tdc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - tdc.Name = &name + tdc.Type = &typeVar } case "etag": if v != nil { @@ -9124,13 +9124,13 @@ type ToggleSettings struct { *ToggleSettingsProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings' + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -9150,16 +9150,16 @@ func (ts ToggleSettings) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsUebaSettings is the BasicSettings implementation for ToggleSettings. -func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool) { - return nil, false -} - // AsToggleSettings is the BasicSettings implementation for ToggleSettings. func (ts ToggleSettings) AsToggleSettings() (*ToggleSettings, bool) { return &ts, true } +// AsUebaSettings is the BasicSettings implementation for ToggleSettings. +func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool) { + return nil, false +} + // AsSettings is the BasicSettings implementation for ToggleSettings. func (ts ToggleSettings) AsSettings() (*Settings, bool) { return nil, false @@ -9197,23 +9197,23 @@ func (ts *ToggleSettings) UnmarshalJSON(body []byte) error { } ts.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - ts.Type = &typeVar + ts.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - ts.Name = &name + ts.Type = &typeVar } case "etag": if v != nil { @@ -9251,13 +9251,13 @@ type UebaSettings struct { *UebaSettingsProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings' + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -9277,16 +9277,16 @@ func (us UebaSettings) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsUebaSettings is the BasicSettings implementation for UebaSettings. -func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool) { - return &us, true -} - // AsToggleSettings is the BasicSettings implementation for UebaSettings. func (us UebaSettings) AsToggleSettings() (*ToggleSettings, bool) { return nil, false } +// AsUebaSettings is the BasicSettings implementation for UebaSettings. +func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool) { + return &us, true +} + // AsSettings is the BasicSettings implementation for UebaSettings. func (us UebaSettings) AsSettings() (*Settings, bool) { return nil, false @@ -9324,23 +9324,23 @@ func (us *UebaSettings) UnmarshalJSON(body []byte) error { } us.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - us.Type = &typeVar + us.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - us.Name = &name + us.Type = &typeVar } case "etag": if v != nil { @@ -9368,12 +9368,12 @@ func (us *UebaSettings) UnmarshalJSON(body []byte) error { // UebaSettingsProperties user and Entity Behavior Analytics settings property bag. type UebaSettingsProperties struct { + // AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled' + AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` // IsEnabled - Determines whether User and Entity Behavior Analytics is enabled for this workspace. IsEnabled *bool `json:"isEnabled,omitempty"` // StatusInMcas - READ-ONLY; Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: 'StatusInMcasEnabled', 'StatusInMcasDisabled' StatusInMcas StatusInMcas `json:"statusInMcas,omitempty"` - // AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled' - AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` } // URLEntity represents a url entity. @@ -9382,11 +9382,11 @@ type URLEntity struct { *URLEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -9408,43 +9408,43 @@ func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsSecurityAlert is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { +// AsDNSEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsFileHashEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { +// AsFileEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { return nil, false } -// AsMalwareEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { +// AsFileHashEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { return nil, false } -// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { +// AsHostEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { return nil, false } -// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { +// AsIPEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { return nil, false } -// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { +// AsMalwareEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { return nil, false } @@ -9453,23 +9453,23 @@ func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool) { return nil, false } -// AsDNSEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { +// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { return nil, false } -// AsIPEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { +// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { return nil, false } -// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { +// AsSecurityAlert is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { return nil, false } -// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. -func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { +// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { return nil, false } @@ -9515,23 +9515,23 @@ func (ue *URLEntity) UnmarshalJSON(body []byte) error { } ue.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - ue.Type = &typeVar + ue.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - ue.Name = &name + ue.Type = &typeVar } case "kind": if v != nil { @@ -9552,10 +9552,10 @@ func (ue *URLEntity) UnmarshalJSON(body []byte) error { type URLEntityProperties struct { // URL - READ-ONLY; A full URL the entity points to URL *string `json:"url,omitempty"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } // MarshalJSON is the custom marshaler for URLEntityProperties. @@ -9566,10 +9566,10 @@ func (uep URLEntityProperties) MarshalJSON() ([]byte, error) { // UserInfo user information that made some action type UserInfo struct { - // ObjectID - The object id of the user. - ObjectID *uuid.UUID `json:"objectId,omitempty"` // Email - READ-ONLY; The email of the user. Email *string `json:"email,omitempty"` // Name - READ-ONLY; The name of the user. Name *string `json:"name,omitempty"` + // ObjectID - The object id of the user. + ObjectID *uuid.UUID `json:"objectId,omitempty"` }