diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go index 7c29b208b4b4..a4ac3ec5e0f2 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go @@ -38,6 +38,8 @@ const ( type AlertRuleKind = original.AlertRuleKind const ( + Filter AlertRuleKind = original.Filter + Fusion AlertRuleKind = original.Fusion Scheduled AlertRuleKind = original.Scheduled ) @@ -50,6 +52,32 @@ const ( Medium AlertSeverity = original.Medium ) +type AlertStatus = original.AlertStatus + +const ( + AlertStatusDismissed AlertStatus = original.AlertStatusDismissed + AlertStatusInProgress AlertStatus = original.AlertStatusInProgress + AlertStatusNew AlertStatus = original.AlertStatusNew + AlertStatusResolved AlertStatus = original.AlertStatusResolved + AlertStatusUnknown AlertStatus = original.AlertStatusUnknown +) + +type AttackTactic = original.AttackTactic + +const ( + Collection AttackTactic = original.Collection + CommandAndControl AttackTactic = original.CommandAndControl + CredentialAccess AttackTactic = original.CredentialAccess + DefenseEvasion AttackTactic = original.DefenseEvasion + Discovery AttackTactic = original.Discovery + Execution AttackTactic = original.Execution + Exfiltration AttackTactic = original.Exfiltration + InitialAccess AttackTactic = original.InitialAccess + LateralMovement AttackTactic = original.LateralMovement + Persistence AttackTactic = original.Persistence + PrivilegeEscalation AttackTactic = original.PrivilegeEscalation +) + type CaseSeverity = original.CaseSeverity const ( @@ -72,20 +100,41 @@ const ( type CloseReason = original.CloseReason const ( - Dismissed CloseReason = original.Dismissed - Other CloseReason = original.Other - Resolved CloseReason = original.Resolved + Dismissed CloseReason = original.Dismissed + FalsePositive CloseReason = original.FalsePositive + Other CloseReason = original.Other + Resolved CloseReason = original.Resolved + TruePositive CloseReason = original.TruePositive +) + +type ConfidenceLevel = original.ConfidenceLevel + +const ( + ConfidenceLevelHigh ConfidenceLevel = original.ConfidenceLevelHigh + ConfidenceLevelLow ConfidenceLevel = original.ConfidenceLevelLow + ConfidenceLevelUnknown ConfidenceLevel = original.ConfidenceLevelUnknown +) + +type ConfidenceScoreStatus = original.ConfidenceScoreStatus + +const ( + Final ConfidenceScoreStatus = original.Final + InProcess ConfidenceScoreStatus = original.InProcess + NotApplicable ConfidenceScoreStatus = original.NotApplicable + NotFinal ConfidenceScoreStatus = original.NotFinal ) type DataConnectorKind = original.DataConnectorKind const ( - AmazonWebServicesCloudTrail DataConnectorKind = original.AmazonWebServicesCloudTrail - AzureActiveDirectory DataConnectorKind = original.AzureActiveDirectory - AzureSecurityCenter DataConnectorKind = original.AzureSecurityCenter - MicrosoftCloudAppSecurity DataConnectorKind = original.MicrosoftCloudAppSecurity - Office365 DataConnectorKind = original.Office365 - ThreatIntelligence DataConnectorKind = original.ThreatIntelligence + DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = original.DataConnectorKindAmazonWebServicesCloudTrail + DataConnectorKindAzureActiveDirectory DataConnectorKind = original.DataConnectorKindAzureActiveDirectory + DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = original.DataConnectorKindAzureAdvancedThreatProtection + DataConnectorKindAzureSecurityCenter DataConnectorKind = original.DataConnectorKindAzureSecurityCenter + DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = original.DataConnectorKindMicrosoftCloudAppSecurity + DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = original.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection + DataConnectorKindOffice365 DataConnectorKind = original.DataConnectorKindOffice365 + DataConnectorKindThreatIntelligence DataConnectorKind = original.DataConnectorKindThreatIntelligence ) type DataTypeState = original.DataTypeState @@ -95,47 +144,148 @@ const ( Enabled DataTypeState = original.Enabled ) +type DataTypeStatus = original.DataTypeStatus + +const ( + Exist DataTypeStatus = original.Exist + NotExist DataTypeStatus = original.NotExist +) + +type ElevationToken = original.ElevationToken + +const ( + Default ElevationToken = original.Default + Full ElevationToken = original.Full + Limited ElevationToken = original.Limited +) + type EntityKind = original.EntityKind const ( - Account EntityKind = original.Account - File EntityKind = original.File - Host EntityKind = original.Host + EntityKindAccount EntityKind = original.EntityKindAccount + EntityKindAzureResource EntityKind = original.EntityKindAzureResource + EntityKindBookmark EntityKind = original.EntityKindBookmark + EntityKindCloudApplication EntityKind = original.EntityKindCloudApplication + EntityKindDNSResolution EntityKind = original.EntityKindDNSResolution + EntityKindFile EntityKind = original.EntityKindFile + EntityKindFileHash EntityKind = original.EntityKindFileHash + EntityKindHost EntityKind = original.EntityKindHost + EntityKindIP EntityKind = original.EntityKindIP + EntityKindMalware EntityKind = original.EntityKindMalware + EntityKindProcess EntityKind = original.EntityKindProcess + EntityKindRegistryKey EntityKind = original.EntityKindRegistryKey + EntityKindRegistryValue EntityKind = original.EntityKindRegistryValue + EntityKindSecurityAlert EntityKind = original.EntityKindSecurityAlert + EntityKindSecurityGroup EntityKind = original.EntityKindSecurityGroup + EntityKindURL EntityKind = original.EntityKindURL +) + +type EntityType = original.EntityType + +const ( + EntityTypeAccount EntityType = original.EntityTypeAccount + EntityTypeAzureResource EntityType = original.EntityTypeAzureResource + EntityTypeCloudApplication EntityType = original.EntityTypeCloudApplication + EntityTypeDNS EntityType = original.EntityTypeDNS + EntityTypeFile EntityType = original.EntityTypeFile + EntityTypeFileHash EntityType = original.EntityTypeFileHash + EntityTypeHost EntityType = original.EntityTypeHost + EntityTypeHuntingBookmark EntityType = original.EntityTypeHuntingBookmark + EntityTypeIP EntityType = original.EntityTypeIP + EntityTypeMalware EntityType = original.EntityTypeMalware + EntityTypeProcess EntityType = original.EntityTypeProcess + EntityTypeRegistryKey EntityType = original.EntityTypeRegistryKey + EntityTypeRegistryValue EntityType = original.EntityTypeRegistryValue + EntityTypeSecurityAlert EntityType = original.EntityTypeSecurityAlert + EntityTypeSecurityGroup EntityType = original.EntityTypeSecurityGroup + EntityTypeURL EntityType = original.EntityTypeURL +) + +type FileHashAlgorithm = original.FileHashAlgorithm + +const ( + MD5 FileHashAlgorithm = original.MD5 + SHA1 FileHashAlgorithm = original.SHA1 + SHA256 FileHashAlgorithm = original.SHA256 + SHA256AC FileHashAlgorithm = original.SHA256AC + Unknown FileHashAlgorithm = original.Unknown +) + +type KillChainIntent = original.KillChainIntent + +const ( + KillChainIntentCollection KillChainIntent = original.KillChainIntentCollection + KillChainIntentCommandAndControl KillChainIntent = original.KillChainIntentCommandAndControl + KillChainIntentCredentialAccess KillChainIntent = original.KillChainIntentCredentialAccess + KillChainIntentDefenseEvasion KillChainIntent = original.KillChainIntentDefenseEvasion + KillChainIntentDiscovery KillChainIntent = original.KillChainIntentDiscovery + KillChainIntentExecution KillChainIntent = original.KillChainIntentExecution + KillChainIntentExfiltration KillChainIntent = original.KillChainIntentExfiltration + KillChainIntentExploitation KillChainIntent = original.KillChainIntentExploitation + KillChainIntentImpact KillChainIntent = original.KillChainIntentImpact + KillChainIntentLateralMovement KillChainIntent = original.KillChainIntentLateralMovement + KillChainIntentPersistence KillChainIntent = original.KillChainIntentPersistence + KillChainIntentPrivilegeEscalation KillChainIntent = original.KillChainIntentPrivilegeEscalation + KillChainIntentProbing KillChainIntent = original.KillChainIntentProbing + KillChainIntentUnknown KillChainIntent = original.KillChainIntentUnknown ) type Kind = original.Kind const ( - KindAlertRule Kind = original.KindAlertRule - KindScheduled Kind = original.KindScheduled + KindAggregations Kind = original.KindAggregations + KindCasesAggregation Kind = original.KindCasesAggregation ) -type KindBasicAggregations = original.KindBasicAggregations +type KindBasicAlertRule = original.KindBasicAlertRule const ( - KindAggregations KindBasicAggregations = original.KindAggregations - KindCasesAggregation KindBasicAggregations = original.KindCasesAggregation + KindAlertRule KindBasicAlertRule = original.KindAlertRule + KindScheduled KindBasicAlertRule = original.KindScheduled +) + +type KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplate + +const ( + KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindAlertRuleTemplate + KindBasicAlertRuleTemplateKindFilter KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindFilter + KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindFusion + KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindScheduled ) type KindBasicDataConnector = original.KindBasicDataConnector const ( - KindAmazonWebServicesCloudTrail KindBasicDataConnector = original.KindAmazonWebServicesCloudTrail - KindAzureActiveDirectory KindBasicDataConnector = original.KindAzureActiveDirectory - KindAzureSecurityCenter KindBasicDataConnector = original.KindAzureSecurityCenter - KindDataConnector KindBasicDataConnector = original.KindDataConnector - KindMicrosoftCloudAppSecurity KindBasicDataConnector = original.KindMicrosoftCloudAppSecurity - KindOffice365 KindBasicDataConnector = original.KindOffice365 - KindThreatIntelligence KindBasicDataConnector = original.KindThreatIntelligence + KindAmazonWebServicesCloudTrail KindBasicDataConnector = original.KindAmazonWebServicesCloudTrail + KindAzureActiveDirectory KindBasicDataConnector = original.KindAzureActiveDirectory + KindAzureAdvancedThreatProtection KindBasicDataConnector = original.KindAzureAdvancedThreatProtection + KindAzureSecurityCenter KindBasicDataConnector = original.KindAzureSecurityCenter + KindDataConnector KindBasicDataConnector = original.KindDataConnector + KindMicrosoftCloudAppSecurity KindBasicDataConnector = original.KindMicrosoftCloudAppSecurity + KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = original.KindMicrosoftDefenderAdvancedThreatProtection + KindOffice365 KindBasicDataConnector = original.KindOffice365 + KindThreatIntelligence KindBasicDataConnector = original.KindThreatIntelligence ) type KindBasicEntity = original.KindBasicEntity const ( - KindAccount KindBasicEntity = original.KindAccount - KindEntity KindBasicEntity = original.KindEntity - KindFile KindBasicEntity = original.KindFile - KindHost KindBasicEntity = original.KindHost + KindAccount KindBasicEntity = original.KindAccount + KindAzureResource KindBasicEntity = original.KindAzureResource + KindCloudApplication KindBasicEntity = original.KindCloudApplication + KindDNSResolution KindBasicEntity = original.KindDNSResolution + KindEntity KindBasicEntity = original.KindEntity + KindFile KindBasicEntity = original.KindFile + KindFileHash KindBasicEntity = original.KindFileHash + KindHost KindBasicEntity = original.KindHost + KindIP KindBasicEntity = original.KindIP + KindMalware KindBasicEntity = original.KindMalware + KindProcess KindBasicEntity = original.KindProcess + KindRegistryKey KindBasicEntity = original.KindRegistryKey + KindRegistryValue KindBasicEntity = original.KindRegistryValue + KindSecurityAlert KindBasicEntity = original.KindSecurityAlert + KindSecurityGroup KindBasicEntity = original.KindSecurityGroup + KindURL KindBasicEntity = original.KindURL ) type KindBasicSettings = original.KindBasicSettings @@ -162,6 +312,34 @@ const ( Windows OSFamily = original.Windows ) +type RegistryHive = original.RegistryHive + +const ( + HKEYA RegistryHive = original.HKEYA + HKEYCLASSESROOT RegistryHive = original.HKEYCLASSESROOT + HKEYCURRENTCONFIG RegistryHive = original.HKEYCURRENTCONFIG + HKEYCURRENTUSER RegistryHive = original.HKEYCURRENTUSER + HKEYCURRENTUSERLOCALSETTINGS RegistryHive = original.HKEYCURRENTUSERLOCALSETTINGS + HKEYLOCALMACHINE RegistryHive = original.HKEYLOCALMACHINE + HKEYPERFORMANCEDATA RegistryHive = original.HKEYPERFORMANCEDATA + HKEYPERFORMANCENLSTEXT RegistryHive = original.HKEYPERFORMANCENLSTEXT + HKEYPERFORMANCETEXT RegistryHive = original.HKEYPERFORMANCETEXT + HKEYUSERS RegistryHive = original.HKEYUSERS +) + +type RegistryValueKind = original.RegistryValueKind + +const ( + RegistryValueKindBinary RegistryValueKind = original.RegistryValueKindBinary + RegistryValueKindDWord RegistryValueKind = original.RegistryValueKindDWord + RegistryValueKindExpandString RegistryValueKind = original.RegistryValueKindExpandString + RegistryValueKindMultiString RegistryValueKind = original.RegistryValueKindMultiString + RegistryValueKindNone RegistryValueKind = original.RegistryValueKindNone + RegistryValueKindQWord RegistryValueKind = original.RegistryValueKindQWord + RegistryValueKindString RegistryValueKind = original.RegistryValueKindString + RegistryValueKindUnknown RegistryValueKind = original.RegistryValueKindUnknown +) + type SettingKind = original.SettingKind const ( @@ -176,6 +354,14 @@ const ( StatusInMcasEnabled StatusInMcas = original.StatusInMcasEnabled ) +type TemplateStatus = original.TemplateStatus + +const ( + Available TemplateStatus = original.Available + Installed TemplateStatus = original.Installed + NotAvailable TemplateStatus = original.NotAvailable +) + type TriggerOperator = original.TriggerOperator const ( @@ -187,6 +373,8 @@ const ( type AADDataConnector = original.AADDataConnector type AADDataConnectorProperties = original.AADDataConnectorProperties +type AATPDataConnector = original.AATPDataConnector +type AATPDataConnectorProperties = original.AATPDataConnectorProperties type ASCDataConnector = original.ASCDataConnector type ASCDataConnectorProperties = original.ASCDataConnectorProperties type AccountEntity = original.AccountEntity @@ -203,6 +391,12 @@ type AggregationsModel = original.AggregationsModel type AlertRule = original.AlertRule type AlertRuleKind1 = original.AlertRuleKind1 type AlertRuleModel = original.AlertRuleModel +type AlertRuleTemplate = original.AlertRuleTemplate +type AlertRuleTemplateModel = original.AlertRuleTemplateModel +type AlertRuleTemplatesClient = original.AlertRuleTemplatesClient +type AlertRuleTemplatesList = original.AlertRuleTemplatesList +type AlertRuleTemplatesListIterator = original.AlertRuleTemplatesListIterator +type AlertRuleTemplatesListPage = original.AlertRuleTemplatesListPage type AlertRulesClient = original.AlertRulesClient type AlertRulesList = original.AlertRulesList type AlertRulesListIterator = original.AlertRulesListIterator @@ -213,9 +407,13 @@ type AwsCloudTrailDataConnector = original.AwsCloudTrailDataConnector type AwsCloudTrailDataConnectorDataTypes = original.AwsCloudTrailDataConnectorDataTypes type AwsCloudTrailDataConnectorDataTypesLogs = original.AwsCloudTrailDataConnectorDataTypesLogs type AwsCloudTrailDataConnectorProperties = original.AwsCloudTrailDataConnectorProperties +type AzureResourceEntity = original.AzureResourceEntity +type AzureResourceEntityProperties = original.AzureResourceEntityProperties +type BaseAlertRuleTemplateProperties = original.BaseAlertRuleTemplateProperties type BaseClient = original.BaseClient type BasicAggregations = original.BasicAggregations type BasicAlertRule = original.BasicAlertRule +type BasicAlertRuleTemplate = original.BasicAlertRuleTemplate type BasicDataConnector = original.BasicDataConnector type BasicEntity = original.BasicEntity type BasicSettings = original.BasicSettings @@ -226,6 +424,12 @@ type BookmarkListPage = original.BookmarkListPage type BookmarkProperties = original.BookmarkProperties type BookmarksClient = original.BookmarksClient type Case = original.Case +type CaseComment = original.CaseComment +type CaseCommentList = original.CaseCommentList +type CaseCommentListIterator = original.CaseCommentListIterator +type CaseCommentListPage = original.CaseCommentListPage +type CaseCommentProperties = original.CaseCommentProperties +type CaseCommentsClient = original.CaseCommentsClient type CaseList = original.CaseList type CaseListIterator = original.CaseListIterator type CaseListPage = original.CaseListPage @@ -236,8 +440,13 @@ type CasesAggregationByStatusProperties = original.CasesAggregationByStatusPrope type CasesAggregationProperties = original.CasesAggregationProperties type CasesAggregationsClient = original.CasesAggregationsClient type CasesClient = original.CasesClient +type CloudApplicationEntity = original.CloudApplicationEntity +type CloudApplicationEntityProperties = original.CloudApplicationEntityProperties type CloudError = original.CloudError type CloudErrorBody = original.CloudErrorBody +type CommentsClient = original.CommentsClient +type DNSEntity = original.DNSEntity +type DNSEntityProperties = original.DNSEntityProperties type DataConnector = original.DataConnector type DataConnectorDataTypeCommon = original.DataConnectorDataTypeCommon type DataConnectorKind1 = original.DataConnectorKind1 @@ -245,11 +454,16 @@ type DataConnectorList = original.DataConnectorList type DataConnectorListIterator = original.DataConnectorListIterator type DataConnectorListPage = original.DataConnectorListPage type DataConnectorModel = original.DataConnectorModel +type DataConnectorStatus = original.DataConnectorStatus type DataConnectorTenantID = original.DataConnectorTenantID type DataConnectorWithAlertsProperties = original.DataConnectorWithAlertsProperties type DataConnectorsClient = original.DataConnectorsClient type EntitiesClient = original.EntitiesClient type Entity = original.Entity +type EntityCommonProperties = original.EntityCommonProperties +type EntityExpandParameters = original.EntityExpandParameters +type EntityExpandResponse = original.EntityExpandResponse +type EntityExpandResponseValue = original.EntityExpandResponseValue type EntityKind1 = original.EntityKind1 type EntityList = original.EntityList type EntityListIterator = original.EntityListIterator @@ -261,12 +475,31 @@ type EntityQueryList = original.EntityQueryList type EntityQueryListIterator = original.EntityQueryListIterator type EntityQueryListPage = original.EntityQueryListPage type EntityQueryProperties = original.EntityQueryProperties +type ExpansionResultAggregation = original.ExpansionResultAggregation +type ExpansionResultsMetadata = original.ExpansionResultsMetadata type FileEntity = original.FileEntity type FileEntityProperties = original.FileEntityProperties +type FileHashEntity = original.FileHashEntity +type FileHashEntityProperties = original.FileHashEntityProperties +type FilterAlertRuleTemplate = original.FilterAlertRuleTemplate +type FilterAlertRuleTemplateProperties = original.FilterAlertRuleTemplateProperties +type FilterAlertRuleTemplatePropertiesModel = original.FilterAlertRuleTemplatePropertiesModel +type FusionAlertRuleTemplate = original.FusionAlertRuleTemplate +type FusionAlertRuleTemplateProperties = original.FusionAlertRuleTemplateProperties +type FusionAlertRuleTemplatePropertiesModel = original.FusionAlertRuleTemplatePropertiesModel +type GeoLocation = original.GeoLocation type HostEntity = original.HostEntity type HostEntityProperties = original.HostEntityProperties +type IPEntity = original.IPEntity +type IPEntityProperties = original.IPEntityProperties type MCASDataConnector = original.MCASDataConnector +type MCASDataConnectorDataTypes = original.MCASDataConnectorDataTypes +type MCASDataConnectorDataTypesDiscoveryLogs = original.MCASDataConnectorDataTypesDiscoveryLogs type MCASDataConnectorProperties = original.MCASDataConnectorProperties +type MDATPDataConnector = original.MDATPDataConnector +type MDATPDataConnectorProperties = original.MDATPDataConnectorProperties +type MalwareEntity = original.MalwareEntity +type MalwareEntityProperties = original.MalwareEntityProperties type OfficeConsent = original.OfficeConsent type OfficeConsentList = original.OfficeConsentList type OfficeConsentListIterator = original.OfficeConsentListIterator @@ -284,10 +517,24 @@ type OperationsClient = original.OperationsClient type OperationsList = original.OperationsList type OperationsListIterator = original.OperationsListIterator type OperationsListPage = original.OperationsListPage +type ProcessEntity = original.ProcessEntity +type ProcessEntityProperties = original.ProcessEntityProperties type ProductSettingsClient = original.ProductSettingsClient +type RegistryKeyEntity = original.RegistryKeyEntity +type RegistryKeyEntityProperties = original.RegistryKeyEntityProperties +type RegistryValueEntity = original.RegistryValueEntity +type RegistryValueEntityProperties = original.RegistryValueEntityProperties type Resource = original.Resource type ScheduledAlertRule = original.ScheduledAlertRule type ScheduledAlertRuleProperties = original.ScheduledAlertRuleProperties +type ScheduledAlertRuleTemplate = original.ScheduledAlertRuleTemplate +type ScheduledAlertRuleTemplateProperties = original.ScheduledAlertRuleTemplateProperties +type ScheduledAlertRuleTemplatePropertiesModel = original.ScheduledAlertRuleTemplatePropertiesModel +type SecurityAlert = original.SecurityAlert +type SecurityAlertProperties = original.SecurityAlertProperties +type SecurityAlertPropertiesConfidenceReasonsItem = original.SecurityAlertPropertiesConfidenceReasonsItem +type SecurityGroupEntity = original.SecurityGroupEntity +type SecurityGroupEntityProperties = original.SecurityGroupEntityProperties type Settings = original.Settings type SettingsKind = original.SettingsKind type SettingsModel = original.SettingsModel @@ -295,8 +542,11 @@ type TIDataConnector = original.TIDataConnector type TIDataConnectorDataTypes = original.TIDataConnectorDataTypes type TIDataConnectorDataTypesIndicators = original.TIDataConnectorDataTypesIndicators type TIDataConnectorProperties = original.TIDataConnectorProperties +type ThreatIntelligence = original.ThreatIntelligence type ToggleSettings = original.ToggleSettings type ToggleSettingsProperties = original.ToggleSettingsProperties +type URLEntity = original.URLEntity +type URLEntityProperties = original.URLEntityProperties type UebaSettings = original.UebaSettings type UebaSettingsProperties = original.UebaSettingsProperties type UserInfo = original.UserInfo @@ -316,6 +566,18 @@ func NewActionsListIterator(page ActionsListPage) ActionsListIterator { func NewActionsListPage(getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage { return original.NewActionsListPage(getNextPage) } +func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient { + return original.NewAlertRuleTemplatesClient(subscriptionID) +} +func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient { + return original.NewAlertRuleTemplatesClientWithBaseURI(baseURI, subscriptionID) +} +func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator { + return original.NewAlertRuleTemplatesListIterator(page) +} +func NewAlertRuleTemplatesListPage(getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage { + return original.NewAlertRuleTemplatesListPage(getNextPage) +} func NewAlertRulesClient(subscriptionID string) AlertRulesClient { return original.NewAlertRulesClient(subscriptionID) } @@ -340,6 +602,18 @@ func NewBookmarksClient(subscriptionID string) BookmarksClient { func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient { return original.NewBookmarksClientWithBaseURI(baseURI, subscriptionID) } +func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator { + return original.NewCaseCommentListIterator(page) +} +func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage { + return original.NewCaseCommentListPage(getNextPage) +} +func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient { + return original.NewCaseCommentsClient(subscriptionID) +} +func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient { + return original.NewCaseCommentsClientWithBaseURI(baseURI, subscriptionID) +} func NewCaseListIterator(page CaseListPage) CaseListIterator { return original.NewCaseListIterator(page) } @@ -358,6 +632,12 @@ func NewCasesClient(subscriptionID string) CasesClient { func NewCasesClientWithBaseURI(baseURI string, subscriptionID string) CasesClient { return original.NewCasesClientWithBaseURI(baseURI, subscriptionID) } +func NewCommentsClient(subscriptionID string) CommentsClient { + return original.NewCommentsClient(subscriptionID) +} +func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient { + return original.NewCommentsClientWithBaseURI(baseURI, subscriptionID) +} func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator { return original.NewDataConnectorListIterator(page) } @@ -436,6 +716,12 @@ func PossibleAlertRuleKindValues() []AlertRuleKind { func PossibleAlertSeverityValues() []AlertSeverity { return original.PossibleAlertSeverityValues() } +func PossibleAlertStatusValues() []AlertStatus { + return original.PossibleAlertStatusValues() +} +func PossibleAttackTacticValues() []AttackTactic { + return original.PossibleAttackTacticValues() +} func PossibleCaseSeverityValues() []CaseSeverity { return original.PossibleCaseSeverityValues() } @@ -445,17 +731,41 @@ func PossibleCaseStatusValues() []CaseStatus { func PossibleCloseReasonValues() []CloseReason { return original.PossibleCloseReasonValues() } +func PossibleConfidenceLevelValues() []ConfidenceLevel { + return original.PossibleConfidenceLevelValues() +} +func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { + return original.PossibleConfidenceScoreStatusValues() +} func PossibleDataConnectorKindValues() []DataConnectorKind { return original.PossibleDataConnectorKindValues() } func PossibleDataTypeStateValues() []DataTypeState { return original.PossibleDataTypeStateValues() } +func PossibleDataTypeStatusValues() []DataTypeStatus { + return original.PossibleDataTypeStatusValues() +} +func PossibleElevationTokenValues() []ElevationToken { + return original.PossibleElevationTokenValues() +} func PossibleEntityKindValues() []EntityKind { return original.PossibleEntityKindValues() } -func PossibleKindBasicAggregationsValues() []KindBasicAggregations { - return original.PossibleKindBasicAggregationsValues() +func PossibleEntityTypeValues() []EntityType { + return original.PossibleEntityTypeValues() +} +func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { + return original.PossibleFileHashAlgorithmValues() +} +func PossibleKillChainIntentValues() []KillChainIntent { + return original.PossibleKillChainIntentValues() +} +func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { + return original.PossibleKindBasicAlertRuleTemplateValues() +} +func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule { + return original.PossibleKindBasicAlertRuleValues() } func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { return original.PossibleKindBasicDataConnectorValues() @@ -475,12 +785,21 @@ func PossibleLicenseStatusValues() []LicenseStatus { func PossibleOSFamilyValues() []OSFamily { return original.PossibleOSFamilyValues() } +func PossibleRegistryHiveValues() []RegistryHive { + return original.PossibleRegistryHiveValues() +} +func PossibleRegistryValueKindValues() []RegistryValueKind { + return original.PossibleRegistryValueKindValues() +} func PossibleSettingKindValues() []SettingKind { return original.PossibleSettingKindValues() } func PossibleStatusInMcasValues() []StatusInMcas { return original.PossibleStatusInMcasValues() } +func PossibleTemplateStatusValues() []TemplateStatus { + return original.PossibleTemplateStatusValues() +} func PossibleTriggerOperatorValues() []TriggerOperator { return original.PossibleTriggerOperatorValues() } diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go index 9bd2fc7dc959..8ab6cea80eac 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go @@ -22,10 +22,13 @@ package securityinsightapi import original "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi" type ActionsClientAPI = original.ActionsClientAPI +type AlertRuleTemplatesClientAPI = original.AlertRuleTemplatesClientAPI type AlertRulesClientAPI = original.AlertRulesClientAPI type BookmarksClientAPI = original.BookmarksClientAPI +type CaseCommentsClientAPI = original.CaseCommentsClientAPI type CasesAggregationsClientAPI = original.CasesAggregationsClientAPI type CasesClientAPI = original.CasesClientAPI +type CommentsClientAPI = original.CommentsClientAPI type DataConnectorsClientAPI = original.DataConnectorsClientAPI type EntitiesClientAPI = original.EntitiesClientAPI type EntityQueriesClientAPI = original.EntityQueriesClientAPI diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertruletemplates.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertruletemplates.go new file mode 100644 index 000000000000..c9d00301a65b --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertruletemplates.go @@ -0,0 +1,270 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type AlertRuleTemplatesClient struct { + BaseClient +} + +// NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client. +func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient { + return NewAlertRuleTemplatesClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client. +func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient { + return AlertRuleTemplatesClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Get gets the alert rule template. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// alertRuleTemplateID - alert rule template ID +func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRuleTemplatesClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, alertRuleTemplateID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "alertRuleTemplateId": autorest.Encode("path", alertRuleTemplateID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all alert rule templates. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.List") + defer func() { + sc := -1 + if result.artl.Response.Response != nil { + sc = result.artl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRuleTemplatesClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.artl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", resp, "Failure sending request") + return + } + + result.artl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client AlertRuleTemplatesClient) listNextResults(ctx context.Context, lastResults AlertRuleTemplatesList) (result AlertRuleTemplatesList, err error) { + req, err := lastResults.alertRuleTemplatesListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go index 6b2677e3e20f..20f8c8a83f39 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go @@ -73,8 +73,12 @@ func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupN {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, {TargetValue: bookmark, Constraints: []validation.Constraint{{Target: "bookmark.BookmarkProperties", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + {Target: "bookmark.BookmarkProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, {Target: "bookmark.BookmarkProperties.Query", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "bookmark.BookmarkProperties.UpdatedBy", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.UpdatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, }}}}}); err != nil { return result, validation.NewError("securityinsight.BookmarksClient", "CreateOrUpdate", err.Error()) } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/casecomments.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/casecomments.go new file mode 100644 index 000000000000..897d9d02fa33 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/casecomments.go @@ -0,0 +1,149 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// CaseCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type CaseCommentsClient struct { + BaseClient +} + +// NewCaseCommentsClient creates an instance of the CaseCommentsClient client. +func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient { + return NewCaseCommentsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewCaseCommentsClientWithBaseURI creates an instance of the CaseCommentsClient client. +func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient { + return CaseCommentsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateComment creates the case comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// caseCommentID - case comment ID +// caseComment - the case comment +func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (result CaseComment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseCommentsClient.CreateComment") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: caseComment, + Constraints: []validation.Constraint{{Target: "caseComment.CaseCommentProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "caseComment.CaseCommentProperties.Message", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "caseComment.CaseCommentProperties.UserInfo", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "caseComment.CaseCommentProperties.UserInfo.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + }}}}}); err != nil { + return result, validation.NewError("securityinsight.CaseCommentsClient", "CreateComment", err.Error()) + } + + req, err := client.CreateCommentPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, caseCommentID, caseComment) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseCommentsClient", "CreateComment", nil, "Failure preparing request") + return + } + + resp, err := client.CreateCommentSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CaseCommentsClient", "CreateComment", resp, "Failure sending request") + return + } + + result, err = client.CreateCommentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseCommentsClient", "CreateComment", resp, "Failure responding to request") + } + + return +} + +// CreateCommentPreparer prepares the CreateComment request. +func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseCommentId": autorest.Encode("path", caseCommentID), + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}", pathParameters), + autorest.WithJSON(caseComment), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateCommentSender sends the CreateComment request. The method will close the +// http.Response Body if it receives an error. +func (client CaseCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// CreateCommentResponder handles the response to the CreateComment request. The method always +// closes the http.Response Body. +func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go index 9a4eb0d79790..7b2b21a07030 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go @@ -73,7 +73,11 @@ func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, {TargetValue: caseParameter, Constraints: []validation.Constraint{{Target: "caseParameter.CaseProperties", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Owner", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Owner.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + {Target: "caseParameter.CaseProperties.StartTimeUtc", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}, + }}}}}); err != nil { return result, validation.NewError("securityinsight.CasesClient", "CreateOrUpdate", err.Error()) } @@ -334,6 +338,104 @@ func (client CasesClient) GetResponder(resp *http.Response) (result Case, err er return } +// GetComment gets a case comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// caseCommentID - case comment ID +func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result CaseComment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CasesClient.GetComment") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.CasesClient", "GetComment", err.Error()) + } + + req, err := client.GetCommentPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, caseCommentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "GetComment", nil, "Failure preparing request") + return + } + + resp, err := client.GetCommentSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "GetComment", resp, "Failure sending request") + return + } + + result, err = client.GetCommentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "GetComment", resp, "Failure responding to request") + } + + return +} + +// GetCommentPreparer prepares the GetComment request. +func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseCommentId": autorest.Encode("path", caseCommentID), + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetCommentSender sends the GetComment request. The method will close the +// http.Response Body if it receives an error. +func (client CasesClient) GetCommentSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetCommentResponder handles the response to the GetComment request. The method always +// closes the http.Response Body. +func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + // List gets all cases. // Parameters: // resourceGroupName - the name of the resource group within the user's subscription. The name is case @@ -341,7 +443,13 @@ func (client CasesClient) GetResponder(resp *http.Response) (result Case, err er // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result CaseListPage, err error) { +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListPage, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/CasesClient.List") defer func() { @@ -366,7 +474,7 @@ func (client CasesClient) List(ctx context.Context, resourceGroupName string, op } result.fn = client.listNextResults - req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, orderby, top, skipToken) if err != nil { err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "List", nil, "Failure preparing request") return @@ -388,7 +496,7 @@ func (client CasesClient) List(ctx context.Context, resourceGroupName string, op } // ListPreparer prepares the List request. -func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) { +func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { pathParameters := map[string]interface{}{ "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), "resourceGroupName": autorest.Encode("path", resourceGroupName), @@ -400,6 +508,18 @@ func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName st queryParameters := map[string]interface{}{ "api-version": APIVersion, } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } preparer := autorest.CreatePreparer( autorest.AsGet(), @@ -451,7 +571,7 @@ func (client CasesClient) listNextResults(ctx context.Context, lastResults CaseL } // ListComplete enumerates all values, automatically crossing page boundaries as required. -func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result CaseListIterator, err error) { +func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListIterator, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/CasesClient.List") defer func() { @@ -462,6 +582,6 @@ func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName st tracing.EndSpan(ctx, sc, err) }() } - result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, orderby, top, skipToken) return } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/comments.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/comments.go new file mode 100644 index 000000000000..c9d4578f02c0 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/comments.go @@ -0,0 +1,194 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// CommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type CommentsClient struct { + BaseClient +} + +// NewCommentsClient creates an instance of the CommentsClient client. +func NewCommentsClient(subscriptionID string) CommentsClient { + return NewCommentsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewCommentsClientWithBaseURI creates an instance of the CommentsClient client. +func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient { + return CommentsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// ListByCase gets all case comments. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CommentsClient.ListByCase") + defer func() { + sc := -1 + if result.ccl.Response.Response != nil { + sc = result.ccl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.CommentsClient", "ListByCase", err.Error()) + } + + result.fn = client.listByCaseNextResults + req, err := client.ListByCasePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, filter, orderby, top, skipToken) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "ListByCase", nil, "Failure preparing request") + return + } + + resp, err := client.ListByCaseSender(req) + if err != nil { + result.ccl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "ListByCase", resp, "Failure sending request") + return + } + + result.ccl, err = client.ListByCaseResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "ListByCase", resp, "Failure responding to request") + } + + return +} + +// ListByCasePreparer prepares the ListByCase request. +func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListByCaseSender sends the ListByCase request. The method will close the +// http.Response Body if it receives an error. +func (client CommentsClient) ListByCaseSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListByCaseResponder handles the response to the ListByCase request. The method always +// closes the http.Response Body. +func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listByCaseNextResults retrieves the next set of results, if any. +func (client CommentsClient) listByCaseNextResults(ctx context.Context, lastResults CaseCommentList) (result CaseCommentList, err error) { + req, err := lastResults.caseCommentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "listByCaseNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListByCaseSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "listByCaseNextResults", resp, "Failure sending next results request") + } + result, err = client.ListByCaseResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "listByCaseNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListByCaseComplete enumerates all values, automatically crossing page boundaries as required. +func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CommentsClient.ListByCase") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListByCase(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, filter, orderby, top, skipToken) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go index e72cffc3e2c3..f0e21ffe611a 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entities.go @@ -41,6 +41,105 @@ func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) Entitie return EntitiesClient{NewWithBaseURI(baseURI, subscriptionID)} } +// Expand expands an entity. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// entityID - entity ID +// parameters - the parameters required to execute an expand operation on the given entity. +func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (result EntityExpandResponse, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/EntitiesClient.Expand") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.EntitiesClient", "Expand", err.Error()) + } + + req, err := client.ExpandPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, entityID, parameters) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", nil, "Failure preparing request") + return + } + + resp, err := client.ExpandSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", resp, "Failure sending request") + return + } + + result, err = client.ExpandResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesClient", "Expand", resp, "Failure responding to request") + } + + return +} + +// ExpandPreparer prepares the Expand request. +func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "entityId": autorest.Encode("path", entityID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPost(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand", pathParameters), + autorest.WithJSON(parameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ExpandSender sends the Expand request. The method will close the +// http.Response Body if it receives an error. +func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ExpandResponder handles the response to the Expand request. The method always +// closes the http.Response Body. +func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + // Get gets an entity. // Parameters: // resourceGroupName - the name of the resource group within the user's subscription. The name is case diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index 9edc244aaa02..be357c417018 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -48,13 +48,17 @@ func PossibleAggregationsKindValues() []AggregationsKind { type AlertRuleKind string const ( + // Filter ... + Filter AlertRuleKind = "Filter" + // Fusion ... + Fusion AlertRuleKind = "Fusion" // Scheduled ... Scheduled AlertRuleKind = "Scheduled" ) // PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type. func PossibleAlertRuleKindValues() []AlertRuleKind { - return []AlertRuleKind{Scheduled} + return []AlertRuleKind{Filter, Fusion, Scheduled} } // AlertSeverity enumerates the values for alert severity. @@ -76,6 +80,60 @@ func PossibleAlertSeverityValues() []AlertSeverity { return []AlertSeverity{High, Informational, Low, Medium} } +// AlertStatus enumerates the values for alert status. +type AlertStatus string + +const ( + // AlertStatusDismissed Alert dismissed as false positive + AlertStatusDismissed AlertStatus = "Dismissed" + // AlertStatusInProgress Alert is being handled + AlertStatusInProgress AlertStatus = "InProgress" + // AlertStatusNew New alert + AlertStatusNew AlertStatus = "New" + // AlertStatusResolved Alert closed after handling + AlertStatusResolved AlertStatus = "Resolved" + // AlertStatusUnknown Unknown value + AlertStatusUnknown AlertStatus = "Unknown" +) + +// PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type. +func PossibleAlertStatusValues() []AlertStatus { + return []AlertStatus{AlertStatusDismissed, AlertStatusInProgress, AlertStatusNew, AlertStatusResolved, AlertStatusUnknown} +} + +// AttackTactic enumerates the values for attack tactic. +type AttackTactic string + +const ( + // Collection ... + Collection AttackTactic = "Collection" + // CommandAndControl ... + CommandAndControl AttackTactic = "CommandAndControl" + // CredentialAccess ... + CredentialAccess AttackTactic = "CredentialAccess" + // DefenseEvasion ... + DefenseEvasion AttackTactic = "DefenseEvasion" + // Discovery ... + Discovery AttackTactic = "Discovery" + // Execution ... + Execution AttackTactic = "Execution" + // Exfiltration ... + Exfiltration AttackTactic = "Exfiltration" + // InitialAccess ... + InitialAccess AttackTactic = "InitialAccess" + // LateralMovement ... + LateralMovement AttackTactic = "LateralMovement" + // Persistence ... + Persistence AttackTactic = "Persistence" + // PrivilegeEscalation ... + PrivilegeEscalation AttackTactic = "PrivilegeEscalation" +) + +// PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. +func PossibleAttackTacticValues() []AttackTactic { + return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation} +} + // CaseSeverity enumerates the values for case severity. type CaseSeverity string @@ -122,38 +180,84 @@ type CloseReason string const ( // Dismissed Case was dismissed Dismissed CloseReason = "Dismissed" + // FalsePositive Case was false positive + FalsePositive CloseReason = "FalsePositive" // Other Case was closed for another reason Other CloseReason = "Other" // Resolved Case was resolved Resolved CloseReason = "Resolved" + // TruePositive Case was true positive + TruePositive CloseReason = "TruePositive" ) // PossibleCloseReasonValues returns an array of possible values for the CloseReason const type. func PossibleCloseReasonValues() []CloseReason { - return []CloseReason{Dismissed, Other, Resolved} + return []CloseReason{Dismissed, FalsePositive, Other, Resolved, TruePositive} +} + +// ConfidenceLevel enumerates the values for confidence level. +type ConfidenceLevel string + +const ( + // ConfidenceLevelHigh High confidence that the alert is true positive malicious + ConfidenceLevelHigh ConfidenceLevel = "High" + // ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an + // attack + ConfidenceLevelLow ConfidenceLevel = "Low" + // ConfidenceLevelUnknown Unknown confidence, the is the default value + ConfidenceLevelUnknown ConfidenceLevel = "Unknown" +) + +// PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type. +func PossibleConfidenceLevelValues() []ConfidenceLevel { + return []ConfidenceLevel{ConfidenceLevelHigh, ConfidenceLevelLow, ConfidenceLevelUnknown} +} + +// ConfidenceScoreStatus enumerates the values for confidence score status. +type ConfidenceScoreStatus string + +const ( + // Final Final score was calculated and available + Final ConfidenceScoreStatus = "Final" + // InProcess No score was set yet and calculation is in progress + InProcess ConfidenceScoreStatus = "InProcess" + // NotApplicable Score will not be calculated for this alert as it is not supported by virtual analyst + NotApplicable ConfidenceScoreStatus = "NotApplicable" + // NotFinal Score is calculated and shown as part of the alert, but may be updated again at a later time + // following the processing of additional data + NotFinal ConfidenceScoreStatus = "NotFinal" +) + +// PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type. +func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { + return []ConfidenceScoreStatus{Final, InProcess, NotApplicable, NotFinal} } // DataConnectorKind enumerates the values for data connector kind. type DataConnectorKind string const ( - // AmazonWebServicesCloudTrail ... - AmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" - // AzureActiveDirectory ... - AzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" - // AzureSecurityCenter ... - AzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" - // MicrosoftCloudAppSecurity ... - MicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" - // Office365 ... - Office365 DataConnectorKind = "Office365" - // ThreatIntelligence ... - ThreatIntelligence DataConnectorKind = "ThreatIntelligence" + // DataConnectorKindAmazonWebServicesCloudTrail ... + DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" + // DataConnectorKindAzureActiveDirectory ... + DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" + // DataConnectorKindAzureAdvancedThreatProtection ... + DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" + // DataConnectorKindAzureSecurityCenter ... + DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" + // DataConnectorKindMicrosoftCloudAppSecurity ... + DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" + // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... + DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" + // DataConnectorKindOffice365 ... + DataConnectorKindOffice365 DataConnectorKind = "Office365" + // DataConnectorKindThreatIntelligence ... + DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" ) // PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. func PossibleDataConnectorKindValues() []DataConnectorKind { - return []DataConnectorKind{AmazonWebServicesCloudTrail, AzureActiveDirectory, AzureSecurityCenter, MicrosoftCloudAppSecurity, Office365, ThreatIntelligence} + return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence} } // DataTypeState enumerates the values for data type state. @@ -171,51 +275,270 @@ func PossibleDataTypeStateValues() []DataTypeState { return []DataTypeState{Disabled, Enabled} } +// DataTypeStatus enumerates the values for data type status. +type DataTypeStatus string + +const ( + // Exist ... + Exist DataTypeStatus = "Exist" + // NotExist ... + NotExist DataTypeStatus = "NotExist" +) + +// PossibleDataTypeStatusValues returns an array of possible values for the DataTypeStatus const type. +func PossibleDataTypeStatusValues() []DataTypeStatus { + return []DataTypeStatus{Exist, NotExist} +} + +// ElevationToken enumerates the values for elevation token. +type ElevationToken string + +const ( + // Default Default elevation token + Default ElevationToken = "Default" + // Full Full elevation token + Full ElevationToken = "Full" + // Limited Limited elevation token + Limited ElevationToken = "Limited" +) + +// PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type. +func PossibleElevationTokenValues() []ElevationToken { + return []ElevationToken{Default, Full, Limited} +} + // EntityKind enumerates the values for entity kind. type EntityKind string const ( - // Account Entity represents account in the system. - Account EntityKind = "Account" - // File Entity represents file in the system. - File EntityKind = "File" - // Host Entity represents host in the system. - Host EntityKind = "Host" + // EntityKindAccount Entity represents account in the system. + EntityKindAccount EntityKind = "Account" + // EntityKindAzureResource Entity represents azure resource in the system. + EntityKindAzureResource EntityKind = "AzureResource" + // EntityKindBookmark Entity represents bookmark in the system. + EntityKindBookmark EntityKind = "Bookmark" + // EntityKindCloudApplication Entity represents cloud application in the system. + EntityKindCloudApplication EntityKind = "CloudApplication" + // EntityKindDNSResolution Entity represents dns resolution in the system. + EntityKindDNSResolution EntityKind = "DnsResolution" + // EntityKindFile Entity represents file in the system. + EntityKindFile EntityKind = "File" + // EntityKindFileHash Entity represents file hash in the system. + EntityKindFileHash EntityKind = "FileHash" + // EntityKindHost Entity represents host in the system. + EntityKindHost EntityKind = "Host" + // EntityKindIP Entity represents ip in the system. + EntityKindIP EntityKind = "Ip" + // EntityKindMalware Entity represents malware in the system. + EntityKindMalware EntityKind = "Malware" + // EntityKindProcess Entity represents process in the system. + EntityKindProcess EntityKind = "Process" + // EntityKindRegistryKey Entity represents registry key in the system. + EntityKindRegistryKey EntityKind = "RegistryKey" + // EntityKindRegistryValue Entity represents registry value in the system. + EntityKindRegistryValue EntityKind = "RegistryValue" + // EntityKindSecurityAlert Entity represents security alert in the system. + EntityKindSecurityAlert EntityKind = "SecurityAlert" + // EntityKindSecurityGroup Entity represents security group in the system. + EntityKindSecurityGroup EntityKind = "SecurityGroup" + // EntityKindURL Entity represents url in the system. + EntityKindURL EntityKind = "Url" ) // PossibleEntityKindValues returns an array of possible values for the EntityKind const type. func PossibleEntityKindValues() []EntityKind { - return []EntityKind{Account, File, Host} + return []EntityKind{EntityKindAccount, EntityKindAzureResource, EntityKindBookmark, EntityKindCloudApplication, EntityKindDNSResolution, EntityKindFile, EntityKindFileHash, EntityKindHost, EntityKindIP, EntityKindMalware, EntityKindProcess, EntityKindRegistryKey, EntityKindRegistryValue, EntityKindSecurityAlert, EntityKindSecurityGroup, EntityKindURL} +} + +// EntityType enumerates the values for entity type. +type EntityType string + +const ( + // EntityTypeAccount Entity represents account in the system. + EntityTypeAccount EntityType = "Account" + // EntityTypeAzureResource Entity represents azure resource in the system. + EntityTypeAzureResource EntityType = "AzureResource" + // EntityTypeCloudApplication Entity represents cloud application in the system. + EntityTypeCloudApplication EntityType = "CloudApplication" + // EntityTypeDNS Entity represents dns in the system. + EntityTypeDNS EntityType = "DNS" + // EntityTypeFile Entity represents file in the system. + EntityTypeFile EntityType = "File" + // EntityTypeFileHash Entity represents file hash in the system. + EntityTypeFileHash EntityType = "FileHash" + // EntityTypeHost Entity represents host in the system. + EntityTypeHost EntityType = "Host" + // EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system. + EntityTypeHuntingBookmark EntityType = "HuntingBookmark" + // EntityTypeIP Entity represents ip in the system. + EntityTypeIP EntityType = "IP" + // EntityTypeMalware Entity represents malware in the system. + EntityTypeMalware EntityType = "Malware" + // EntityTypeProcess Entity represents process in the system. + EntityTypeProcess EntityType = "Process" + // EntityTypeRegistryKey Entity represents registry key in the system. + EntityTypeRegistryKey EntityType = "RegistryKey" + // EntityTypeRegistryValue Entity represents registry value in the system. + EntityTypeRegistryValue EntityType = "RegistryValue" + // EntityTypeSecurityAlert Entity represents security alert in the system. + EntityTypeSecurityAlert EntityType = "SecurityAlert" + // EntityTypeSecurityGroup Entity represents security group in the system. + EntityTypeSecurityGroup EntityType = "SecurityGroup" + // EntityTypeURL Entity represents url in the system. + EntityTypeURL EntityType = "URL" +) + +// PossibleEntityTypeValues returns an array of possible values for the EntityType const type. +func PossibleEntityTypeValues() []EntityType { + return []EntityType{EntityTypeAccount, EntityTypeAzureResource, EntityTypeCloudApplication, EntityTypeDNS, EntityTypeFile, EntityTypeFileHash, EntityTypeHost, EntityTypeHuntingBookmark, EntityTypeIP, EntityTypeMalware, EntityTypeProcess, EntityTypeRegistryKey, EntityTypeRegistryValue, EntityTypeSecurityAlert, EntityTypeSecurityGroup, EntityTypeURL} +} + +// FileHashAlgorithm enumerates the values for file hash algorithm. +type FileHashAlgorithm string + +const ( + // MD5 MD5 hash type + MD5 FileHashAlgorithm = "MD5" + // SHA1 SHA1 hash type + SHA1 FileHashAlgorithm = "SHA1" + // SHA256 SHA256 hash type + SHA256 FileHashAlgorithm = "SHA256" + // SHA256AC SHA256 Authenticode hash type + SHA256AC FileHashAlgorithm = "SHA256AC" + // Unknown Unknown hash algorithm + Unknown FileHashAlgorithm = "Unknown" +) + +// PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type. +func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { + return []FileHashAlgorithm{MD5, SHA1, SHA256, SHA256AC, Unknown} +} + +// KillChainIntent enumerates the values for kill chain intent. +type KillChainIntent string + +const ( + // KillChainIntentCollection Collection consists of techniques used to identify and gather information, + // such as sensitive files, from a target network prior to exfiltration. This category also covers + // locations on a system or network where the adversary may look for information to exfiltrate. + KillChainIntentCollection KillChainIntent = "Collection" + // KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate + // with systems under their control within a target network. + KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" + // KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or + // control over system, domain, or service credentials that are used within an enterprise environment. + // Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts + // (local system administrator or domain users with administrator access) to use within the network. With + // sufficient access within a network, an adversary can create accounts for later use within the + // environment. + KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" + // KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade + // detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques + // in other categories that have the added benefit of subverting a particular defense or mitigation. + KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" + // KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge + // about the system and internal network. When adversaries gain access to a new system, they must orient + // themselves to what they now have control of and what benefits operating from that system give to their + // current objective or overall goals during the intrusion. The operating system provides many native tools + // that aid in this post-compromise information-gathering phase. + KillChainIntentDiscovery KillChainIntent = "Discovery" + // KillChainIntentExecution The execution tactic represents techniques that result in execution of + // adversary-controlled code on a local or remote system. This tactic is often used in conjunction with + // lateral movement to expand access to remote systems on a network. + KillChainIntentExecution KillChainIntent = "Execution" + // KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the + // adversary removing files and information from a target network. This category also covers locations on a + // system or network where the adversary may look for information to exfiltrate. + KillChainIntentExfiltration KillChainIntent = "Exfiltration" + // KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the + // attacked resource. This stage is applicable not only for compute hosts, but also for resources such as + // user accounts, certificates etc. Adversaries will often be able to control the resource after this + // stage. + KillChainIntentExploitation KillChainIntent = "Exploitation" + // KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or + // integrity of a system, service, or network; including manipulation of data to impact a business or + // operational process. This would often refer to techniques such as ransom-ware, defacement, data + // manipulation and others. + KillChainIntentImpact KillChainIntent = "Impact" + // KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to + // access and control remote systems on a network and could, but does not necessarily, include execution of + // tools on remote systems. The lateral movement techniques could allow an adversary to gather information + // from a system without needing additional tools, such as a remote access tool. An adversary can use + // lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, + // access to specific information or files, access to additional credentials, or to cause an effect. + KillChainIntentLateralMovement KillChainIntent = "LateralMovement" + // KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that + // gives an adversary a persistent presence on that system. Adversaries will often need to maintain access + // to systems through interruptions such as system restarts, loss of credentials, or other failures that + // would require a remote access tool to restart or alternate backdoor for them to regain access. + KillChainIntentPersistence KillChainIntent = "Persistence" + // KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary + // to obtain a higher level of permissions on a system or network. Certain tools or actions require a + // higher level of privilege to work and are likely necessary at many points throughout an operation. User + // accounts with permissions to access specific systems or perform specific functions necessary for + // adversaries to achieve their objective may also be considered an escalation of privilege. + KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" + // KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a + // malicious intent or a failed attempt to gain access to a target system to gather information prior to + // exploitation. This step is usually detected as an attempt originating from outside the network in + // attempt to scan the target system and find a way in. + KillChainIntentProbing KillChainIntent = "Probing" + // KillChainIntentUnknown The default value. + KillChainIntentUnknown KillChainIntent = "Unknown" +) + +// PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type. +func PossibleKillChainIntentValues() []KillChainIntent { + return []KillChainIntent{KillChainIntentCollection, KillChainIntentCommandAndControl, KillChainIntentCredentialAccess, KillChainIntentDefenseEvasion, KillChainIntentDiscovery, KillChainIntentExecution, KillChainIntentExfiltration, KillChainIntentExploitation, KillChainIntentImpact, KillChainIntentLateralMovement, KillChainIntentPersistence, KillChainIntentPrivilegeEscalation, KillChainIntentProbing, KillChainIntentUnknown} } // Kind enumerates the values for kind. type Kind string const ( - // KindAlertRule ... - KindAlertRule Kind = "AlertRule" - // KindScheduled ... - KindScheduled Kind = "Scheduled" + // KindAggregations ... + KindAggregations Kind = "Aggregations" + // KindCasesAggregation ... + KindCasesAggregation Kind = "CasesAggregation" ) // PossibleKindValues returns an array of possible values for the Kind const type. func PossibleKindValues() []Kind { - return []Kind{KindAlertRule, KindScheduled} + return []Kind{KindAggregations, KindCasesAggregation} } -// KindBasicAggregations enumerates the values for kind basic aggregations. -type KindBasicAggregations string +// KindBasicAlertRule enumerates the values for kind basic alert rule. +type KindBasicAlertRule string const ( - // KindAggregations ... - KindAggregations KindBasicAggregations = "Aggregations" - // KindCasesAggregation ... - KindCasesAggregation KindBasicAggregations = "CasesAggregation" + // KindAlertRule ... + KindAlertRule KindBasicAlertRule = "AlertRule" + // KindScheduled ... + KindScheduled KindBasicAlertRule = "Scheduled" +) + +// PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type. +func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule { + return []KindBasicAlertRule{KindAlertRule, KindScheduled} +} + +// KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. +type KindBasicAlertRuleTemplate string + +const ( + // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... + KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" + // KindBasicAlertRuleTemplateKindFilter ... + KindBasicAlertRuleTemplateKindFilter KindBasicAlertRuleTemplate = "Filter" + // KindBasicAlertRuleTemplateKindFusion ... + KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" + // KindBasicAlertRuleTemplateKindScheduled ... + KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" ) -// PossibleKindBasicAggregationsValues returns an array of possible values for the KindBasicAggregations const type. -func PossibleKindBasicAggregationsValues() []KindBasicAggregations { - return []KindBasicAggregations{KindAggregations, KindCasesAggregation} +// PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type. +func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { + return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFilter, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindScheduled} } // KindBasicDataConnector enumerates the values for kind basic data connector. @@ -226,12 +549,16 @@ const ( KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail" // KindAzureActiveDirectory ... KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory" + // KindAzureAdvancedThreatProtection ... + KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection" // KindAzureSecurityCenter ... KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter" // KindDataConnector ... KindDataConnector KindBasicDataConnector = "DataConnector" // KindMicrosoftCloudAppSecurity ... KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity" + // KindMicrosoftDefenderAdvancedThreatProtection ... + KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" // KindOffice365 ... KindOffice365 KindBasicDataConnector = "Office365" // KindThreatIntelligence ... @@ -240,7 +567,7 @@ const ( // PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { - return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindOffice365, KindThreatIntelligence} + return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindThreatIntelligence} } // KindBasicEntity enumerates the values for kind basic entity. @@ -249,17 +576,41 @@ type KindBasicEntity string const ( // KindAccount ... KindAccount KindBasicEntity = "Account" + // KindAzureResource ... + KindAzureResource KindBasicEntity = "AzureResource" + // KindCloudApplication ... + KindCloudApplication KindBasicEntity = "CloudApplication" + // KindDNSResolution ... + KindDNSResolution KindBasicEntity = "DnsResolution" // KindEntity ... KindEntity KindBasicEntity = "Entity" // KindFile ... KindFile KindBasicEntity = "File" + // KindFileHash ... + KindFileHash KindBasicEntity = "FileHash" // KindHost ... KindHost KindBasicEntity = "Host" + // KindIP ... + KindIP KindBasicEntity = "Ip" + // KindMalware ... + KindMalware KindBasicEntity = "Malware" + // KindProcess ... + KindProcess KindBasicEntity = "Process" + // KindRegistryKey ... + KindRegistryKey KindBasicEntity = "RegistryKey" + // KindRegistryValue ... + KindRegistryValue KindBasicEntity = "RegistryValue" + // KindSecurityAlert ... + KindSecurityAlert KindBasicEntity = "SecurityAlert" + // KindSecurityGroup ... + KindSecurityGroup KindBasicEntity = "SecurityGroup" + // KindURL ... + KindURL KindBasicEntity = "Url" ) // PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type. func PossibleKindBasicEntityValues() []KindBasicEntity { - return []KindBasicEntity{KindAccount, KindEntity, KindFile, KindHost} + return []KindBasicEntity{KindAccount, KindAzureResource, KindCloudApplication, KindDNSResolution, KindEntity, KindFile, KindFileHash, KindHost, KindIP, KindMalware, KindProcess, KindRegistryKey, KindRegistryValue, KindSecurityAlert, KindSecurityGroup, KindURL} } // KindBasicSettings enumerates the values for kind basic settings. @@ -313,6 +664,64 @@ func PossibleOSFamilyValues() []OSFamily { return []OSFamily{Android, IOS, Linux, Windows} } +// RegistryHive enumerates the values for registry hive. +type RegistryHive string + +const ( + // HKEYA HKEY_A + HKEYA RegistryHive = "HKEY_A" + // HKEYCLASSESROOT HKEY_CLASSES_ROOT + HKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT" + // HKEYCURRENTCONFIG HKEY_CURRENT_CONFIG + HKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG" + // HKEYCURRENTUSER HKEY_CURRENT_USER + HKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER" + // HKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS + HKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS" + // HKEYLOCALMACHINE HKEY_LOCAL_MACHINE + HKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE" + // HKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA + HKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA" + // HKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT + HKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT" + // HKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT + HKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT" + // HKEYUSERS HKEY_USERS + HKEYUSERS RegistryHive = "HKEY_USERS" +) + +// PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type. +func PossibleRegistryHiveValues() []RegistryHive { + return []RegistryHive{HKEYA, HKEYCLASSESROOT, HKEYCURRENTCONFIG, HKEYCURRENTUSER, HKEYCURRENTUSERLOCALSETTINGS, HKEYLOCALMACHINE, HKEYPERFORMANCEDATA, HKEYPERFORMANCENLSTEXT, HKEYPERFORMANCETEXT, HKEYUSERS} +} + +// RegistryValueKind enumerates the values for registry value kind. +type RegistryValueKind string + +const ( + // RegistryValueKindBinary Binary value type + RegistryValueKindBinary RegistryValueKind = "Binary" + // RegistryValueKindDWord DWord value type + RegistryValueKindDWord RegistryValueKind = "DWord" + // RegistryValueKindExpandString ExpandString value type + RegistryValueKindExpandString RegistryValueKind = "ExpandString" + // RegistryValueKindMultiString MultiString value type + RegistryValueKindMultiString RegistryValueKind = "MultiString" + // RegistryValueKindNone None + RegistryValueKindNone RegistryValueKind = "None" + // RegistryValueKindQWord QWord value type + RegistryValueKindQWord RegistryValueKind = "QWord" + // RegistryValueKindString String value type + RegistryValueKindString RegistryValueKind = "String" + // RegistryValueKindUnknown Unknown value type + RegistryValueKindUnknown RegistryValueKind = "Unknown" +) + +// PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type. +func PossibleRegistryValueKindValues() []RegistryValueKind { + return []RegistryValueKind{RegistryValueKindBinary, RegistryValueKindDWord, RegistryValueKindExpandString, RegistryValueKindMultiString, RegistryValueKindNone, RegistryValueKindQWord, RegistryValueKindString, RegistryValueKindUnknown} +} + // SettingKind enumerates the values for setting kind. type SettingKind string @@ -343,6 +752,23 @@ func PossibleStatusInMcasValues() []StatusInMcas { return []StatusInMcas{StatusInMcasDisabled, StatusInMcasEnabled} } +// TemplateStatus enumerates the values for template status. +type TemplateStatus string + +const ( + // Available Alert rule template is available. + Available TemplateStatus = "Available" + // Installed Alert rule template installed. and can not use more then once + Installed TemplateStatus = "Installed" + // NotAvailable Alert rule template is not available + NotAvailable TemplateStatus = "NotAvailable" +) + +// PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type. +func PossibleTemplateStatusValues() []TemplateStatus { + return []TemplateStatus{Available, Installed, NotAvailable} +} + // TriggerOperator enumerates the values for trigger operator. type TriggerOperator string @@ -368,13 +794,13 @@ type AADDataConnector struct { *AADDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -394,13 +820,18 @@ func (adc AADDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return &adc, true +} + +// AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } @@ -409,18 +840,23 @@ func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataCo return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { - return &adc, true +// AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector. -func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -461,23 +897,23 @@ func (adc *AADDataConnector) UnmarshalJSON(body []byte) error { } adc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - adc.Type = &typeVar + adc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - adc.Name = &name + adc.Type = &typeVar } case "etag": if v != nil { @@ -511,60 +947,90 @@ type AADDataConnectorProperties struct { DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } -// AccountEntity represents an account entity. -type AccountEntity struct { - // AccountEntityProperties - Account entity properties - *AccountEntityProperties `json:"properties,omitempty"` +// AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector. +type AATPDataConnector struct { + // AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties. + *AATPDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' - Kind KindBasicEntity `json:"kind,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for AccountEntity. -func (ae AccountEntity) MarshalJSON() ([]byte, error) { - ae.Kind = KindAccount +// MarshalJSON is the custom marshaler for AATPDataConnector. +func (adc AATPDataConnector) MarshalJSON() ([]byte, error) { + adc.Kind = KindAzureAdvancedThreatProtection objectMap := make(map[string]interface{}) - if ae.AccountEntityProperties != nil { - objectMap["properties"] = ae.AccountEntityProperties + if adc.AATPDataConnectorProperties != nil { + objectMap["properties"] = adc.AATPDataConnectorProperties } - if ae.Kind != "" { - objectMap["kind"] = ae.Kind + if adc.Etag != nil { + objectMap["etag"] = adc.Etag + } + if adc.Kind != "" { + objectMap["kind"] = adc.Kind } return json.Marshal(objectMap) } -// AsAccountEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool) { - return &ae, true +// AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false } -// AsHostEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsHostEntity() (*HostEntity, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return &adc, true +} + +// AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } -// AsFileEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsFileEntity() (*FileEntity, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { return nil, false } -// AsEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsEntity() (*Entity, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsBasicEntity is the BasicEntity implementation for AccountEntity. -func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool) { - return &ae, true +// AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for AccountEntity struct. -func (ae *AccountEntity) UnmarshalJSON(body []byte) error { +// AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &adc, true +} + +// UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct. +func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -574,12 +1040,12 @@ func (ae *AccountEntity) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var accountEntityProperties AccountEntityProperties - err = json.Unmarshal(*v, &accountEntityProperties) + var aATPDataConnectorProperties AATPDataConnectorProperties + err = json.Unmarshal(*v, &aATPDataConnectorProperties) if err != nil { return err } - ae.AccountEntityProperties = &accountEntityProperties + adc.AATPDataConnectorProperties = &aATPDataConnectorProperties } case "id": if v != nil { @@ -588,7 +1054,16 @@ func (ae *AccountEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - ae.ID = &ID + adc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + adc.Name = &name } case "type": if v != nil { @@ -597,25 +1072,25 @@ func (ae *AccountEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - ae.Type = &typeVar + adc.Type = &typeVar } - case "name": + case "etag": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var etag string + err = json.Unmarshal(*v, &etag) if err != nil { return err } - ae.Name = &name + adc.Etag = &etag } case "kind": if v != nil { - var kind KindBasicEntity + var kind KindBasicDataConnector err = json.Unmarshal(*v, &kind) if err != nil { return err } - ae.Kind = kind + adc.Kind = kind } } } @@ -623,43 +1098,237 @@ func (ae *AccountEntity) UnmarshalJSON(body []byte) error { return nil } -// AccountEntityProperties account entity property bag. -type AccountEntityProperties struct { - // AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. - AccountName *string `json:"accountName,omitempty"` - // NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY. - NtDomain *string `json:"ntDomain,omitempty"` - // UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. - UpnSuffix *string `json:"upnSuffix,omitempty"` - // Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18. - Sid *string `json:"sid,omitempty"` - // AadTenantID - READ-ONLY; The Azure Active Directory tenant id. - AadTenantID *string `json:"aadTenantId,omitempty"` - // AadUserID - READ-ONLY; The Azure Active Directory user id. - AadUserID *string `json:"aadUserId,omitempty"` - // Puid - READ-ONLY; The Azure Active Directory Passport User ID. - Puid *string `json:"puid,omitempty"` - // IsDomainJoined - READ-ONLY; Determines whether this is a domain account. - IsDomainJoined *bool `json:"isDomainJoined,omitempty"` - // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. - ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` +// AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties. +type AATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } -// Action action for alert rule. -type Action struct { - autorest.Response `json:"-"` - // Etag - Etag of the action. - Etag *string `json:"etag,omitempty"` - // ActionProperties - Action properties - *ActionProperties `json:"properties,omitempty"` +// AccountEntity represents an account entity. +type AccountEntity struct { + // AccountEntityProperties - Account entity properties + *AccountEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` -} - + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for AccountEntity. +func (ae AccountEntity) MarshalJSON() ([]byte, error) { + ae.Kind = KindAccount + objectMap := make(map[string]interface{}) + if ae.AccountEntityProperties != nil { + objectMap["properties"] = ae.AccountEntityProperties + } + if ae.Kind != "" { + objectMap["kind"] = ae.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool) { + return &ae, true +} + +// AsAzureResourceEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for AccountEntity. +func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool) { + return &ae, true +} + +// UnmarshalJSON is the custom unmarshaler for AccountEntity struct. +func (ae *AccountEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var accountEntityProperties AccountEntityProperties + err = json.Unmarshal(*v, &accountEntityProperties) + if err != nil { + return err + } + ae.AccountEntityProperties = &accountEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ae.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ae.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ae.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ae.Kind = kind + } + } + } + + return nil +} + +// AccountEntityProperties account entity property bag. +type AccountEntityProperties struct { + // AadTenantID - READ-ONLY; The Azure Active Directory tenant id. + AadTenantID *string `json:"aadTenantId,omitempty"` + // AadUserID - READ-ONLY; The Azure Active Directory user id. + AadUserID *string `json:"aadUserId,omitempty"` + // AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. + AccountName *string `json:"accountName,omitempty"` + // DisplayName - READ-ONLY; The display name of the account. + DisplayName *string `json:"displayName,omitempty"` + // HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined) + HostEntityID *string `json:"hostEntityId,omitempty"` + // IsDomainJoined - READ-ONLY; Determines whether this is a domain account. + IsDomainJoined *bool `json:"isDomainJoined,omitempty"` + // NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY. + NtDomain *string `json:"ntDomain,omitempty"` + // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. + ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` + // Puid - READ-ONLY; The Azure Active Directory Passport User ID. + Puid *string `json:"puid,omitempty"` + // Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18. + Sid *string `json:"sid,omitempty"` + // UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. + UpnSuffix *string `json:"upnSuffix,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for AccountEntityProperties. +func (aep AccountEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// Action action for alert rule. +type Action struct { + autorest.Response `json:"-"` + // Etag - Etag of the action. + Etag *string `json:"etag,omitempty"` + // ActionProperties - Action properties + *ActionProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + // MarshalJSON is the custom marshaler for Action. func (a Action) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) @@ -708,23 +1377,23 @@ func (a *Action) UnmarshalJSON(body []byte) error { } a.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - a.Type = &typeVar + a.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - a.Name = &name + a.Type = &typeVar } } } @@ -895,12 +1564,12 @@ type Aggregations struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation' - Kind KindBasicAggregations `json:"kind,omitempty"` + Kind Kind `json:"kind,omitempty"` } func unmarshalBasicAggregations(body []byte) (BasicAggregations, error) { @@ -999,14 +1668,14 @@ type AlertRule struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' - Kind Kind `json:"kind,omitempty"` + Kind KindBasicAlertRule `json:"kind,omitempty"` } func unmarshalBasicAlertRule(body []byte) (BasicAlertRule, error) { @@ -1076,7 +1745,7 @@ func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { // AlertRuleKind1 describes an Azure resource with kind. type AlertRuleKind1 struct { - // Kind - The kind of the alert rule. Possible values include: 'Scheduled' + // Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'Filter', 'Fusion' Kind AlertRuleKind `json:"kind,omitempty"` } @@ -1275,80 +1944,391 @@ func NewAlertRulesListPage(getNextPage func(context.Context, AlertRulesList) (Al return AlertRulesListPage{fn: getNextPage} } -// AlertsDataTypeOfDataConnector alerts data type for data connectors. -type AlertsDataTypeOfDataConnector struct { - // Alerts - Alerts data type connection. - Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` -} - -// AlertsDataTypeOfDataConnectorAlerts alerts data type connection. -type AlertsDataTypeOfDataConnectorAlerts struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` +// BasicAlertRuleTemplate alert rule template. +type BasicAlertRuleTemplate interface { + AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) + AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) + AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) + AsAlertRuleTemplate() (*AlertRuleTemplate, bool) } -// ASCDataConnector represents ASC (Azure Security Center) data connector. -type ASCDataConnector struct { - // ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties. - *ASCDataConnectorProperties `json:"properties,omitempty"` +// AlertRuleTemplate alert rule template. +type AlertRuleTemplate struct { + autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for ASCDataConnector. -func (adc ASCDataConnector) MarshalJSON() ([]byte, error) { - adc.Kind = KindAzureSecurityCenter - objectMap := make(map[string]interface{}) - if adc.ASCDataConnectorProperties != nil { - objectMap["properties"] = adc.ASCDataConnectorProperties - } - if adc.Etag != nil { - objectMap["etag"] = adc.Etag +func unmarshalBasicAlertRuleTemplate(body []byte) (BasicAlertRuleTemplate, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err } - if adc.Kind != "" { - objectMap["kind"] = adc.Kind + + switch m["kind"] { + case string(KindBasicAlertRuleTemplateKindFilter): + var fart FilterAlertRuleTemplate + err := json.Unmarshal(body, &fart) + return fart, err + case string(KindBasicAlertRuleTemplateKindFusion): + var fart FusionAlertRuleTemplate + err := json.Unmarshal(body, &fart) + return fart, err + case string(KindBasicAlertRuleTemplateKindScheduled): + var sart ScheduledAlertRuleTemplate + err := json.Unmarshal(body, &sart) + return sart, err + default: + var art AlertRuleTemplate + err := json.Unmarshal(body, &art) + return art, err } - return json.Marshal(objectMap) } +func unmarshalBasicAlertRuleTemplateArray(body []byte) ([]BasicAlertRuleTemplate, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } -// AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false + artArray := make([]BasicAlertRuleTemplate, len(rawMessages)) + + for index, rawMessage := range rawMessages { + art, err := unmarshalBasicAlertRuleTemplate(*rawMessage) + if err != nil { + return nil, err + } + artArray[index] = art + } + return artArray, nil } -// AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// MarshalJSON is the custom marshaler for AlertRuleTemplate. +func (art AlertRuleTemplate) MarshalJSON() ([]byte, error) { + art.Kind = KindBasicAlertRuleTemplateKindAlertRuleTemplate + objectMap := make(map[string]interface{}) + if art.Etag != nil { + objectMap["etag"] = art.Etag + } + if art.Kind != "" { + objectMap["kind"] = art.Kind + } + return json.Marshal(objectMap) +} + +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector. -func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { return nil, false } +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return &art, true +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &art, true +} + +// AlertRuleTemplateModel ... +type AlertRuleTemplateModel struct { + autorest.Response `json:"-"` + Value BasicAlertRuleTemplate `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct. +func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error { + art, err := unmarshalBasicAlertRuleTemplate(body) + if err != nil { + return err + } + artm.Value = art + + return nil +} + +// AlertRuleTemplatesList list all the alert rule templates. +type AlertRuleTemplatesList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of alert rule templates. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of alert rule templates. + Value *[]BasicAlertRuleTemplate `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct. +func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "nextLink": + if v != nil { + var nextLink string + err = json.Unmarshal(*v, &nextLink) + if err != nil { + return err + } + artl.NextLink = &nextLink + } + case "value": + if v != nil { + value, err := unmarshalBasicAlertRuleTemplateArray(*v) + if err != nil { + return err + } + artl.Value = &value + } + } + } + + return nil +} + +// AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values. +type AlertRuleTemplatesListIterator struct { + i int + page AlertRuleTemplatesListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *AlertRuleTemplatesListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter AlertRuleTemplatesListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate { + if !iter.page.NotDone() { + return AlertRuleTemplate{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the AlertRuleTemplatesListIterator type. +func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator { + return AlertRuleTemplatesListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (artl AlertRuleTemplatesList) IsEmpty() bool { + return artl.Value == nil || len(*artl.Value) == 0 +} + +// alertRuleTemplatesListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (artl AlertRuleTemplatesList) alertRuleTemplatesListPreparer(ctx context.Context) (*http.Request, error) { + if artl.NextLink == nil || len(to.String(artl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(artl.NextLink))) +} + +// AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values. +type AlertRuleTemplatesListPage struct { + fn func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error) + artl AlertRuleTemplatesList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.artl) + if err != nil { + return err + } + page.artl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *AlertRuleTemplatesListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page AlertRuleTemplatesListPage) NotDone() bool { + return !page.artl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList { + return page.artl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate { + if page.artl.IsEmpty() { + return nil + } + return *page.artl.Value +} + +// Creates a new instance of the AlertRuleTemplatesListPage type. +func NewAlertRuleTemplatesListPage(getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage { + return AlertRuleTemplatesListPage{fn: getNextPage} +} + +// AlertsDataTypeOfDataConnector alerts data type for data connectors. +type AlertsDataTypeOfDataConnector struct { + // Alerts - Alerts data type connection. + Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` +} + +// AlertsDataTypeOfDataConnectorAlerts alerts data type connection. +type AlertsDataTypeOfDataConnectorAlerts struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// ASCDataConnector represents ASC (Azure Security Center) data connector. +type ASCDataConnector struct { + // ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties. + *ASCDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ASCDataConnector. +func (adc ASCDataConnector) MarshalJSON() ([]byte, error) { + adc.Kind = KindAzureSecurityCenter + objectMap := make(map[string]interface{}) + if adc.ASCDataConnectorProperties != nil { + objectMap["properties"] = adc.ASCDataConnectorProperties + } + if adc.Etag != nil { + objectMap["etag"] = adc.Etag + } + if adc.Kind != "" { + objectMap["kind"] = adc.Kind + } + return json.Marshal(objectMap) +} + // AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } +// AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + // AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return &adc, true } +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + // AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } +// AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -1386,23 +2366,23 @@ func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error { } adc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - adc.Type = &typeVar + adc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - adc.Name = &name + adc.Type = &typeVar } case "etag": if v != nil { @@ -1442,13 +2422,13 @@ type AwsCloudTrailDataConnector struct { *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -1468,33 +2448,43 @@ func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { return nil, false } -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return &actdc, true +// AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return &actdc, true +} + +// AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. -func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -1535,23 +2525,23 @@ func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error { } actdc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - actdc.Type = &typeVar + actdc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - actdc.Name = &name + actdc.Type = &typeVar } case "etag": if v != nil { @@ -1598,6 +2588,212 @@ type AwsCloudTrailDataConnectorProperties struct { DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"` } +// AzureResourceEntity represents an azure resource entity. +type AzureResourceEntity struct { + // AzureResourceEntityProperties - AzureResource entity properties + *AzureResourceEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for AzureResourceEntity. +func (are AzureResourceEntity) MarshalJSON() ([]byte, error) { + are.Kind = KindAzureResource + objectMap := make(map[string]interface{}) + if are.AzureResourceEntityProperties != nil { + objectMap["properties"] = are.AzureResourceEntityProperties + } + if are.Kind != "" { + objectMap["kind"] = are.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return &are, true +} + +// AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for AzureResourceEntity. +func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool) { + return &are, true +} + +// UnmarshalJSON is the custom unmarshaler for AzureResourceEntity struct. +func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var azureResourceEntityProperties AzureResourceEntityProperties + err = json.Unmarshal(*v, &azureResourceEntityProperties) + if err != nil { + return err + } + are.AzureResourceEntityProperties = &azureResourceEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + are.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + are.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + are.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + are.Kind = kind + } + } + } + + return nil +} + +// AzureResourceEntityProperties azureResource entity property bag. +type AzureResourceEntityProperties struct { + // ResourceID - READ-ONLY; The azure resource id of the resource + ResourceID *string `json:"resourceId,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for AzureResourceEntityProperties. +func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// BaseAlertRuleTemplateProperties base alert rule template property bag. +type BaseAlertRuleTemplateProperties struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` +} + // Bookmark represents a bookmark in Azure Security Insights. type Bookmark struct { autorest.Response `json:"-"` @@ -1607,10 +2803,10 @@ type Bookmark struct { *BookmarkProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for Bookmark. @@ -1661,23 +2857,23 @@ func (b *Bookmark) UnmarshalJSON(body []byte) error { } b.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - b.Type = &typeVar + b.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - b.Name = &name + b.Type = &typeVar } } } @@ -1833,22 +3029,24 @@ func NewBookmarkListPage(getNextPage func(context.Context, BookmarkList) (Bookma // BookmarkProperties describes bookmark properties type BookmarkProperties struct { - // DisplayName - The display name of the bookmark - DisplayName *string `json:"displayName,omitempty"` - // LastUpdatedTimeUtc - The last time the bookmark was updated - LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` - // CreatedTimeUtc - The time the bookmark was created - CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Created - The time the bookmark was created + Created *date.Time `json:"created,omitempty"` // CreatedBy - Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` - // UpdatedBy - Describes a user that updated the bookmark - UpdatedBy *UserInfo `json:"updatedBy,omitempty"` - // Notes - The notes of the bookmark - Notes *string `json:"notes,omitempty"` + // DisplayName - The display name of the bookmark + DisplayName *string `json:"displayName,omitempty"` // Labels - List of labels relevant to this bookmark Labels *[]string `json:"labels,omitempty"` + // Notes - The notes of the bookmark + Notes *string `json:"notes,omitempty"` // Query - The query of the bookmark. Query *string `json:"query,omitempty"` + // QueryResult - The query result of the bookmark. + QueryResult *string `json:"queryResult,omitempty"` + // Updated - The last time the bookmark was updated + Updated *date.Time `json:"updated,omitempty"` + // UpdatedBy - Describes a user that updated the bookmark + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` } // Case represents a case in Azure Security Insights. @@ -1860,10 +3058,10 @@ type Case struct { *CaseProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for Case. @@ -1914,23 +3112,23 @@ func (c *Case) UnmarshalJSON(body []byte) error { } c.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - c.Type = &typeVar + c.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - c.Name = &name + c.Type = &typeVar } } } @@ -1938,37 +3136,266 @@ func (c *Case) UnmarshalJSON(body []byte) error { return nil } -// CaseList list all the cases. -type CaseList struct { +// CaseComment represents a case comment +type CaseComment struct { autorest.Response `json:"-"` - // NextLink - READ-ONLY; URL to fetch the next set of cases. - NextLink *string `json:"nextLink,omitempty"` - // Value - Array of cases. - Value *[]Case `json:"value,omitempty"` + // CaseCommentProperties - Case comment properties + *CaseCommentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } -// CaseListIterator provides access to a complete listing of Case values. -type CaseListIterator struct { - i int - page CaseListPage +// MarshalJSON is the custom marshaler for CaseComment. +func (cc CaseComment) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if cc.CaseCommentProperties != nil { + objectMap["properties"] = cc.CaseCommentProperties + } + return json.Marshal(objectMap) } -// NextWithContext advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -func (iter *CaseListIterator) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/CaseListIterator.NextWithContext") - defer func() { - sc := -1 - if iter.Response().Response.Response != nil { - sc = iter.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() +// UnmarshalJSON is the custom unmarshaler for CaseComment struct. +func (cc *CaseComment) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err } - iter.i++ - if iter.i < len(iter.page.Values()) { - return nil + for k, v := range m { + switch k { + case "properties": + if v != nil { + var caseCommentProperties CaseCommentProperties + err = json.Unmarshal(*v, &caseCommentProperties) + if err != nil { + return err + } + cc.CaseCommentProperties = &caseCommentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + cc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + cc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + cc.Type = &typeVar + } + } + } + + return nil +} + +// CaseCommentList list of case comments. +type CaseCommentList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of comments. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of comments. + Value *[]CaseComment `json:"value,omitempty"` +} + +// CaseCommentListIterator provides access to a complete listing of CaseComment values. +type CaseCommentListIterator struct { + i int + page CaseCommentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseCommentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *CaseCommentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter CaseCommentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter CaseCommentListIterator) Response() CaseCommentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter CaseCommentListIterator) Value() CaseComment { + if !iter.page.NotDone() { + return CaseComment{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the CaseCommentListIterator type. +func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator { + return CaseCommentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (ccl CaseCommentList) IsEmpty() bool { + return ccl.Value == nil || len(*ccl.Value) == 0 +} + +// caseCommentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (ccl CaseCommentList) caseCommentListPreparer(ctx context.Context) (*http.Request, error) { + if ccl.NextLink == nil || len(to.String(ccl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(ccl.NextLink))) +} + +// CaseCommentListPage contains a page of CaseComment values. +type CaseCommentListPage struct { + fn func(context.Context, CaseCommentList) (CaseCommentList, error) + ccl CaseCommentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *CaseCommentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseCommentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.ccl) + if err != nil { + return err + } + page.ccl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *CaseCommentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page CaseCommentListPage) NotDone() bool { + return !page.ccl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page CaseCommentListPage) Response() CaseCommentList { + return page.ccl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page CaseCommentListPage) Values() []CaseComment { + if page.ccl.IsEmpty() { + return nil + } + return *page.ccl.Value +} + +// Creates a new instance of the CaseCommentListPage type. +func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage { + return CaseCommentListPage{fn: getNextPage} +} + +// CaseCommentProperties case comment property bag. +type CaseCommentProperties struct { + // CreatedTimeUtc - READ-ONLY; The time the comment was created + CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Message - The comment message + Message *string `json:"message,omitempty"` + // UserInfo - READ-ONLY; Describes the user that created the comment + UserInfo *UserInfo `json:"userInfo,omitempty"` +} + +// CaseList list all the cases. +type CaseList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of cases. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of cases. + Value *[]Case `json:"value,omitempty"` +} + +// CaseListIterator provides access to a complete listing of Case values. +type CaseListIterator struct { + i int + page CaseListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *CaseListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil } err = iter.page.NextWithContext(ctx) if err != nil { @@ -2086,28 +3513,38 @@ func NewCaseListPage(getNextPage func(context.Context, CaseList) (CaseList, erro // CaseProperties describes case properties type CaseProperties struct { - // LastUpdatedTimeUtc - The last time the case was updated - LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` - // CreatedTimeUtc - The time the case was created + // CaseNumber - READ-ONLY; a sequential number + CaseNumber *int32 `json:"caseNumber,omitempty"` + // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other' + CloseReason CloseReason `json:"closeReason,omitempty"` + // ClosedReasonText - the case close reason details + ClosedReasonText *string `json:"closedReasonText,omitempty"` + // CreatedTimeUtc - READ-ONLY; The time the case was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Description - The description of the case + Description *string `json:"description,omitempty"` // EndTimeUtc - The end time of the case EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` - // StartTimeUtc - The start time of the case - StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Labels - List of labels relevant to this case Labels *[]string `json:"labels,omitempty"` - // Description - The description of the case - Description *string `json:"description,omitempty"` - // Title - The title of the case - Title *string `json:"title,omitempty"` - // AssignedTo - Describes a user that the case is assigned to - AssignedTo *UserInfo `json:"assignedTo,omitempty"` + // LastComment - READ-ONLY; the last comment in the case + LastComment *string `json:"lastComment,omitempty"` + // LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated + LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` + // Owner - Describes a user that the case is assigned to + Owner *UserInfo `json:"owner,omitempty"` + // RelatedAlertIds - READ-ONLY; List of related alert identifiers + RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"` // Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational' Severity CaseSeverity `json:"severity,omitempty"` + // StartTimeUtc - The start time of the case + StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed' Status CaseStatus `json:"status,omitempty"` - // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'Other' - CloseReason CloseReason `json:"closeReason,omitempty"` + // Title - The title of the case + Title *string `json:"title,omitempty"` + // TotalComments - READ-ONLY; the number of total comments in the case + TotalComments *int32 `json:"totalComments,omitempty"` } // CasesAggregation represents aggregations results for cases. @@ -2116,12 +3553,12 @@ type CasesAggregation struct { *CasesAggregationProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation' - Kind KindBasicAggregations `json:"kind,omitempty"` + Kind Kind `json:"kind,omitempty"` } // MarshalJSON is the custom marshaler for CasesAggregation. @@ -2179,27 +3616,27 @@ func (ca *CasesAggregation) UnmarshalJSON(body []byte) error { } ca.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - ca.Type = &typeVar + ca.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - ca.Name = &name + ca.Type = &typeVar } case "kind": if v != nil { - var kind KindBasicAggregations + var kind Kind err = json.Unmarshal(*v, &kind) if err != nil { return err @@ -2218,24 +3655,24 @@ type CasesAggregationBySeverityProperties struct { TotalCriticalSeverity *int32 `json:"totalCriticalSeverity,omitempty"` // TotalHighSeverity - READ-ONLY; Total amount of open cases with severity High TotalHighSeverity *int32 `json:"totalHighSeverity,omitempty"` - // TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium - TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"` - // TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low - TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"` // TotalInformationalSeverity - READ-ONLY; Total amount of open cases with severity Informational TotalInformationalSeverity *int32 `json:"totalInformationalSeverity,omitempty"` + // TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low + TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"` + // TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium + TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"` } // CasesAggregationByStatusProperties aggregative results of cases by status property bag. type CasesAggregationByStatusProperties struct { - // TotalNewStatus - READ-ONLY; Total amount of open cases with status New - TotalNewStatus *int32 `json:"totalNewStatus,omitempty"` + // TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed + TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"` // TotalInProgressStatus - READ-ONLY; Total amount of open cases with status InProgress TotalInProgressStatus *int32 `json:"totalInProgressStatus,omitempty"` + // TotalNewStatus - READ-ONLY; Total amount of open cases with status New + TotalNewStatus *int32 `json:"totalNewStatus,omitempty"` // TotalResolvedStatus - READ-ONLY; Total amount of open cases with status Resolved TotalResolvedStatus *int32 `json:"totalResolvedStatus,omitempty"` - // TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed - TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"` } // CasesAggregationProperties aggregative results of cases property bag. @@ -2246,31 +3683,223 @@ type CasesAggregationProperties struct { AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"` } -// CloudError error response structure. -type CloudError struct { - // CloudErrorBody - Error data - *CloudErrorBody `json:"error,omitempty"` +// CloudApplicationEntity represents a cloud application entity. +type CloudApplicationEntity struct { + // CloudApplicationEntityProperties - CloudApplication entity properties + *CloudApplicationEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for CloudError. -func (ce CloudError) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for CloudApplicationEntity. +func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error) { + cae.Kind = KindCloudApplication objectMap := make(map[string]interface{}) - if ce.CloudErrorBody != nil { - objectMap["error"] = ce.CloudErrorBody + if cae.CloudApplicationEntityProperties != nil { + objectMap["properties"] = cae.CloudApplicationEntityProperties + } + if cae.Kind != "" { + objectMap["kind"] = cae.Kind } return json.Marshal(objectMap) } -// UnmarshalJSON is the custom unmarshaler for CloudError struct. -func (ce *CloudError) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) - if err != nil { - return err - } - for k, v := range m { - switch k { - case "error": +// AsAccountEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return &cae, true +} + +// AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for CloudApplicationEntity. +func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool) { + return &cae, true +} + +// UnmarshalJSON is the custom unmarshaler for CloudApplicationEntity struct. +func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var cloudApplicationEntityProperties CloudApplicationEntityProperties + err = json.Unmarshal(*v, &cloudApplicationEntityProperties) + if err != nil { + return err + } + cae.CloudApplicationEntityProperties = &cloudApplicationEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + cae.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + cae.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + cae.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + cae.Kind = kind + } + } + } + + return nil +} + +// CloudApplicationEntityProperties cloudApplication entity property bag. +type CloudApplicationEntityProperties struct { + // AppID - READ-ONLY; The technical identifier of the application. + AppID *int32 `json:"appId,omitempty"` + // AppName - READ-ONLY; The name of the related cloud application. + AppName *string `json:"appName,omitempty"` + // InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. + InstanceName *string `json:"instanceName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for CloudApplicationEntityProperties. +func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// CloudError error response structure. +type CloudError struct { + // CloudErrorBody - Error data + *CloudErrorBody `json:"error,omitempty"` +} + +// MarshalJSON is the custom marshaler for CloudError. +func (ce CloudError) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ce.CloudErrorBody != nil { + objectMap["error"] = ce.CloudErrorBody + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for CloudError struct. +func (ce *CloudError) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "error": if v != nil { var cloudErrorBody CloudErrorBody err = json.Unmarshal(*v, &cloudErrorBody) @@ -2295,12 +3924,14 @@ type CloudErrorBody struct { // BasicDataConnector data connector. type BasicDataConnector interface { - AsOfficeDataConnector() (*OfficeDataConnector, bool) - AsTIDataConnector() (*TIDataConnector, bool) - AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsAADDataConnector() (*AADDataConnector, bool) + AsAATPDataConnector() (*AATPDataConnector, bool) AsASCDataConnector() (*ASCDataConnector, bool) + AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsMCASDataConnector() (*MCASDataConnector, bool) + AsMDATPDataConnector() (*MDATPDataConnector, bool) + AsOfficeDataConnector() (*OfficeDataConnector, bool) + AsTIDataConnector() (*TIDataConnector, bool) AsDataConnector() (*DataConnector, bool) } @@ -2309,13 +3940,13 @@ type DataConnector struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2327,30 +3958,38 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { } switch m["kind"] { - case string(KindOffice365): - var odc OfficeDataConnector - err := json.Unmarshal(body, &odc) - return odc, err - case string(KindThreatIntelligence): - var tdc TIDataConnector - err := json.Unmarshal(body, &tdc) - return tdc, err - case string(KindAmazonWebServicesCloudTrail): - var actdc AwsCloudTrailDataConnector - err := json.Unmarshal(body, &actdc) - return actdc, err case string(KindAzureActiveDirectory): var adc AADDataConnector err := json.Unmarshal(body, &adc) return adc, err + case string(KindAzureAdvancedThreatProtection): + var adc AATPDataConnector + err := json.Unmarshal(body, &adc) + return adc, err case string(KindAzureSecurityCenter): var adc ASCDataConnector err := json.Unmarshal(body, &adc) return adc, err + case string(KindAmazonWebServicesCloudTrail): + var actdc AwsCloudTrailDataConnector + err := json.Unmarshal(body, &actdc) + return actdc, err case string(KindMicrosoftCloudAppSecurity): var mdc MCASDataConnector err := json.Unmarshal(body, &mdc) return mdc, err + case string(KindMicrosoftDefenderAdvancedThreatProtection): + var mdc MDATPDataConnector + err := json.Unmarshal(body, &mdc) + return mdc, err + case string(KindOffice365): + var odc OfficeDataConnector + err := json.Unmarshal(body, &odc) + return odc, err + case string(KindThreatIntelligence): + var tdc TIDataConnector + err := json.Unmarshal(body, &tdc) + return tdc, err default: var dc DataConnector err := json.Unmarshal(body, &dc) @@ -2389,13 +4028,18 @@ func (dc DataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) { +// AsAATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { return nil, false } @@ -2404,18 +4048,23 @@ func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnec return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for DataConnector. -func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } @@ -2437,7 +4086,7 @@ type DataConnectorDataTypeCommon struct { // DataConnectorKind1 describes an Azure resource with kind. type DataConnectorKind1 struct { - // Kind - The kind of the data connector. Possible values include: 'AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSecurity', 'ThreatIntelligence', 'Office365', 'AmazonWebServicesCloudTrail' + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` } @@ -2636,6 +4285,26 @@ func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error { return nil } +// DataConnectorStatus alert rule template data connector status +type DataConnectorStatus struct { + // ConnectorID - the connector id + ConnectorID *string `json:"connectorId,omitempty"` + // DataTypes - The data types availability map + DataTypes map[string]*DataTypeStatus `json:"dataTypes"` +} + +// MarshalJSON is the custom marshaler for DataConnectorStatus. +func (dcs DataConnectorStatus) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if dcs.ConnectorID != nil { + objectMap["connectorId"] = dcs.ConnectorID + } + if dcs.DataTypes != nil { + objectMap["dataTypes"] = dcs.DataTypes + } + return json.Marshal(objectMap) +} + // DataConnectorTenantID properties data connector on tenant level. type DataConnectorTenantID struct { // TenantID - The tenant id to connect to, and get the data from. @@ -2648,66 +4317,320 @@ type DataConnectorWithAlertsProperties struct { DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } -// BasicEntity specific entity. -type BasicEntity interface { - AsAccountEntity() (*AccountEntity, bool) - AsHostEntity() (*HostEntity, bool) - AsFileEntity() (*FileEntity, bool) - AsEntity() (*Entity, bool) -} - -// Entity specific entity. -type Entity struct { - autorest.Response `json:"-"` +// DNSEntity represents a dns entity. +type DNSEntity struct { + // DNSEntityProperties - Dns entity properties + *DNSEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } -func unmarshalBasicEntity(body []byte) (BasicEntity, error) { - var m map[string]interface{} - err := json.Unmarshal(body, &m) - if err != nil { - return nil, err +// MarshalJSON is the custom marshaler for DNSEntity. +func (de DNSEntity) MarshalJSON() ([]byte, error) { + de.Kind = KindDNSResolution + objectMap := make(map[string]interface{}) + if de.DNSEntityProperties != nil { + objectMap["properties"] = de.DNSEntityProperties } - - switch m["kind"] { - case string(KindAccount): - var ae AccountEntity - err := json.Unmarshal(body, &ae) - return ae, err - case string(KindHost): - var he HostEntity - err := json.Unmarshal(body, &he) - return he, err - case string(KindFile): - var fe FileEntity - err := json.Unmarshal(body, &fe) - return fe, err - default: - var e Entity - err := json.Unmarshal(body, &e) - return e, err + if de.Kind != "" { + objectMap["kind"] = de.Kind } + return json.Marshal(objectMap) } -func unmarshalBasicEntityArray(body []byte) ([]BasicEntity, error) { - var rawMessages []*json.RawMessage - err := json.Unmarshal(body, &rawMessages) - if err != nil { - return nil, err - } - eArray := make([]BasicEntity, len(rawMessages)) +// AsAccountEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} - for index, rawMessage := range rawMessages { - e, err := unmarshalBasicEntity(*rawMessage) - if err != nil { - return nil, err +// AsAzureResourceEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool) { + return &de, true +} + +// AsFileEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for DNSEntity. +func (de DNSEntity) AsBasicEntity() (BasicEntity, bool) { + return &de, true +} + +// UnmarshalJSON is the custom unmarshaler for DNSEntity struct. +func (de *DNSEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var DNSEntityProperties DNSEntityProperties + err = json.Unmarshal(*v, &DNSEntityProperties) + if err != nil { + return err + } + de.DNSEntityProperties = &DNSEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + de.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + de.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + de.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + de.Kind = kind + } + } + } + + return nil +} + +// DNSEntityProperties dns entity property bag. +type DNSEntityProperties struct { + // DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request + DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"` + // DomainName - READ-ONLY; The name of the dns record associated with the alert + DomainName *string `json:"domainName,omitempty"` + // HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client + HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"` + // IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address. + IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for DNSEntityProperties. +func (dep DNSEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// BasicEntity specific entity. +type BasicEntity interface { + AsAccountEntity() (*AccountEntity, bool) + AsAzureResourceEntity() (*AzureResourceEntity, bool) + AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + AsDNSEntity() (*DNSEntity, bool) + AsFileEntity() (*FileEntity, bool) + AsFileHashEntity() (*FileHashEntity, bool) + AsHostEntity() (*HostEntity, bool) + AsIPEntity() (*IPEntity, bool) + AsMalwareEntity() (*MalwareEntity, bool) + AsProcessEntity() (*ProcessEntity, bool) + AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + AsRegistryValueEntity() (*RegistryValueEntity, bool) + AsSecurityAlert() (*SecurityAlert, bool) + AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + AsURLEntity() (*URLEntity, bool) + AsEntity() (*Entity, bool) +} + +// Entity specific entity. +type Entity struct { + autorest.Response `json:"-"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +func unmarshalBasicEntity(body []byte) (BasicEntity, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindAccount): + var ae AccountEntity + err := json.Unmarshal(body, &ae) + return ae, err + case string(KindAzureResource): + var are AzureResourceEntity + err := json.Unmarshal(body, &are) + return are, err + case string(KindCloudApplication): + var cae CloudApplicationEntity + err := json.Unmarshal(body, &cae) + return cae, err + case string(KindDNSResolution): + var de DNSEntity + err := json.Unmarshal(body, &de) + return de, err + case string(KindFile): + var fe FileEntity + err := json.Unmarshal(body, &fe) + return fe, err + case string(KindFileHash): + var fhe FileHashEntity + err := json.Unmarshal(body, &fhe) + return fhe, err + case string(KindHost): + var he HostEntity + err := json.Unmarshal(body, &he) + return he, err + case string(KindIP): + var ie IPEntity + err := json.Unmarshal(body, &ie) + return ie, err + case string(KindMalware): + var me MalwareEntity + err := json.Unmarshal(body, &me) + return me, err + case string(KindProcess): + var peVar ProcessEntity + err := json.Unmarshal(body, &peVar) + return peVar, err + case string(KindRegistryKey): + var rke RegistryKeyEntity + err := json.Unmarshal(body, &rke) + return rke, err + case string(KindRegistryValue): + var rve RegistryValueEntity + err := json.Unmarshal(body, &rve) + return rve, err + case string(KindSecurityAlert): + var sa SecurityAlert + err := json.Unmarshal(body, &sa) + return sa, err + case string(KindSecurityGroup): + var sge SecurityGroupEntity + err := json.Unmarshal(body, &sge) + return sge, err + case string(KindURL): + var ue URLEntity + err := json.Unmarshal(body, &ue) + return ue, err + default: + var e Entity + err := json.Unmarshal(body, &e) + return e, err + } +} +func unmarshalBasicEntityArray(body []byte) ([]BasicEntity, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + eArray := make([]BasicEntity, len(rawMessages)) + + for index, rawMessage := range rawMessages { + e, err := unmarshalBasicEntity(*rawMessage) + if err != nil { + return nil, err } eArray[index] = e } @@ -2729,8 +4652,18 @@ func (e Entity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for Entity. -func (e Entity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for Entity. +func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for Entity. +func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for Entity. +func (e Entity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } @@ -2739,6 +4672,56 @@ func (e Entity) AsFileEntity() (*FileEntity, bool) { return nil, false } +// AsFileHashEntity is the BasicEntity implementation for Entity. +func (e Entity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for Entity. +func (e Entity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for Entity. +func (e Entity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for Entity. +func (e Entity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for Entity. +func (e Entity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for Entity. +func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for Entity. +func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for Entity. +func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for Entity. +func (e Entity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + // AsEntity is the BasicEntity implementation for Entity. func (e Entity) AsEntity() (*Entity, bool) { return &e, true @@ -2749,9 +4732,71 @@ func (e Entity) AsBasicEntity() (BasicEntity, bool) { return &e, true } -// EntityKind1 describes an Azure resource with kind. +// EntityCommonProperties entity common property bag. +type EntityCommonProperties struct { + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for EntityCommonProperties. +func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// EntityExpandParameters the parameters required to execute an expand operation on the given entity. +type EntityExpandParameters struct { + // EndTime - The end date filter, so the only expansion results returned are before this date. + EndTime *date.Time `json:"endTime,omitempty"` + // ExpansionID - The Id of the expansion to perform. + ExpansionID *uuid.UUID `json:"expansionId,omitempty"` + // StartTime - The start date filter, so the only expansion results returned are after this date. + StartTime *date.Time `json:"startTime,omitempty"` +} + +// EntityExpandResponse the entity expansion result operation response. +type EntityExpandResponse struct { + autorest.Response `json:"-"` + // MetaData - The metadata from the expansion operation results. + MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` + // Value - The expansion result values. + Value *EntityExpandResponseValue `json:"value,omitempty"` +} + +// EntityExpandResponseValue the expansion result values. +type EntityExpandResponseValue struct { + // Entities - Array of the expansion result entities. + Entities *[]BasicEntity `json:"entities,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct. +func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "entities": + if v != nil { + entities, err := unmarshalBasicEntityArray(*v) + if err != nil { + return err + } + eer.Entities = &entities + } + } + } + + return nil +} + +// EntityKind1 describes an entity with kind. type EntityKind1 struct { - // Kind - The kind of the entity. Possible values include: 'Account', 'Host', 'File' + // Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' Kind EntityKind `json:"kind,omitempty"` } @@ -2957,10 +5002,10 @@ type EntityQuery struct { *EntityQueryProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` } // MarshalJSON is the custom marshaler for EntityQuery. @@ -2999,23 +5044,23 @@ func (eq *EntityQuery) UnmarshalJSON(body []byte) error { } eq.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - eq.Type = &typeVar + eq.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - eq.Name = &name + eq.Type = &typeVar } } } @@ -3171,18 +5216,36 @@ func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) ( // EntityQueryProperties describes entity query properties type EntityQueryProperties struct { - // QueryTemplate - The template query string to be parsed and formatted - QueryTemplate *string `json:"queryTemplate,omitempty"` - // InputEntityType - The type of the query's source entity - InputEntityType *string `json:"inputEntityType,omitempty"` - // InputFields - List of the fields of the source entity that are required to run the query - InputFields *[]string `json:"inputFields,omitempty"` - // OutputEntityTypes - List of the desired output types to be constructed from the result - OutputEntityTypes *[]string `json:"outputEntityTypes,omitempty"` // DataSources - List of the data sources that are required to run the query DataSources *[]string `json:"dataSources,omitempty"` // DisplayName - The query display name DisplayName *string `json:"displayName,omitempty"` + // InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark' + InputEntityType EntityType `json:"inputEntityType,omitempty"` + // InputFields - List of the fields of the source entity that are required to run the query + InputFields *[]string `json:"inputFields,omitempty"` + // OutputEntityTypes - List of the desired output types to be constructed from the result + OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"` + // QueryTemplate - The template query string to be parsed and formatted + QueryTemplate *string `json:"queryTemplate,omitempty"` +} + +// ExpansionResultAggregation information of a specific aggregation in the expansion result. +type ExpansionResultAggregation struct { + // AggregationType - The common type of the aggregation. (for e.g. entity field name) + AggregationType *string `json:"aggregationType,omitempty"` + // Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. + Count *int32 `json:"count,omitempty"` + // DisplayName - The display name of the aggregation by type. + DisplayName *string `json:"displayName,omitempty"` + // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' + EntityKind EntityKind `json:"entityKind,omitempty"` +} + +// ExpansionResultsMetadata expansion result metadata. +type ExpansionResultsMetadata struct { + // Aggregations - Information of the aggregated nodes in the expansion result. + Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"` } // FileEntity represents a file entity. @@ -3191,11 +5254,11 @@ type FileEntity struct { *FileEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } @@ -3217,8 +5280,18 @@ func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for FileEntity. -func (fe FileEntity) AsHostEntity() (*HostEntity, bool) { +// AsAzureResourceEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } @@ -3227,6 +5300,56 @@ func (fe FileEntity) AsFileEntity() (*FileEntity, bool) { return &fe, true } +// AsFileHashEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for FileEntity. +func (fe FileEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + // AsEntity is the BasicEntity implementation for FileEntity. func (fe FileEntity) AsEntity() (*Entity, bool) { return nil, false @@ -3264,23 +5387,23 @@ func (fe *FileEntity) UnmarshalJSON(body []byte) error { } fe.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - fe.Type = &typeVar + fe.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - fe.Name = &name + fe.Type = &typeVar } case "kind": if v != nil { @@ -3301,64 +5424,138 @@ func (fe *FileEntity) UnmarshalJSON(body []byte) error { type FileEntityProperties struct { // Directory - READ-ONLY; The full path to the file. Directory *string `json:"directory,omitempty"` + // FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file + FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"` // FileName - READ-ONLY; The file name without path (some alerts might not include path). FileName *string `json:"fileName,omitempty"` + // HostEntityID - READ-ONLY; The Host entity id which the file belongs to + HostEntityID *string `json:"hostEntityId,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } -// HostEntity represents a host entity. -type HostEntity struct { - // HostEntityProperties - Host entity properties - *HostEntityProperties `json:"properties,omitempty"` +// MarshalJSON is the custom marshaler for FileEntityProperties. +func (fep FileEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// FileHashEntity represents a file hash entity. +type FileHashEntity struct { + // FileHashEntityProperties - FileHash entity properties + *FileHashEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile' + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for HostEntity. -func (he HostEntity) MarshalJSON() ([]byte, error) { - he.Kind = KindHost +// MarshalJSON is the custom marshaler for FileHashEntity. +func (fhe FileHashEntity) MarshalJSON() ([]byte, error) { + fhe.Kind = KindFileHash objectMap := make(map[string]interface{}) - if he.HostEntityProperties != nil { - objectMap["properties"] = he.HostEntityProperties + if fhe.FileHashEntityProperties != nil { + objectMap["properties"] = fhe.FileHashEntityProperties } - if he.Kind != "" { - objectMap["kind"] = he.Kind + if fhe.Kind != "" { + objectMap["kind"] = fhe.Kind } return json.Marshal(objectMap) } -// AsAccountEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsAccountEntity() (*AccountEntity, bool) { +// AsAccountEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool) { return nil, false } -// AsHostEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsHostEntity() (*HostEntity, bool) { - return &he, true +// AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false } -// AsFileEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsFileEntity() (*FileEntity, bool) { +// AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { return nil, false } -// AsEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsEntity() (*Entity, bool) { +// AsDNSEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool) { return nil, false } -// AsBasicEntity is the BasicEntity implementation for HostEntity. -func (he HostEntity) AsBasicEntity() (BasicEntity, bool) { - return &he, true +// AsFileEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for HostEntity struct. -func (he *HostEntity) UnmarshalJSON(body []byte) error { +// AsFileHashEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return &fhe, true +} + +// AsHostEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for FileHashEntity. +func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool) { + return &fhe, true +} + +// UnmarshalJSON is the custom unmarshaler for FileHashEntity struct. +func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -3368,12 +5565,12 @@ func (he *HostEntity) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var hostEntityProperties HostEntityProperties - err = json.Unmarshal(*v, &hostEntityProperties) + var fileHashEntityProperties FileHashEntityProperties + err = json.Unmarshal(*v, &fileHashEntityProperties) if err != nil { return err } - he.HostEntityProperties = &hostEntityProperties + fhe.FileHashEntityProperties = &fileHashEntityProperties } case "id": if v != nil { @@ -3382,25 +5579,25 @@ func (he *HostEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - he.ID = &ID + fhe.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - he.Type = &typeVar + fhe.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - he.Name = &name + fhe.Type = &typeVar } case "kind": if v != nil { @@ -3409,7 +5606,7 @@ func (he *HostEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - he.Kind = kind + fhe.Kind = kind } } } @@ -3417,102 +5614,83 @@ func (he *HostEntity) UnmarshalJSON(body []byte) error { return nil } -// HostEntityProperties host entity property bag. -type HostEntityProperties struct { - // DNSDomain - READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain - DNSDomain *string `json:"dnsDomain,omitempty"` - // NtDomain - READ-ONLY; The NT domain that this host belongs to. - NtDomain *string `json:"ntDomain,omitempty"` - // HostName - READ-ONLY; The hostname without the domain suffix. - HostName *string `json:"hostName,omitempty"` - // NetBiosName - READ-ONLY; The host name (pre-windows2000). - NetBiosName *string `json:"netBiosName,omitempty"` - // AzureID - READ-ONLY; The azure resource id of the VM. - AzureID *string `json:"azureID,omitempty"` - // OmsAgentID - READ-ONLY; The OMS agent id, if the host has OMS agent installed. - OmsAgentID *string `json:"omsAgentID,omitempty"` - // OsFamily - The operating system type. Possible values include: 'Linux', 'Windows', 'Android', 'IOS' - OsFamily OSFamily `json:"osFamily,omitempty"` - // OsVersion - READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration - OsVersion *string `json:"osVersion,omitempty"` - // IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain. - IsDomainJoined *bool `json:"isDomainJoined,omitempty"` +// FileHashEntityProperties fileHash entity property bag. +type FileHashEntityProperties struct { + // Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC' + Algorithm FileHashAlgorithm `json:"algorithm,omitempty"` + // HashValue - READ-ONLY; The file hash value. + HashValue *string `json:"hashValue,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` } -// MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector. -type MCASDataConnector struct { - // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. - *MCASDataConnectorProperties `json:"properties,omitempty"` +// MarshalJSON is the custom marshaler for FileHashEntityProperties. +func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// FilterAlertRuleTemplate represents filter alert rule template. +type FilterAlertRuleTemplate struct { + // FilterAlertRuleTemplateProperties - Filter alert rule template properties + *FilterAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for MCASDataConnector. -func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { - mdc.Kind = KindMicrosoftCloudAppSecurity +// MarshalJSON is the custom marshaler for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) MarshalJSON() ([]byte, error) { + fart.Kind = KindBasicAlertRuleTemplateKindFilter objectMap := make(map[string]interface{}) - if mdc.MCASDataConnectorProperties != nil { - objectMap["properties"] = mdc.MCASDataConnectorProperties + if fart.FilterAlertRuleTemplateProperties != nil { + objectMap["properties"] = fart.FilterAlertRuleTemplateProperties } - if mdc.Etag != nil { - objectMap["etag"] = mdc.Etag + if fart.Etag != nil { + objectMap["etag"] = fart.Etag } - if mdc.Kind != "" { - objectMap["kind"] = mdc.Kind + if fart.Kind != "" { + objectMap["kind"] = fart.Kind } return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return nil, false -} - -// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return nil, false -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { + return &fart, true } -// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return &mdc, true -} - -// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. -func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &mdc, true +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &fart, true } -// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. -func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for FilterAlertRuleTemplate struct. +func (fart *FilterAlertRuleTemplate) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -3522,12 +5700,12 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var mCASDataConnectorProperties MCASDataConnectorProperties - err = json.Unmarshal(*v, &mCASDataConnectorProperties) + var filterAlertRuleTemplateProperties FilterAlertRuleTemplateProperties + err = json.Unmarshal(*v, &filterAlertRuleTemplateProperties) if err != nil { return err } - mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties + fart.FilterAlertRuleTemplateProperties = &filterAlertRuleTemplateProperties } case "id": if v != nil { @@ -3536,25 +5714,25 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.ID = &ID + fart.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - mdc.Type = &typeVar + fart.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - mdc.Name = &name + fart.Type = &typeVar } case "etag": if v != nil { @@ -3563,16 +5741,16 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - mdc.Etag = &etag + fart.Etag = &etag } case "kind": if v != nil { - var kind KindBasicDataConnector + var kind KindBasicAlertRuleTemplate err = json.Unmarshal(*v, &kind) if err != nil { return err } - mdc.Kind = kind + fart.Kind = kind } } } @@ -3580,38 +5758,99 @@ func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { return nil } -// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. -type MCASDataConnectorProperties struct { - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` - // DataTypes - The available data types for the connector. - DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` -} - -// OfficeConsent consent for Office365 tenant that already made. -type OfficeConsent struct { - autorest.Response `json:"-"` - // OfficeConsentProperties - Office consent properties - *OfficeConsentProperties `json:"properties,omitempty"` +// FilterAlertRuleTemplateProperties filter alert rule template properties +type FilterAlertRuleTemplateProperties struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // FilterProduct - The filter product name for this template rule. + FilterProduct *string `json:"filterProduct,omitempty"` + // FilterSeverities - the alert’s severities on which the cases will be generated + FilterSeverities *[]AlertSeverity `json:"filterSeverities,omitempty"` + // FilterTitles - the alert’s titles on which the cases will be generated + FilterTitles *[]string `json:"filterTitles,omitempty"` +} + +// FilterAlertRuleTemplatePropertiesModel filter alert rule template property bag. +type FilterAlertRuleTemplatePropertiesModel struct { + // FilterProduct - The filter product name for this template rule. + FilterProduct *string `json:"filterProduct,omitempty"` + // FilterSeverities - the alert’s severities on which the cases will be generated + FilterSeverities *[]AlertSeverity `json:"filterSeverities,omitempty"` + // FilterTitles - the alert’s titles on which the cases will be generated + FilterTitles *[]string `json:"filterTitles,omitempty"` +} + +// FusionAlertRuleTemplate represents fusion alert rule template. +type FusionAlertRuleTemplate struct { + // FusionAlertRuleTemplateProperties - Fusion alert rule template properties + *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for OfficeConsent. -func (oc OfficeConsent) MarshalJSON() ([]byte, error) { +// MarshalJSON is the custom marshaler for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { + fart.Kind = KindBasicAlertRuleTemplateKindFusion objectMap := make(map[string]interface{}) - if oc.OfficeConsentProperties != nil { - objectMap["properties"] = oc.OfficeConsentProperties + if fart.FusionAlertRuleTemplateProperties != nil { + objectMap["properties"] = fart.FusionAlertRuleTemplateProperties + } + if fart.Etag != nil { + objectMap["etag"] = fart.Etag + } + if fart.Kind != "" { + objectMap["kind"] = fart.Kind } return json.Marshal(objectMap) } -// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. -func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { + return nil, false +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return &fart, true +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return nil, false +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &fart, true +} + +// UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct. +func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -3621,12 +5860,12 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var officeConsentProperties OfficeConsentProperties - err = json.Unmarshal(*v, &officeConsentProperties) + var fusionAlertRuleTemplateProperties FusionAlertRuleTemplateProperties + err = json.Unmarshal(*v, &fusionAlertRuleTemplateProperties) if err != nil { return err } - oc.OfficeConsentProperties = &officeConsentProperties + fart.FusionAlertRuleTemplateProperties = &fusionAlertRuleTemplateProperties } case "id": if v != nil { @@ -3635,7 +5874,16 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { if err != nil { return err } - oc.ID = &ID + fart.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + fart.Name = &name } case "type": if v != nil { @@ -3644,16 +5892,25 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { if err != nil { return err } - oc.Type = &typeVar + fart.Type = &typeVar } - case "name": + case "etag": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var etag string + err = json.Unmarshal(*v, &etag) if err != nil { return err } - oc.Name = &name + fart.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicAlertRuleTemplate + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + fart.Kind = kind } } } @@ -3661,234 +5918,2356 @@ func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { return nil } -// OfficeConsentList list of all the office365 consents. -type OfficeConsentList struct { - autorest.Response `json:"-"` - // NextLink - READ-ONLY; URL to fetch the next set of office consents. - NextLink *string `json:"nextLink,omitempty"` - // Value - Array of the consents. - Value *[]OfficeConsent `json:"value,omitempty"` +// FusionAlertRuleTemplateProperties fusion alert rule template properties +type FusionAlertRuleTemplateProperties struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` } -// OfficeConsentListIterator provides access to a complete listing of OfficeConsent values. -type OfficeConsentListIterator struct { - i int - page OfficeConsentListPage +// FusionAlertRuleTemplatePropertiesModel filter alert rule template property bag. +type FusionAlertRuleTemplatePropertiesModel struct { + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` } -// NextWithContext advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListIterator.NextWithContext") - defer func() { - sc := -1 - if iter.Response().Response.Response != nil { - sc = iter.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - iter.i++ - if iter.i < len(iter.page.Values()) { - return nil +// GeoLocation the geo-location context attached to the ip entity +type GeoLocation struct { + // Asn - READ-ONLY; Autonomous System Number + Asn *int32 `json:"asn,omitempty"` + // City - READ-ONLY; City name + City *string `json:"city,omitempty"` + // CountryCode - READ-ONLY; The country code according to ISO 3166 format + CountryCode *string `json:"countryCode,omitempty"` + // CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name + CountryName *string `json:"countryName,omitempty"` + // Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. + Latitude *float64 `json:"latitude,omitempty"` + // Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. + Longitude *float64 `json:"longitude,omitempty"` + // State - READ-ONLY; State name + State *string `json:"state,omitempty"` +} + +// HostEntity represents a host entity. +type HostEntity struct { + // HostEntityProperties - Host entity properties + *HostEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for HostEntity. +func (he HostEntity) MarshalJSON() ([]byte, error) { + he.Kind = KindHost + objectMap := make(map[string]interface{}) + if he.HostEntityProperties != nil { + objectMap["properties"] = he.HostEntityProperties } - err = iter.page.NextWithContext(ctx) - if err != nil { - iter.i-- - return err + if he.Kind != "" { + objectMap["kind"] = he.Kind } - iter.i = 0 - return nil + return json.Marshal(objectMap) } -// Next advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (iter *OfficeConsentListIterator) Next() error { - return iter.NextWithContext(context.Background()) +// AsAccountEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false } -// NotDone returns true if the enumeration should be started or is not yet complete. -func (iter OfficeConsentListIterator) NotDone() bool { - return iter.page.NotDone() && iter.i < len(iter.page.Values()) +// AsAzureResourceEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false } -// Response returns the raw server response from the last page request. -func (iter OfficeConsentListIterator) Response() OfficeConsentList { - return iter.page.Response() +// AsCloudApplicationEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false } -// Value returns the current value or a zero-initialized value if the -// iterator has advanced beyond the end of the collection. -func (iter OfficeConsentListIterator) Value() OfficeConsent { - if !iter.page.NotDone() { - return OfficeConsent{} - } - return iter.page.Values()[iter.i] +// AsDNSEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false } -// Creates a new instance of the OfficeConsentListIterator type. -func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator { - return OfficeConsentListIterator{page: page} +// AsFileEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false } -// IsEmpty returns true if the ListResult contains no values. -func (ocl OfficeConsentList) IsEmpty() bool { - return ocl.Value == nil || len(*ocl.Value) == 0 +// AsFileHashEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false } -// officeConsentListPreparer prepares a request to retrieve the next set of results. -// It returns nil if no more results exist. -func (ocl OfficeConsentList) officeConsentListPreparer(ctx context.Context) (*http.Request, error) { - if ocl.NextLink == nil || len(to.String(ocl.NextLink)) < 1 { - return nil, nil - } - return autorest.Prepare((&http.Request{}).WithContext(ctx), - autorest.AsJSON(), - autorest.AsGet(), - autorest.WithBaseURL(to.String(ocl.NextLink))) +// AsHostEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsHostEntity() (*HostEntity, bool) { + return &he, true } -// OfficeConsentListPage contains a page of OfficeConsent values. -type OfficeConsentListPage struct { - fn func(context.Context, OfficeConsentList) (OfficeConsentList, error) - ocl OfficeConsentList +// AsIPEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false } -// NextWithContext advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListPage.NextWithContext") - defer func() { - sc := -1 - if page.Response().Response.Response != nil { - sc = page.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - next, err := page.fn(ctx, page.ocl) - if err != nil { - return err - } - page.ocl = next - return nil +// AsMalwareEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false } -// Next advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (page *OfficeConsentListPage) Next() error { - return page.NextWithContext(context.Background()) +// AsProcessEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false } -// NotDone returns true if the page enumeration should be started or is not yet complete. -func (page OfficeConsentListPage) NotDone() bool { - return !page.ocl.IsEmpty() +// AsRegistryKeyEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false } -// Response returns the raw server response from the last page request. -func (page OfficeConsentListPage) Response() OfficeConsentList { - return page.ocl +// AsRegistryValueEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false } -// Values returns the slice of values for the current page or nil if there are no values. -func (page OfficeConsentListPage) Values() []OfficeConsent { - if page.ocl.IsEmpty() { - return nil - } - return *page.ocl.Value +// AsSecurityAlert is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false } -// Creates a new instance of the OfficeConsentListPage type. -func NewOfficeConsentListPage(getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage { - return OfficeConsentListPage{fn: getNextPage} +// AsSecurityGroupEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for HostEntity. +func (he HostEntity) AsBasicEntity() (BasicEntity, bool) { + return &he, true +} + +// UnmarshalJSON is the custom unmarshaler for HostEntity struct. +func (he *HostEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var hostEntityProperties HostEntityProperties + err = json.Unmarshal(*v, &hostEntityProperties) + if err != nil { + return err + } + he.HostEntityProperties = &hostEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + he.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + he.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + he.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + he.Kind = kind + } + } + } + + return nil +} + +// HostEntityProperties host entity property bag. +type HostEntityProperties struct { + // AzureID - READ-ONLY; The azure resource id of the VM. + AzureID *string `json:"azureID,omitempty"` + // DNSDomain - READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain + DNSDomain *string `json:"dnsDomain,omitempty"` + // HostName - READ-ONLY; The hostname without the domain suffix. + HostName *string `json:"hostName,omitempty"` + // IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain. + IsDomainJoined *bool `json:"isDomainJoined,omitempty"` + // NetBiosName - READ-ONLY; The host name (pre-windows2000). + NetBiosName *string `json:"netBiosName,omitempty"` + // NtDomain - READ-ONLY; The NT domain that this host belongs to. + NtDomain *string `json:"ntDomain,omitempty"` + // OmsAgentID - READ-ONLY; The OMS agent id, if the host has OMS agent installed. + OmsAgentID *string `json:"omsAgentID,omitempty"` + // OsFamily - The operating system type. Possible values include: 'Linux', 'Windows', 'Android', 'IOS' + OsFamily OSFamily `json:"osFamily,omitempty"` + // OsVersion - READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration + OsVersion *string `json:"osVersion,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for HostEntityProperties. +func (hep HostEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if hep.OsFamily != "" { + objectMap["osFamily"] = hep.OsFamily + } + return json.Marshal(objectMap) +} + +// IPEntity represents an ip entity. +type IPEntity struct { + // IPEntityProperties - Ip entity properties + *IPEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for IPEntity. +func (ie IPEntity) MarshalJSON() ([]byte, error) { + ie.Kind = KindIP + objectMap := make(map[string]interface{}) + if ie.IPEntityProperties != nil { + objectMap["properties"] = ie.IPEntityProperties + } + if ie.Kind != "" { + objectMap["kind"] = ie.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsIPEntity() (*IPEntity, bool) { + return &ie, true +} + +// AsMalwareEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsBasicEntity() (BasicEntity, bool) { + return &ie, true +} + +// UnmarshalJSON is the custom unmarshaler for IPEntity struct. +func (ie *IPEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var IPEntityProperties IPEntityProperties + err = json.Unmarshal(*v, &IPEntityProperties) + if err != nil { + return err + } + ie.IPEntityProperties = &IPEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ie.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ie.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ie.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ie.Kind = kind + } + } + } + + return nil +} + +// IPEntityProperties ip entity property bag. +type IPEntityProperties struct { + // Address - READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) + Address *string `json:"address,omitempty"` + // Location - The geo-location context attached to the ip entity + Location *GeoLocation `json:"location,omitempty"` + // ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity. + ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for IPEntityProperties. +func (iep IPEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if iep.Location != nil { + objectMap["location"] = iep.Location + } + return json.Marshal(objectMap) +} + +// MalwareEntity represents a malware entity. +type MalwareEntity struct { + // MalwareEntityProperties - File entity properties + *MalwareEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for MalwareEntity. +func (me MalwareEntity) MarshalJSON() ([]byte, error) { + me.Kind = KindMalware + objectMap := make(map[string]interface{}) + if me.MalwareEntityProperties != nil { + objectMap["properties"] = me.MalwareEntityProperties + } + if me.Kind != "" { + objectMap["kind"] = me.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return &me, true +} + +// AsProcessEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for MalwareEntity. +func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool) { + return &me, true +} + +// UnmarshalJSON is the custom unmarshaler for MalwareEntity struct. +func (me *MalwareEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var malwareEntityProperties MalwareEntityProperties + err = json.Unmarshal(*v, &malwareEntityProperties) + if err != nil { + return err + } + me.MalwareEntityProperties = &malwareEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + me.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + me.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + me.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + me.Kind = kind + } + } + } + + return nil +} + +// MalwareEntityProperties malware entity property bag. +type MalwareEntityProperties struct { + // Category - READ-ONLY; The malware category by the vendor, e.g. Trojan + Category *string `json:"category,omitempty"` + // FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found + FileEntityIds *[]string `json:"fileEntityIds,omitempty"` + // MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn + MalwareName *string `json:"malwareName,omitempty"` + // ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found. + ProcessEntityIds *[]string `json:"processEntityIds,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for MalwareEntityProperties. +func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector. +type MCASDataConnector struct { + // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. + *MCASDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for MCASDataConnector. +func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftCloudAppSecurity + objectMap := make(map[string]interface{}) + if mdc.MCASDataConnectorProperties != nil { + objectMap["properties"] = mdc.MCASDataConnectorProperties + } + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag + } + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return &mdc, true +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true +} + +// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. +func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var mCASDataConnectorProperties MCASDataConnectorProperties + err = json.Unmarshal(*v, &mCASDataConnectorProperties) + if err != nil { + return err + } + mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + mdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + mdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + mdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + mdc.Kind = kind + } + } + } + + return nil +} + +// MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data +// connector. +type MCASDataConnectorDataTypes struct { + // DiscoveryLogs - Discovery log data type connection. + DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"` + // Alerts - Alerts data type connection. + Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` +} + +// MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection. +type MCASDataConnectorDataTypesDiscoveryLogs struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. +type MCASDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. +type MDATPDataConnector struct { + // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. + *MDATPDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for MDATPDataConnector. +func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftDefenderAdvancedThreatProtection + objectMap := make(map[string]interface{}) + if mdc.MDATPDataConnectorProperties != nil { + objectMap["properties"] = mdc.MDATPDataConnectorProperties + } + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag + } + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return &mdc, true +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true +} + +// UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct. +func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var mDATPDataConnectorProperties MDATPDataConnectorProperties + err = json.Unmarshal(*v, &mDATPDataConnectorProperties) + if err != nil { + return err + } + mdc.MDATPDataConnectorProperties = &mDATPDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + mdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + mdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + mdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + mdc.Kind = kind + } + } + } + + return nil +} + +// MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector +// properties. +type MDATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// OfficeConsent consent for Office365 tenant that already made. +type OfficeConsent struct { + autorest.Response `json:"-"` + // OfficeConsentProperties - Office consent properties + *OfficeConsentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeConsent. +func (oc OfficeConsent) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if oc.OfficeConsentProperties != nil { + objectMap["properties"] = oc.OfficeConsentProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. +func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeConsentProperties OfficeConsentProperties + err = json.Unmarshal(*v, &officeConsentProperties) + if err != nil { + return err + } + oc.OfficeConsentProperties = &officeConsentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + oc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + oc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + oc.Type = &typeVar + } + } + } + + return nil +} + +// OfficeConsentList list of all the office365 consents. +type OfficeConsentList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of office consents. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of the consents. + Value *[]OfficeConsent `json:"value,omitempty"` +} + +// OfficeConsentListIterator provides access to a complete listing of OfficeConsent values. +type OfficeConsentListIterator struct { + i int + page OfficeConsentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *OfficeConsentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter OfficeConsentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter OfficeConsentListIterator) Response() OfficeConsentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter OfficeConsentListIterator) Value() OfficeConsent { + if !iter.page.NotDone() { + return OfficeConsent{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the OfficeConsentListIterator type. +func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator { + return OfficeConsentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (ocl OfficeConsentList) IsEmpty() bool { + return ocl.Value == nil || len(*ocl.Value) == 0 +} + +// officeConsentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (ocl OfficeConsentList) officeConsentListPreparer(ctx context.Context) (*http.Request, error) { + if ocl.NextLink == nil || len(to.String(ocl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(ocl.NextLink))) +} + +// OfficeConsentListPage contains a page of OfficeConsent values. +type OfficeConsentListPage struct { + fn func(context.Context, OfficeConsentList) (OfficeConsentList, error) + ocl OfficeConsentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OfficeConsentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.ocl) + if err != nil { + return err + } + page.ocl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *OfficeConsentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page OfficeConsentListPage) NotDone() bool { + return !page.ocl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page OfficeConsentListPage) Response() OfficeConsentList { + return page.ocl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page OfficeConsentListPage) Values() []OfficeConsent { + if page.ocl.IsEmpty() { + return nil + } + return *page.ocl.Value +} + +// Creates a new instance of the OfficeConsentListPage type. +func NewOfficeConsentListPage(getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage { + return OfficeConsentListPage{fn: getNextPage} +} + +// OfficeConsentProperties consent property bag. +type OfficeConsentProperties struct { + // TenantID - The tenantId of the Office365 with the consent. + TenantID *string `json:"tenantId,omitempty"` + // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. + TenantName *string `json:"tenantName,omitempty"` +} + +// OfficeDataConnector represents office data connector. +type OfficeDataConnector struct { + // OfficeDataConnectorProperties - Office data connector properties. + *OfficeDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the data connector. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeDataConnector. +func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { + odc.Kind = KindOffice365 + objectMap := make(map[string]interface{}) + if odc.OfficeDataConnectorProperties != nil { + objectMap["properties"] = odc.OfficeDataConnectorProperties + } + if odc.Etag != nil { + objectMap["etag"] = odc.Etag + } + if odc.Kind != "" { + objectMap["kind"] = odc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return &odc, true +} + +// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &odc, true +} + +// UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct. +func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeDataConnectorProperties OfficeDataConnectorProperties + err = json.Unmarshal(*v, &officeDataConnectorProperties) + if err != nil { + return err + } + odc.OfficeDataConnectorProperties = &officeDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + odc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + odc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + odc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + odc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + odc.Kind = kind + } + } + } + + return nil +} + +// OfficeDataConnectorDataTypes the available data types for office data connector. +type OfficeDataConnectorDataTypes struct { + // Exchange - Exchange data type connection. + Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` + // SharePoint - SharePoint data type connection. + SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` +} + +// OfficeDataConnectorDataTypesExchange exchange data type connection. +type OfficeDataConnectorDataTypesExchange struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// OfficeDataConnectorDataTypesSharePoint sharePoint data type connection. +type OfficeDataConnectorDataTypesSharePoint struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// OfficeDataConnectorProperties office data connector properties. +type OfficeDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// Operation operation provided by provider +type Operation struct { + // Display - Properties of the operation + Display *OperationDisplay `json:"display,omitempty"` + // Name - Name of the operation + Name *string `json:"name,omitempty"` +} + +// OperationDisplay properties of the operation +type OperationDisplay struct { + // Description - Description of the operation + Description *string `json:"description,omitempty"` + // Operation - Operation name + Operation *string `json:"operation,omitempty"` + // Provider - Provider name + Provider *string `json:"provider,omitempty"` + // Resource - Resource name + Resource *string `json:"resource,omitempty"` +} + +// OperationsList lists the operations available in the SecurityInsights RP. +type OperationsList struct { + autorest.Response `json:"-"` + // NextLink - URL to fetch the next set of operations. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of operations + Value *[]Operation `json:"value,omitempty"` +} + +// OperationsListIterator provides access to a complete listing of Operation values. +type OperationsListIterator struct { + i int + page OperationsListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *OperationsListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter OperationsListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter OperationsListIterator) Response() OperationsList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter OperationsListIterator) Value() Operation { + if !iter.page.NotDone() { + return Operation{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the OperationsListIterator type. +func NewOperationsListIterator(page OperationsListPage) OperationsListIterator { + return OperationsListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (ol OperationsList) IsEmpty() bool { + return ol.Value == nil || len(*ol.Value) == 0 +} + +// operationsListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (ol OperationsList) operationsListPreparer(ctx context.Context) (*http.Request, error) { + if ol.NextLink == nil || len(to.String(ol.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(ol.NextLink))) +} + +// OperationsListPage contains a page of Operation values. +type OperationsListPage struct { + fn func(context.Context, OperationsList) (OperationsList, error) + ol OperationsList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.ol) + if err != nil { + return err + } + page.ol = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *OperationsListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page OperationsListPage) NotDone() bool { + return !page.ol.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page OperationsListPage) Response() OperationsList { + return page.ol +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page OperationsListPage) Values() []Operation { + if page.ol.IsEmpty() { + return nil + } + return *page.ol.Value +} + +// Creates a new instance of the OperationsListPage type. +func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { + return OperationsListPage{fn: getNextPage} +} + +// ProcessEntity represents a process entity. +type ProcessEntity struct { + // ProcessEntityProperties - Process entity properties + *ProcessEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ProcessEntity. +func (peVar ProcessEntity) MarshalJSON() ([]byte, error) { + peVar.Kind = KindProcess + objectMap := make(map[string]interface{}) + if peVar.ProcessEntityProperties != nil { + objectMap["properties"] = peVar.ProcessEntityProperties + } + if peVar.Kind != "" { + objectMap["kind"] = peVar.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool) { + return &peVar, true +} + +// AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for ProcessEntity. +func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool) { + return &peVar, true +} + +// UnmarshalJSON is the custom unmarshaler for ProcessEntity struct. +func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var processEntityProperties ProcessEntityProperties + err = json.Unmarshal(*v, &processEntityProperties) + if err != nil { + return err + } + peVar.ProcessEntityProperties = &processEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + peVar.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + peVar.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + peVar.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + peVar.Kind = kind + } + } + } + + return nil +} + +// ProcessEntityProperties process entity property bag. +type ProcessEntityProperties struct { + // AccountEntityID - READ-ONLY; The account entity id running the processes. + AccountEntityID *string `json:"accountEntityId,omitempty"` + // CommandLine - READ-ONLY; The command line used to create the process + CommandLine *string `json:"commandLine,omitempty"` + // CreationTimeUtc - READ-ONLY; The time when the process started to run + CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"` + // ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited' + ElevationToken ElevationToken `json:"elevationToken,omitempty"` + // HostEntityID - READ-ONLY; The host entity id on which the process was running + HostEntityID *string `json:"hostEntityId,omitempty"` + // HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running + HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"` + // ImageFileEntityID - READ-ONLY; Image file entity id + ImageFileEntityID *string `json:"imageFileEntityId,omitempty"` + // ParentProcessEntityID - READ-ONLY; The parent process entity id. + ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"` + // ProcessID - READ-ONLY; The process ID + ProcessID *string `json:"processId,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for ProcessEntityProperties. +func (pep ProcessEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if pep.ElevationToken != "" { + objectMap["elevationToken"] = pep.ElevationToken + } + return json.Marshal(objectMap) +} + +// RegistryKeyEntity represents a registry key entity. +type RegistryKeyEntity struct { + // RegistryKeyEntityProperties - RegistryKey entity properties + *RegistryKeyEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for RegistryKeyEntity. +func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error) { + rke.Kind = KindRegistryKey + objectMap := make(map[string]interface{}) + if rke.RegistryKeyEntityProperties != nil { + objectMap["properties"] = rke.RegistryKeyEntityProperties + } + if rke.Kind != "" { + objectMap["kind"] = rke.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return &rke, true +} + +// AsRegistryValueEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for RegistryKeyEntity. +func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool) { + return &rke, true +} + +// UnmarshalJSON is the custom unmarshaler for RegistryKeyEntity struct. +func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var registryKeyEntityProperties RegistryKeyEntityProperties + err = json.Unmarshal(*v, ®istryKeyEntityProperties) + if err != nil { + return err + } + rke.RegistryKeyEntityProperties = ®istryKeyEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + rke.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + rke.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + rke.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + rke.Kind = kind + } + } + } + + return nil +} + +// RegistryKeyEntityProperties registryKey entity property bag. +type RegistryKeyEntityProperties struct { + // Hive - READ-ONLY; the hive that holds the registry key. Possible values include: 'HKEYLOCALMACHINE', 'HKEYCLASSESROOT', 'HKEYCURRENTCONFIG', 'HKEYUSERS', 'HKEYCURRENTUSERLOCALSETTINGS', 'HKEYPERFORMANCEDATA', 'HKEYPERFORMANCENLSTEXT', 'HKEYPERFORMANCETEXT', 'HKEYA', 'HKEYCURRENTUSER' + Hive RegistryHive `json:"hive,omitempty"` + // Key - READ-ONLY; The registry key path. + Key *string `json:"key,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for RegistryKeyEntityProperties. +func (rkep RegistryKeyEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// RegistryValueEntity represents a registry value entity. +type RegistryValueEntity struct { + // RegistryValueEntityProperties - RegistryKey entity properties + *RegistryValueEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for RegistryValueEntity. +func (rve RegistryValueEntity) MarshalJSON() ([]byte, error) { + rve.Kind = KindRegistryValue + objectMap := make(map[string]interface{}) + if rve.RegistryValueEntityProperties != nil { + objectMap["properties"] = rve.RegistryValueEntityProperties + } + if rve.Kind != "" { + objectMap["kind"] = rve.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return &rve, true +} + +// AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool) { + return &rve, true +} + +// UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct. +func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var registryValueEntityProperties RegistryValueEntityProperties + err = json.Unmarshal(*v, ®istryValueEntityProperties) + if err != nil { + return err + } + rve.RegistryValueEntityProperties = ®istryValueEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + rve.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + rve.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + rve.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + rve.Kind = kind + } + } + } + + return nil +} + +// RegistryValueEntityProperties registryValue entity property bag. +type RegistryValueEntityProperties struct { + // KeyEntityID - READ-ONLY; The registry key entity id. + KeyEntityID *string `json:"keyEntityId,omitempty"` + // ValueData - READ-ONLY; String formatted representation of the value data. + ValueData *string `json:"valueData,omitempty"` + // ValueName - READ-ONLY; The registry value name. + ValueName *string `json:"valueName,omitempty"` + // ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord' + ValueType RegistryValueKind `json:"valueType,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for RegistryValueEntityProperties. +func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// Resource an azure resource object +type Resource struct { + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// ScheduledAlertRule represents scheduled alert rule. +type ScheduledAlertRule struct { + // ScheduledAlertRuleProperties - Scheduled alert rule properties + *ScheduledAlertRuleProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' + Kind KindBasicAlertRule `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ScheduledAlertRule. +func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) { + sar.Kind = KindScheduled + objectMap := make(map[string]interface{}) + if sar.ScheduledAlertRuleProperties != nil { + objectMap["properties"] = sar.ScheduledAlertRuleProperties + } + if sar.Etag != nil { + objectMap["etag"] = sar.Etag + } + if sar.Kind != "" { + objectMap["kind"] = sar.Kind + } + return json.Marshal(objectMap) +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return &sar, true +} + +// AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool) { + return nil, false +} + +// AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &sar, true +} + +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct. +func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var scheduledAlertRuleProperties ScheduledAlertRuleProperties + err = json.Unmarshal(*v, &scheduledAlertRuleProperties) + if err != nil { + return err + } + sar.ScheduledAlertRuleProperties = &scheduledAlertRuleProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sar.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sar.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sar.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + sar.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicAlertRule + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + sar.Kind = kind + } + } + } + + return nil } -// OfficeConsentProperties consent property bag. -type OfficeConsentProperties struct { - // TenantID - The tenantId of the Office365 with the consent. - TenantID *string `json:"tenantId,omitempty"` - // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. - TenantName *string `json:"tenantName,omitempty"` +// ScheduledAlertRuleProperties alert rule property bag. +type ScheduledAlertRuleProperties struct { + // Description - The description of the alert rule. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. + LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. + SuppressionDuration *string `json:"suppressionDuration,omitempty"` + // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. + SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` } -// OfficeDataConnector represents office data connector. -type OfficeDataConnector struct { - // OfficeDataConnectorProperties - Office data connector properties. - *OfficeDataConnectorProperties `json:"properties,omitempty"` +// ScheduledAlertRuleTemplate represents scheduled alert rule template. +type ScheduledAlertRuleTemplate struct { + // ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties + *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` - // Etag - Etag of the data connector. + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' - Kind KindBasicDataConnector `json:"kind,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for OfficeDataConnector. -func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { - odc.Kind = KindOffice365 +// MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) { + sart.Kind = KindBasicAlertRuleTemplateKindScheduled objectMap := make(map[string]interface{}) - if odc.OfficeDataConnectorProperties != nil { - objectMap["properties"] = odc.OfficeDataConnectorProperties + if sart.ScheduledAlertRuleTemplateProperties != nil { + objectMap["properties"] = sart.ScheduledAlertRuleTemplateProperties } - if odc.Etag != nil { - objectMap["etag"] = odc.Etag + if sart.Etag != nil { + objectMap["etag"] = sart.Etag } - if odc.Kind != "" { - objectMap["kind"] = odc.Kind + if sart.Kind != "" { + objectMap["kind"] = sart.Kind } return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { - return &odc, true -} - -// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return nil, false -} - -// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { - return nil, false -} - -// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { - return nil, false +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return &sart, true } -// AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) { +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { return nil, false } -// AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector. -func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { - return &odc, true +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &sart, true } -// UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct. -func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct. +func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -3898,12 +8277,12 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var officeDataConnectorProperties OfficeDataConnectorProperties - err = json.Unmarshal(*v, &officeDataConnectorProperties) + var scheduledAlertRuleTemplateProperties ScheduledAlertRuleTemplateProperties + err = json.Unmarshal(*v, &scheduledAlertRuleTemplateProperties) if err != nil { return err } - odc.OfficeDataConnectorProperties = &officeDataConnectorProperties + sart.ScheduledAlertRuleTemplateProperties = &scheduledAlertRuleTemplateProperties } case "id": if v != nil { @@ -3912,25 +8291,25 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - odc.ID = &ID + sart.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - odc.Type = &typeVar + sart.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - odc.Name = &name + sart.Type = &typeVar } case "etag": if v != nil { @@ -3939,16 +8318,16 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { if err != nil { return err } - odc.Etag = &etag + sart.Etag = &etag } case "kind": if v != nil { - var kind KindBasicDataConnector + var kind KindBasicAlertRuleTemplate err = json.Unmarshal(*v, &kind) if err != nil { return err } - odc.Kind = kind + sart.Kind = kind } } } @@ -3956,259 +8335,405 @@ func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { return nil } -// OfficeDataConnectorDataTypes the available data types for office data connector. -type OfficeDataConnectorDataTypes struct { - // SharePoint - SharePoint data type connection. - SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` - // Exchange - Exchange data type connection. - Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` +// ScheduledAlertRuleTemplateProperties scheduled alert rule template properties +type ScheduledAlertRuleTemplateProperties struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` } -// OfficeDataConnectorDataTypesExchange exchange data type connection. -type OfficeDataConnectorDataTypesExchange struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` +// ScheduledAlertRuleTemplatePropertiesModel schedule alert rule template property bag. +type ScheduledAlertRuleTemplatePropertiesModel struct { + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` } -// OfficeDataConnectorDataTypesSharePoint sharePoint data type connection. -type OfficeDataConnectorDataTypesSharePoint struct { - // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' - State DataTypeState `json:"state,omitempty"` +// SecurityAlert represents a security alert entity. +type SecurityAlert struct { + // SecurityAlertProperties - SecurityAlert entity properties + *SecurityAlertProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` } -// OfficeDataConnectorProperties office data connector properties. -type OfficeDataConnectorProperties struct { - // DataTypes - The available data types for the connector. - DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` - // TenantID - The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` +// MarshalJSON is the custom marshaler for SecurityAlert. +func (sa SecurityAlert) MarshalJSON() ([]byte, error) { + sa.Kind = KindSecurityAlert + objectMap := make(map[string]interface{}) + if sa.SecurityAlertProperties != nil { + objectMap["properties"] = sa.SecurityAlertProperties + } + if sa.Kind != "" { + objectMap["kind"] = sa.Kind + } + return json.Marshal(objectMap) } -// Operation operation provided by provider -type Operation struct { - // Name - Name of the operation - Name *string `json:"name,omitempty"` - // Display - Properties of the operation - Display *OperationDisplay `json:"display,omitempty"` +// AsAccountEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool) { + return nil, false } -// OperationDisplay properties of the operation -type OperationDisplay struct { - // Provider - Provider name - Provider *string `json:"provider,omitempty"` - // Resource - Resource name - Resource *string `json:"resource,omitempty"` - // Operation - Operation name - Operation *string `json:"operation,omitempty"` - // Description - Description of the operation - Description *string `json:"description,omitempty"` +// AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false } -// OperationsList lists the operations available in the SecurityInsights RP. -type OperationsList struct { - autorest.Response `json:"-"` - // NextLink - URL to fetch the next set of operations. - NextLink *string `json:"nextLink,omitempty"` - // Value - Array of operations - Value *[]Operation `json:"value,omitempty"` +// AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false } -// OperationsListIterator provides access to a complete listing of Operation values. -type OperationsListIterator struct { - i int - page OperationsListPage +// AsDNSEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool) { + return nil, false } -// NextWithContext advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListIterator.NextWithContext") - defer func() { - sc := -1 - if iter.Response().Response.Response != nil { - sc = iter.Response().Response.Response.StatusCode +// AsFileEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) { + return &sa, true +} + +// AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for SecurityAlert. +func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool) { + return &sa, true +} + +// UnmarshalJSON is the custom unmarshaler for SecurityAlert struct. +func (sa *SecurityAlert) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var securityAlertProperties SecurityAlertProperties + err = json.Unmarshal(*v, &securityAlertProperties) + if err != nil { + return err + } + sa.SecurityAlertProperties = &securityAlertProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sa.ID = &ID } - tracing.EndSpan(ctx, sc, err) - }() - } - iter.i++ - if iter.i < len(iter.page.Values()) { - return nil - } - err = iter.page.NextWithContext(ctx) - if err != nil { - iter.i-- - return err + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sa.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sa.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + sa.Kind = kind + } + } } - iter.i = 0 + return nil } -// Next advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (iter *OperationsListIterator) Next() error { - return iter.NextWithContext(context.Background()) +// SecurityAlertProperties securityAlert entity property bag. +type SecurityAlertProperties struct { + // AlertDisplayName - READ-ONLY; The display name of the alert. + AlertDisplayName *string `json:"alertDisplayName,omitempty"` + // AlertType - READ-ONLY; The type name of the alert. + AlertType *string `json:"alertType,omitempty"` + // CompromisedEntity - READ-ONLY; Display name of the main entity being reported on. + CompromisedEntity *string `json:"compromisedEntity,omitempty"` + // ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh' + ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"` + // ConfidenceReasons - READ-ONLY; The confidence reasons + ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"` + // ConfidenceScore - READ-ONLY; The confidence score of the alert. + ConfidenceScore *float64 `json:"confidenceScore,omitempty"` + // ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final' + ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` + // Description - READ-ONLY; Alert description. + Description *string `json:"description,omitempty"` + // EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert). + EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` + // Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact' + Intent KillChainIntent `json:"intent,omitempty"` + // ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption. + ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"` + // ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert. + ProductComponentName *string `json:"productComponentName,omitempty"` + // ProductName - READ-ONLY; The name of the product which published this alert. + ProductName *string `json:"productName,omitempty"` + // ProductVersion - READ-ONLY; The version of the product generating the alert. + ProductVersion *string `json:"productVersion,omitempty"` + // RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert. + RemediationSteps *[]string `json:"remediationSteps,omitempty"` + // Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert). + StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` + // Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress' + Status AlertStatus `json:"status,omitempty"` + // SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product. + SystemAlertID *string `json:"systemAlertId,omitempty"` + // TimeGenerated - READ-ONLY; The time the alert was generated. + TimeGenerated *date.Time `json:"timeGenerated,omitempty"` + // VendorName - READ-ONLY; The name of the vendor that raise the alert. + VendorName *string `json:"vendorName,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for SecurityAlertProperties. +func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if sap.Severity != "" { + objectMap["severity"] = sap.Severity + } + return json.Marshal(objectMap) } -// NotDone returns true if the enumeration should be started or is not yet complete. -func (iter OperationsListIterator) NotDone() bool { - return iter.page.NotDone() && iter.i < len(iter.page.Values()) +// SecurityAlertPropertiesConfidenceReasonsItem confidence reason item +type SecurityAlertPropertiesConfidenceReasonsItem struct { + // Reason - READ-ONLY; The reason's description + Reason *string `json:"reason,omitempty"` + // ReasonType - READ-ONLY; The type (category) of the reason + ReasonType *string `json:"reasonType,omitempty"` } -// Response returns the raw server response from the last page request. -func (iter OperationsListIterator) Response() OperationsList { - return iter.page.Response() +// SecurityGroupEntity represents a security group entity. +type SecurityGroupEntity struct { + // SecurityGroupEntityProperties - SecurityGroup entity properties + *SecurityGroupEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` } -// Value returns the current value or a zero-initialized value if the -// iterator has advanced beyond the end of the collection. -func (iter OperationsListIterator) Value() Operation { - if !iter.page.NotDone() { - return Operation{} +// MarshalJSON is the custom marshaler for SecurityGroupEntity. +func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error) { + sge.Kind = KindSecurityGroup + objectMap := make(map[string]interface{}) + if sge.SecurityGroupEntityProperties != nil { + objectMap["properties"] = sge.SecurityGroupEntityProperties } - return iter.page.Values()[iter.i] + if sge.Kind != "" { + objectMap["kind"] = sge.Kind + } + return json.Marshal(objectMap) } -// Creates a new instance of the OperationsListIterator type. -func NewOperationsListIterator(page OperationsListPage) OperationsListIterator { - return OperationsListIterator{page: page} +// AsAccountEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false } -// IsEmpty returns true if the ListResult contains no values. -func (ol OperationsList) IsEmpty() bool { - return ol.Value == nil || len(*ol.Value) == 0 +// AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false } -// operationsListPreparer prepares a request to retrieve the next set of results. -// It returns nil if no more results exist. -func (ol OperationsList) operationsListPreparer(ctx context.Context) (*http.Request, error) { - if ol.NextLink == nil || len(to.String(ol.NextLink)) < 1 { - return nil, nil - } - return autorest.Prepare((&http.Request{}).WithContext(ctx), - autorest.AsJSON(), - autorest.AsGet(), - autorest.WithBaseURL(to.String(ol.NextLink))) +// AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false } -// OperationsListPage contains a page of Operation values. -type OperationsListPage struct { - fn func(context.Context, OperationsList) (OperationsList, error) - ol OperationsList +// AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false } -// NextWithContext advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListPage.NextWithContext") - defer func() { - sc := -1 - if page.Response().Response.Response != nil { - sc = page.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) - }() - } - next, err := page.fn(ctx, page.ol) - if err != nil { - return err - } - page.ol = next - return nil +// AsFileEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false } -// Next advances to the next page of values. If there was an error making -// the request the page does not advance and the error is returned. -// Deprecated: Use NextWithContext() instead. -func (page *OperationsListPage) Next() error { - return page.NextWithContext(context.Background()) +// AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false } -// NotDone returns true if the page enumeration should be started or is not yet complete. -func (page OperationsListPage) NotDone() bool { - return !page.ol.IsEmpty() +// AsHostEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false } -// Response returns the raw server response from the last page request. -func (page OperationsListPage) Response() OperationsList { - return page.ol +// AsIPEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false } -// Values returns the slice of values for the current page or nil if there are no values. -func (page OperationsListPage) Values() []Operation { - if page.ol.IsEmpty() { - return nil - } - return *page.ol.Value +// AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false } -// Creates a new instance of the OperationsListPage type. -func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { - return OperationsListPage{fn: getNextPage} +// AsProcessEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false } -// Resource an azure resource object -type Resource struct { - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` +// AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false } -// ScheduledAlertRule represents scheduled alert rule. -type ScheduledAlertRule struct { - // ScheduledAlertRuleProperties - Scheduled alert rule properties - *ScheduledAlertRuleProperties `json:"properties,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Etag - Etag of the alert rule. - Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindAlertRule', 'KindScheduled' - Kind Kind `json:"kind,omitempty"` +// AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false } -// MarshalJSON is the custom marshaler for ScheduledAlertRule. -func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) { - sar.Kind = KindScheduled - objectMap := make(map[string]interface{}) - if sar.ScheduledAlertRuleProperties != nil { - objectMap["properties"] = sar.ScheduledAlertRuleProperties - } - if sar.Etag != nil { - objectMap["etag"] = sar.Etag - } - if sar.Kind != "" { - objectMap["kind"] = sar.Kind - } - return json.Marshal(objectMap) +// AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false } -// AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { - return &sar, true +// AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return &sge, true } -// AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool) { +// AsURLEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. -func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { - return &sar, true +// AsEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsEntity() (*Entity, bool) { + return nil, false } -// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct. -func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { +// AsBasicEntity is the BasicEntity implementation for SecurityGroupEntity. +func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool) { + return &sge, true +} + +// UnmarshalJSON is the custom unmarshaler for SecurityGroupEntity struct. +func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -4218,12 +8743,12 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var scheduledAlertRuleProperties ScheduledAlertRuleProperties - err = json.Unmarshal(*v, &scheduledAlertRuleProperties) + var securityGroupEntityProperties SecurityGroupEntityProperties + err = json.Unmarshal(*v, &securityGroupEntityProperties) if err != nil { return err } - sar.ScheduledAlertRuleProperties = &scheduledAlertRuleProperties + sge.SecurityGroupEntityProperties = &securityGroupEntityProperties } case "id": if v != nil { @@ -4232,16 +8757,7 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { if err != nil { return err } - sar.ID = &ID - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - sar.Type = &typeVar + sge.ID = &ID } case "name": if v != nil { @@ -4250,25 +8766,25 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { if err != nil { return err } - sar.Name = &name + sge.Name = &name } - case "etag": + case "type": if v != nil { - var etag string - err = json.Unmarshal(*v, &etag) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - sar.Etag = &etag + sge.Type = &typeVar } case "kind": if v != nil { - var kind Kind + var kind KindBasicEntity err = json.Unmarshal(*v, &kind) if err != nil { return err } - sar.Kind = kind + sge.Kind = kind } } } @@ -4276,38 +8792,30 @@ func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { return nil } -// ScheduledAlertRuleProperties alert rule property bag. -type ScheduledAlertRuleProperties struct { - // DisplayName - The display name for alerts created by this alert rule. - DisplayName *string `json:"displayName,omitempty"` - // Description - The description of the alert rule. - Description *string `json:"description,omitempty"` - // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' - Severity AlertSeverity `json:"severity,omitempty"` - // Enabled - Determines whether this alert rule is enabled or disabled. - Enabled *bool `json:"enabled,omitempty"` - // Query - The query that creates alerts for this rule. - Query *string `json:"query,omitempty"` - // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. - QueryFrequency *string `json:"queryFrequency,omitempty"` - // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. - QueryPeriod *string `json:"queryPeriod,omitempty"` - // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' - TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` - // TriggerThreshold - The threshold triggers this alert rule. - TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` - // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. - SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` - // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. - SuppressionDuration *string `json:"suppressionDuration,omitempty"` - // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` +// SecurityGroupEntityProperties securityGroup entity property bag. +type SecurityGroupEntityProperties struct { + // DistinguishedName - READ-ONLY; The group distinguished name + DistinguishedName *string `json:"distinguishedName,omitempty"` + // ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory. + ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` + // Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group + Sid *string `json:"sid,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for SecurityGroupEntityProperties. +func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) } // BasicSettings the Setting. type BasicSettings interface { - AsUebaSettings() (*UebaSettings, bool) AsToggleSettings() (*ToggleSettings, bool) + AsUebaSettings() (*UebaSettings, bool) AsSettings() (*Settings, bool) } @@ -4316,13 +8824,13 @@ type Settings struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings' + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -4334,14 +8842,14 @@ func unmarshalBasicSettings(body []byte) (BasicSettings, error) { } switch m["kind"] { - case string(KindUebaSettings): - var us UebaSettings - err := json.Unmarshal(body, &us) - return us, err case string(KindToggleSettings): var ts ToggleSettings err := json.Unmarshal(body, &ts) return ts, err + case string(KindUebaSettings): + var us UebaSettings + err := json.Unmarshal(body, &us) + return us, err default: var s Settings err := json.Unmarshal(body, &s) @@ -4380,13 +8888,13 @@ func (s Settings) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsUebaSettings is the BasicSettings implementation for Settings. -func (s Settings) AsUebaSettings() (*UebaSettings, bool) { +// AsToggleSettings is the BasicSettings implementation for Settings. +func (s Settings) AsToggleSettings() (*ToggleSettings, bool) { return nil, false } -// AsToggleSettings is the BasicSettings implementation for Settings. -func (s Settings) AsToggleSettings() (*ToggleSettings, bool) { +// AsUebaSettings is the BasicSettings implementation for Settings. +func (s Settings) AsUebaSettings() (*UebaSettings, bool) { return nil, false } @@ -4423,19 +8931,35 @@ func (sm *SettingsModel) UnmarshalJSON(body []byte) error { return nil } +// ThreatIntelligence threatIntelligence property bag. +type ThreatIntelligence struct { + // Confidence - READ-ONLY; Confidence (must be between 0 and 1) + Confidence *float64 `json:"confidence,omitempty"` + // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received + ProviderName *string `json:"providerName,omitempty"` + // ReportLink - READ-ONLY; Report link + ReportLink *string `json:"reportLink,omitempty"` + // ThreatDescription - READ-ONLY; Threat description (free text) + ThreatDescription *string `json:"threatDescription,omitempty"` + // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") + ThreatName *string `json:"threatName,omitempty"` + // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") + ThreatType *string `json:"threatType,omitempty"` +} + // TIDataConnector represents threat intelligence data connector. type TIDataConnector struct { // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. *TIDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the data connector. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -4455,14 +8979,19 @@ func (tdc TIDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { +// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { return nil, false } -// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { - return &tdc, true +// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false } // AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. @@ -4470,21 +8999,26 @@ func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataCon return nil, false } -// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { +// AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { return nil, false } -// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { +// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { return nil, false } -// AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector. -func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { +// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { return nil, false } +// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return &tdc, true +} + // AsDataConnector is the BasicDataConnector implementation for TIDataConnector. func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -4522,23 +9056,23 @@ func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { } tdc.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - tdc.Type = &typeVar + tdc.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - tdc.Name = &name + tdc.Type = &typeVar } case "etag": if v != nil { @@ -4590,13 +9124,13 @@ type ToggleSettings struct { *ToggleSettingsProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings' + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -4616,16 +9150,16 @@ func (ts ToggleSettings) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsUebaSettings is the BasicSettings implementation for ToggleSettings. -func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool) { - return nil, false -} - // AsToggleSettings is the BasicSettings implementation for ToggleSettings. func (ts ToggleSettings) AsToggleSettings() (*ToggleSettings, bool) { return &ts, true } +// AsUebaSettings is the BasicSettings implementation for ToggleSettings. +func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool) { + return nil, false +} + // AsSettings is the BasicSettings implementation for ToggleSettings. func (ts ToggleSettings) AsSettings() (*Settings, bool) { return nil, false @@ -4663,23 +9197,23 @@ func (ts *ToggleSettings) UnmarshalJSON(body []byte) error { } ts.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - ts.Type = &typeVar + ts.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - ts.Name = &name + ts.Type = &typeVar } case "etag": if v != nil { @@ -4717,13 +9251,13 @@ type UebaSettings struct { *UebaSettingsProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` // Etag - Etag of the alert rule. Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings' + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` } @@ -4743,16 +9277,16 @@ func (us UebaSettings) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// AsUebaSettings is the BasicSettings implementation for UebaSettings. -func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool) { - return &us, true -} - // AsToggleSettings is the BasicSettings implementation for UebaSettings. func (us UebaSettings) AsToggleSettings() (*ToggleSettings, bool) { return nil, false } +// AsUebaSettings is the BasicSettings implementation for UebaSettings. +func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool) { + return &us, true +} + // AsSettings is the BasicSettings implementation for UebaSettings. func (us UebaSettings) AsSettings() (*Settings, bool) { return nil, false @@ -4790,23 +9324,23 @@ func (us *UebaSettings) UnmarshalJSON(body []byte) error { } us.ID = &ID } - case "type": + case "name": if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) + var name string + err = json.Unmarshal(*v, &name) if err != nil { return err } - us.Type = &typeVar + us.Name = &name } - case "name": + case "type": if v != nil { - var name string - err = json.Unmarshal(*v, &name) + var typeVar string + err = json.Unmarshal(*v, &typeVar) if err != nil { return err } - us.Name = &name + us.Type = &typeVar } case "etag": if v != nil { @@ -4834,20 +9368,208 @@ func (us *UebaSettings) UnmarshalJSON(body []byte) error { // UebaSettingsProperties user and Entity Behavior Analytics settings property bag. type UebaSettingsProperties struct { + // AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled' + AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` // IsEnabled - Determines whether User and Entity Behavior Analytics is enabled for this workspace. IsEnabled *bool `json:"isEnabled,omitempty"` // StatusInMcas - READ-ONLY; Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: 'StatusInMcasEnabled', 'StatusInMcasDisabled' StatusInMcas StatusInMcas `json:"statusInMcas,omitempty"` - // AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled' - AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` +} + +// URLEntity represents a url entity. +type URLEntity struct { + // URLEntityProperties - Url entity properties + *URLEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for URLEntity. +func (ue URLEntity) MarshalJSON() ([]byte, error) { + ue.Kind = KindURL + objectMap := make(map[string]interface{}) + if ue.URLEntityProperties != nil { + objectMap["properties"] = ue.URLEntityProperties + } + if ue.Kind != "" { + objectMap["kind"] = ue.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsURLEntity() (*URLEntity, bool) { + return &ue, true +} + +// AsEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for URLEntity. +func (ue URLEntity) AsBasicEntity() (BasicEntity, bool) { + return &ue, true +} + +// UnmarshalJSON is the custom unmarshaler for URLEntity struct. +func (ue *URLEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var URLEntityProperties URLEntityProperties + err = json.Unmarshal(*v, &URLEntityProperties) + if err != nil { + return err + } + ue.URLEntityProperties = &URLEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ue.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ue.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ue.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ue.Kind = kind + } + } + } + + return nil +} + +// URLEntityProperties url entity property bag. +type URLEntityProperties struct { + // URL - READ-ONLY; A full URL the entity points to + URL *string `json:"url,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for URLEntityProperties. +func (uep URLEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) } // UserInfo user information that made some action type UserInfo struct { - // ObjectID - The object id of the user. - ObjectID *uuid.UUID `json:"objectId,omitempty"` - // Email - The email of the user. + // Email - READ-ONLY; The email of the user. Email *string `json:"email,omitempty"` - // Name - The name of the user. + // Name - READ-ONLY; The name of the user. Name *string `json:"name,omitempty"` + // ObjectID - The object id of the user. + ObjectID *uuid.UUID `json:"objectId,omitempty"` } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go index 80cadcd82ce4..854841ce503f 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go @@ -50,16 +50,39 @@ type ActionsClientAPI interface { var _ ActionsClientAPI = (*securityinsight.ActionsClient)(nil) +// AlertRuleTemplatesClientAPI contains the set of methods on the AlertRuleTemplatesClient type. +type AlertRuleTemplatesClientAPI interface { + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result securityinsight.AlertRuleTemplateModel, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.AlertRuleTemplatesListPage, err error) +} + +var _ AlertRuleTemplatesClientAPI = (*securityinsight.AlertRuleTemplatesClient)(nil) + // CasesClientAPI contains the set of methods on the CasesClient type. type CasesClientAPI interface { CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter securityinsight.Case) (result securityinsight.Case, err error) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result autorest.Response, err error) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result securityinsight.Case, err error) - List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.CaseListPage, err error) + GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result securityinsight.CaseComment, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.CaseListPage, err error) } var _ CasesClientAPI = (*securityinsight.CasesClient)(nil) +// CommentsClientAPI contains the set of methods on the CommentsClient type. +type CommentsClientAPI interface { + ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.CaseCommentListPage, err error) +} + +var _ CommentsClientAPI = (*securityinsight.CommentsClient)(nil) + +// CaseCommentsClientAPI contains the set of methods on the CaseCommentsClient type. +type CaseCommentsClientAPI interface { + CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment securityinsight.CaseComment) (result securityinsight.CaseComment, err error) +} + +var _ CaseCommentsClientAPI = (*securityinsight.CaseCommentsClient)(nil) + // BookmarksClientAPI contains the set of methods on the BookmarksClient type. type BookmarksClientAPI interface { CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark securityinsight.Bookmark) (result securityinsight.Bookmark, err error) @@ -82,6 +105,7 @@ var _ DataConnectorsClientAPI = (*securityinsight.DataConnectorsClient)(nil) // EntitiesClientAPI contains the set of methods on the EntitiesClient type. type EntitiesClientAPI interface { + Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters securityinsight.EntityExpandParameters) (result securityinsight.EntityExpandResponse, err error) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (result securityinsight.EntityModel, err error) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.EntityListPage, err error) }