From da5cac1bc9c7b1920787f516ff0a9dff36c03f8f Mon Sep 17 00:00:00 2001 From: SDK Automation Date: Sat, 1 Feb 2020 18:28:46 +0000 Subject: [PATCH] Generated from 8b89b156947e69a1c2da1486da6a77863eb0122c Add custom word for taxii --- .../securityinsight/entitiesrelations.go | 196 ++ .../securityinsight/entityrelations.go | 141 ++ .../securityinsight/incidentcomments.go | 398 ++++ .../securityinsight/incidentrelations.go | 495 +++++ .../securityinsight/incidents.go | 486 +++++ .../securityinsight/models.go | 1645 ++++++++++++++--- .../securityinsightapi/interfaces.go | 47 + 7 files changed, 3124 insertions(+), 284 deletions(-) create mode 100644 services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entitiesrelations.go create mode 100644 services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entityrelations.go create mode 100644 services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidentcomments.go create mode 100644 services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidentrelations.go create mode 100644 services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidents.go diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entitiesrelations.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entitiesrelations.go new file mode 100644 index 000000000000..843c44df8e1d --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entitiesrelations.go @@ -0,0 +1,196 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// EntitiesRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type EntitiesRelationsClient struct { + BaseClient +} + +// NewEntitiesRelationsClient creates an instance of the EntitiesRelationsClient client. +func NewEntitiesRelationsClient(subscriptionID string) EntitiesRelationsClient { + return NewEntitiesRelationsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewEntitiesRelationsClientWithBaseURI creates an instance of the EntitiesRelationsClient client using a custom +// endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure +// stack). +func NewEntitiesRelationsClientWithBaseURI(baseURI string, subscriptionID string) EntitiesRelationsClient { + return EntitiesRelationsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// List gets all relations of an entity. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// entityID - entity ID +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client EntitiesRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/EntitiesRelationsClient.List") + defer func() { + sc := -1 + if result.rl.Response.Response != nil { + sc = result.rl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.EntitiesRelationsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, entityID, filter, orderby, top, skipToken) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesRelationsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.rl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesRelationsClient", "List", resp, "Failure sending request") + return + } + + result.rl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesRelationsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client EntitiesRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "entityId": autorest.Encode("path", entityID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client EntitiesRelationsClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client EntitiesRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client EntitiesRelationsClient) listNextResults(ctx context.Context, lastResults RelationList) (result RelationList, err error) { + req, err := lastResults.relationListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.EntitiesRelationsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.EntitiesRelationsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntitiesRelationsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client EntitiesRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/EntitiesRelationsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, entityID, filter, orderby, top, skipToken) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entityrelations.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entityrelations.go new file mode 100644 index 000000000000..a14f11e9203a --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entityrelations.go @@ -0,0 +1,141 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// EntityRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type EntityRelationsClient struct { + BaseClient +} + +// NewEntityRelationsClient creates an instance of the EntityRelationsClient client. +func NewEntityRelationsClient(subscriptionID string) EntityRelationsClient { + return NewEntityRelationsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewEntityRelationsClientWithBaseURI creates an instance of the EntityRelationsClient client using a custom endpoint. +// Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewEntityRelationsClientWithBaseURI(baseURI string, subscriptionID string) EntityRelationsClient { + return EntityRelationsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// GetRelation gets an entity relation. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// entityID - entity ID +// relationName - relation Name +func (client EntityRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, relationName string) (result Relation, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/EntityRelationsClient.GetRelation") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.EntityRelationsClient", "GetRelation", err.Error()) + } + + req, err := client.GetRelationPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, entityID, relationName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntityRelationsClient", "GetRelation", nil, "Failure preparing request") + return + } + + resp, err := client.GetRelationSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.EntityRelationsClient", "GetRelation", resp, "Failure sending request") + return + } + + result, err = client.GetRelationResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.EntityRelationsClient", "GetRelation", resp, "Failure responding to request") + } + + return +} + +// GetRelationPreparer prepares the GetRelation request. +func (client EntityRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, relationName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "entityId": autorest.Encode("path", entityID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "relationName": autorest.Encode("path", relationName), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetRelationSender sends the GetRelation request. The method will close the +// http.Response Body if it receives an error. +func (client EntityRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetRelationResponder handles the response to the GetRelation request. The method always +// closes the http.Response Body. +func (client EntityRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidentcomments.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidentcomments.go new file mode 100644 index 000000000000..90dfe427eb9c --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidentcomments.go @@ -0,0 +1,398 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// IncidentCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type IncidentCommentsClient struct { + BaseClient +} + +// NewIncidentCommentsClient creates an instance of the IncidentCommentsClient client. +func NewIncidentCommentsClient(subscriptionID string) IncidentCommentsClient { + return NewIncidentCommentsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewIncidentCommentsClientWithBaseURI creates an instance of the IncidentCommentsClient client using a custom +// endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure +// stack). +func NewIncidentCommentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentCommentsClient { + return IncidentCommentsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateComment creates the incident comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// incidentCommentID - incident comment ID +// incidentComment - the incident comment +func (client IncidentCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (result IncidentComment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentsClient.CreateComment") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: incidentComment, + Constraints: []validation.Constraint{{Target: "incidentComment.IncidentCommentProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "incidentComment.IncidentCommentProperties.Message", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentCommentsClient", "CreateComment", err.Error()) + } + + req, err := client.CreateCommentPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, incidentCommentID, incidentComment) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "CreateComment", nil, "Failure preparing request") + return + } + + resp, err := client.CreateCommentSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "CreateComment", resp, "Failure sending request") + return + } + + result, err = client.CreateCommentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "CreateComment", resp, "Failure responding to request") + } + + return +} + +// CreateCommentPreparer prepares the CreateComment request. +func (client IncidentCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentCommentId": autorest.Encode("path", incidentCommentID), + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", pathParameters), + autorest.WithJSON(incidentComment), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateCommentSender sends the CreateComment request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// CreateCommentResponder handles the response to the CreateComment request. The method always +// closes the http.Response Body. +func (client IncidentCommentsClient) CreateCommentResponder(resp *http.Response) (result IncidentComment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// GetComment gets an incident comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// incidentCommentID - incident comment ID +func (client IncidentCommentsClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result IncidentComment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentsClient.GetComment") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentCommentsClient", "GetComment", err.Error()) + } + + req, err := client.GetCommentPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, incidentCommentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "GetComment", nil, "Failure preparing request") + return + } + + resp, err := client.GetCommentSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "GetComment", resp, "Failure sending request") + return + } + + result, err = client.GetCommentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "GetComment", resp, "Failure responding to request") + } + + return +} + +// GetCommentPreparer prepares the GetComment request. +func (client IncidentCommentsClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentCommentId": autorest.Encode("path", incidentCommentID), + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetCommentSender sends the GetComment request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentCommentsClient) GetCommentSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetCommentResponder handles the response to the GetComment request. The method always +// closes the http.Response Body. +func (client IncidentCommentsClient) GetCommentResponder(resp *http.Response) (result IncidentComment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListByIncident gets all incident comments. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client IncidentCommentsClient) ListByIncident(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentsClient.ListByIncident") + defer func() { + sc := -1 + if result.icl.Response.Response != nil { + sc = result.icl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentCommentsClient", "ListByIncident", err.Error()) + } + + result.fn = client.listByIncidentNextResults + req, err := client.ListByIncidentPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, filter, orderby, top, skipToken) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "ListByIncident", nil, "Failure preparing request") + return + } + + resp, err := client.ListByIncidentSender(req) + if err != nil { + result.icl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "ListByIncident", resp, "Failure sending request") + return + } + + result.icl, err = client.ListByIncidentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "ListByIncident", resp, "Failure responding to request") + } + + return +} + +// ListByIncidentPreparer prepares the ListByIncident request. +func (client IncidentCommentsClient) ListByIncidentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListByIncidentSender sends the ListByIncident request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentCommentsClient) ListByIncidentSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListByIncidentResponder handles the response to the ListByIncident request. The method always +// closes the http.Response Body. +func (client IncidentCommentsClient) ListByIncidentResponder(resp *http.Response) (result IncidentCommentList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listByIncidentNextResults retrieves the next set of results, if any. +func (client IncidentCommentsClient) listByIncidentNextResults(ctx context.Context, lastResults IncidentCommentList) (result IncidentCommentList, err error) { + req, err := lastResults.incidentCommentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "listByIncidentNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListByIncidentSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "listByIncidentNextResults", resp, "Failure sending next results request") + } + result, err = client.ListByIncidentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "listByIncidentNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListByIncidentComplete enumerates all values, automatically crossing page boundaries as required. +func (client IncidentCommentsClient) ListByIncidentComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentsClient.ListByIncident") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListByIncident(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, filter, orderby, top, skipToken) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidentrelations.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidentrelations.go new file mode 100644 index 000000000000..0fcc5343caf0 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidentrelations.go @@ -0,0 +1,495 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// IncidentRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type IncidentRelationsClient struct { + BaseClient +} + +// NewIncidentRelationsClient creates an instance of the IncidentRelationsClient client. +func NewIncidentRelationsClient(subscriptionID string) IncidentRelationsClient { + return NewIncidentRelationsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewIncidentRelationsClientWithBaseURI creates an instance of the IncidentRelationsClient client using a custom +// endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure +// stack). +func NewIncidentRelationsClientWithBaseURI(baseURI string, subscriptionID string) IncidentRelationsClient { + return IncidentRelationsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdateRelation creates or updates the incident relation. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// relationName - relation Name +// relation - the relation model +func (client IncidentRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string, relation Relation) (result Relation, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentRelationsClient.CreateOrUpdateRelation") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: relation, + Constraints: []validation.Constraint{{Target: "relation.RelationProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "relation.RelationProperties.RelatedResourceID", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentRelationsClient", "CreateOrUpdateRelation", err.Error()) + } + + req, err := client.CreateOrUpdateRelationPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, relationName, relation) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "CreateOrUpdateRelation", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateRelationSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "CreateOrUpdateRelation", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateRelationResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "CreateOrUpdateRelation", resp, "Failure responding to request") + } + + return +} + +// CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request. +func (client IncidentRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string, relation Relation) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "relationName": autorest.Encode("path", relationName), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", pathParameters), + autorest.WithJSON(relation), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always +// closes the http.Response Body. +func (client IncidentRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result Relation, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// DeleteRelation delete the incident relation. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// relationName - relation Name +func (client IncidentRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentRelationsClient.DeleteRelation") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentRelationsClient", "DeleteRelation", err.Error()) + } + + req, err := client.DeleteRelationPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, relationName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "DeleteRelation", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteRelationSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "DeleteRelation", resp, "Failure sending request") + return + } + + result, err = client.DeleteRelationResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "DeleteRelation", resp, "Failure responding to request") + } + + return +} + +// DeleteRelationPreparer prepares the DeleteRelation request. +func (client IncidentRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "relationName": autorest.Encode("path", relationName), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteRelationSender sends the DeleteRelation request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// DeleteRelationResponder handles the response to the DeleteRelation request. The method always +// closes the http.Response Body. +func (client IncidentRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// GetRelation gets an incident relation. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// relationName - relation Name +func (client IncidentRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (result Relation, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentRelationsClient.GetRelation") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentRelationsClient", "GetRelation", err.Error()) + } + + req, err := client.GetRelationPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, relationName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "GetRelation", nil, "Failure preparing request") + return + } + + resp, err := client.GetRelationSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "GetRelation", resp, "Failure sending request") + return + } + + result, err = client.GetRelationResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "GetRelation", resp, "Failure responding to request") + } + + return +} + +// GetRelationPreparer prepares the GetRelation request. +func (client IncidentRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "relationName": autorest.Encode("path", relationName), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetRelationSender sends the GetRelation request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetRelationResponder handles the response to the GetRelation request. The method always +// closes the http.Response Body. +func (client IncidentRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all incident relations. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client IncidentRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentRelationsClient.List") + defer func() { + sc := -1 + if result.rl.Response.Response != nil { + sc = result.rl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentRelationsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, filter, orderby, top, skipToken) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.rl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "List", resp, "Failure sending request") + return + } + + result.rl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client IncidentRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentRelationsClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client IncidentRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client IncidentRelationsClient) listNextResults(ctx context.Context, lastResults RelationList) (result RelationList, err error) { + req, err := lastResults.relationListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentRelationsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client IncidentRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentRelationsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, filter, orderby, top, skipToken) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidents.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidents.go new file mode 100644 index 000000000000..26bc093b4a09 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/incidents.go @@ -0,0 +1,486 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// IncidentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type IncidentsClient struct { + BaseClient +} + +// NewIncidentsClient creates an instance of the IncidentsClient client. +func NewIncidentsClient(subscriptionID string) IncidentsClient { + return NewIncidentsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewIncidentsClientWithBaseURI creates an instance of the IncidentsClient client using a custom endpoint. Use this +// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewIncidentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentsClient { + return IncidentsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdate creates or updates the incident. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// incident - the incident +func (client IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incident Incident) (result Incident, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.CreateOrUpdate") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: incident, + Constraints: []validation.Constraint{{Target: "incident.IncidentProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "incident.IncidentProperties.Title", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "CreateOrUpdate", err.Error()) + } + + req, err := client.CreateOrUpdatePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID, incident) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "CreateOrUpdate", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "CreateOrUpdate", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "CreateOrUpdate", resp, "Failure responding to request") + } + + return +} + +// CreateOrUpdatePreparer prepares the CreateOrUpdate request. +func (client IncidentsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incident Incident) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", pathParameters), + autorest.WithJSON(incident), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always +// closes the http.Response Body. +func (client IncidentsClient) CreateOrUpdateResponder(resp *http.Response) (result Incident, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete delete the incident. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +func (client IncidentsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Delete", resp, "Failure responding to request") + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client IncidentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) DeleteSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client IncidentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets an incident. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// incidentID - incident ID +func (client IncidentsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result Incident, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, incidentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client IncidentsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) GetSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client IncidentsClient) GetResponder(resp *http.Response) (result Incident, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all incidents. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client IncidentsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.List") + defer func() { + sc := -1 + if result.il.Response.Response != nil { + sc = result.il.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, orderby, top, skipToken) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.il.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "List", resp, "Failure sending request") + return + } + + result.il, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client IncidentsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client IncidentsClient) ListResponder(resp *http.Response) (result IncidentList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client IncidentsClient) listNextResults(ctx context.Context, lastResults IncidentList) (result IncidentList, err error) { + req, err := lastResults.incidentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client IncidentsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, orderby, top, skipToken) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index 66a1ae79c619..5ac190eb82f3 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -257,11 +257,13 @@ const ( DataConnectorKindOffice365 DataConnectorKind = "Office365" // DataConnectorKindThreatIntelligence ... DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" + // DataConnectorKindThreatIntelligenceTaxii ... + DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii" ) // PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. func PossibleDataConnectorKindValues() []DataConnectorKind { - return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence} + return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence, DataConnectorKindThreatIntelligenceTaxii} } // DataConnectorLicenseState enumerates the values for data connector license state. @@ -439,12 +441,42 @@ func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { return []FileHashAlgorithm{MD5, SHA1, SHA256, SHA256AC, Unknown} } +// IncidentClassification enumerates the values for incident classification. +type IncidentClassification string + +const ( + // IncidentClassificationFalsePositive Incident was false positive + IncidentClassificationFalsePositive IncidentClassification = "FalsePositive" + // IncidentClassificationTruePositive Incident was true positive + IncidentClassificationTruePositive IncidentClassification = "TruePositive" + // IncidentClassificationUnknown Incident classification was not set + IncidentClassificationUnknown IncidentClassification = "Unknown" +) + +// PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type. +func PossibleIncidentClassificationValues() []IncidentClassification { + return []IncidentClassification{IncidentClassificationFalsePositive, IncidentClassificationTruePositive, IncidentClassificationUnknown} +} + +// IncidentLabelType enumerates the values for incident label type. +type IncidentLabelType string + +const ( + // System Label automatically created by the system + System IncidentLabelType = "System" + // User Label manually created by a user + User IncidentLabelType = "User" +) + +// PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type. +func PossibleIncidentLabelTypeValues() []IncidentLabelType { + return []IncidentLabelType{System, User} +} + // IncidentSeverity enumerates the values for incident severity. type IncidentSeverity string const ( - // IncidentSeverityCritical Critical severity - IncidentSeverityCritical IncidentSeverity = "Critical" // IncidentSeverityHigh High severity IncidentSeverityHigh IncidentSeverity = "High" // IncidentSeverityInformational Informational severity @@ -457,7 +489,24 @@ const ( // PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type. func PossibleIncidentSeverityValues() []IncidentSeverity { - return []IncidentSeverity{IncidentSeverityCritical, IncidentSeverityHigh, IncidentSeverityInformational, IncidentSeverityLow, IncidentSeverityMedium} + return []IncidentSeverity{IncidentSeverityHigh, IncidentSeverityInformational, IncidentSeverityLow, IncidentSeverityMedium} +} + +// IncidentStatus enumerates the values for incident status. +type IncidentStatus string + +const ( + // IncidentStatusActive An active incident which is being handled + IncidentStatusActive IncidentStatus = "Active" + // IncidentStatusClosed A non-active incident + IncidentStatusClosed IncidentStatus = "Closed" + // IncidentStatusNew An active incident which isn't being handled currently + IncidentStatusNew IncidentStatus = "New" +) + +// PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type. +func PossibleIncidentStatusValues() []IncidentStatus { + return []IncidentStatus{IncidentStatusActive, IncidentStatusClosed, IncidentStatusNew} } // KillChainIntent enumerates the values for kill chain intent. @@ -613,11 +662,13 @@ const ( KindOffice365 KindBasicDataConnector = "Office365" // KindThreatIntelligence ... KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" + // KindThreatIntelligenceTaxii ... + KindThreatIntelligenceTaxii KindBasicDataConnector = "ThreatIntelligenceTaxii" ) // PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { - return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindThreatIntelligence} + return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindThreatIntelligence, KindThreatIntelligenceTaxii} } // KindBasicEntity enumerates the values for kind basic entity. @@ -907,7 +958,7 @@ type AADDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -967,6 +1018,11 @@ func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for AADDataConnector. func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -1072,7 +1128,7 @@ type AATPDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -1132,6 +1188,11 @@ func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for AATPDataConnector. func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -2514,7 +2575,7 @@ type AlertsDataTypeOfDataConnectorAlerts struct { type ASCCheckRequirements struct { // SubscriptionID - The subscription id to connect to, and get the data from. SubscriptionID *string `json:"subscriptionId,omitempty"` - // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` } @@ -2530,7 +2591,7 @@ type ASCDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2590,6 +2651,11 @@ func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for ASCDataConnector. func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -2679,7 +2745,7 @@ type ASCDataConnectorProperties struct { // AwsCloudTrailCheckRequirements amazon Web Services CloudTrail requirements check properties. type AwsCloudTrailCheckRequirements struct { - // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` } @@ -2695,7 +2761,7 @@ type AwsCloudTrailDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -2755,6 +2821,11 @@ func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, b return nil, false } +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -4453,6 +4524,18 @@ type CasesAggregationProperties struct { AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"` } +// ClientInfo information on the client (user or application) that made some action +type ClientInfo struct { + // Email - The email of the client. + Email *string `json:"email,omitempty"` + // Name - The name of the client. + Name *string `json:"name,omitempty"` + // ObjectID - The object id of the client. + ObjectID *uuid.UUID `json:"objectId,omitempty"` + // UserPrincipalName - The user principal name of the client. + UserPrincipalName *string `json:"userPrincipalName,omitempty"` +} + // CloudApplicationEntity represents a cloud application entity. type CloudApplicationEntity struct { // CloudApplicationEntityProperties - CloudApplication entity properties @@ -4707,6 +4790,7 @@ type BasicDataConnector interface { AsMDATPDataConnector() (*MDATPDataConnector, bool) AsOfficeDataConnector() (*OfficeDataConnector, bool) AsTIDataConnector() (*TIDataConnector, bool) + AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) AsDataConnector() (*DataConnector, bool) } @@ -4721,7 +4805,7 @@ type DataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -4765,6 +4849,10 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { var tdc TIDataConnector err := json.Unmarshal(body, &tdc) return tdc, err + case string(KindThreatIntelligenceTaxii): + var ttdc TiTaxiiDataConnector + err := json.Unmarshal(body, &ttdc) + return ttdc, err default: var dc DataConnector err := json.Unmarshal(body, &dc) @@ -4843,6 +4931,11 @@ func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for DataConnector. func (dc DataConnector) AsDataConnector() (*DataConnector, bool) { return &dc, true @@ -4861,7 +4954,7 @@ type DataConnectorDataTypeCommon struct { // DataConnectorKind1 describes an Azure resource with kind. type DataConnectorKind1 struct { - // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` } @@ -5071,7 +5164,7 @@ type DataConnectorRequirementsState struct { // DataConnectorsCheckRequirements data connector requirements properties. type DataConnectorsCheckRequirements struct { - // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` } @@ -6953,137 +7046,35 @@ func (hep HostEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// IncidentInfo describes related incident information for the bookmark -type IncidentInfo struct { - // IncidentID - Incident Id - IncidentID *string `json:"incidentId,omitempty"` - // Severity - The severity of the incident. Possible values include: 'IncidentSeverityCritical', 'IncidentSeverityHigh', 'IncidentSeverityMedium', 'IncidentSeverityLow', 'IncidentSeverityInformational' - Severity IncidentSeverity `json:"severity,omitempty"` - // Title - The title of the incident - Title *string `json:"title,omitempty"` - // RelationName - Relation Name - RelationName *string `json:"relationName,omitempty"` -} - -// IoTDeviceEntity represents an IoT device entity. -type IoTDeviceEntity struct { - // IoTDeviceEntityProperties - IoTDevice entity properties - *IoTDeviceEntityProperties `json:"properties,omitempty"` +// Incident represents an incident in Azure Security Insights. +type Incident struct { + autorest.Response `json:"-"` + // IncidentProperties - Incident properties + *IncidentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' - Kind KindBasicEntity `json:"kind,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` } -// MarshalJSON is the custom marshaler for IoTDeviceEntity. -func (itde IoTDeviceEntity) MarshalJSON() ([]byte, error) { - itde.Kind = KindIoTDevice +// MarshalJSON is the custom marshaler for Incident. +func (i Incident) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - if itde.IoTDeviceEntityProperties != nil { - objectMap["properties"] = itde.IoTDeviceEntityProperties + if i.IncidentProperties != nil { + objectMap["properties"] = i.IncidentProperties } - if itde.Kind != "" { - objectMap["kind"] = itde.Kind + if i.Etag != nil { + objectMap["etag"] = i.Etag } return json.Marshal(objectMap) } -// AsAccountEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} - -// AsAzureResourceEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { - return nil, false -} - -// AsCloudApplicationEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { - return nil, false -} - -// AsDNSEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsDNSEntity() (*DNSEntity, bool) { - return nil, false -} - -// AsFileEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsFileEntity() (*FileEntity, bool) { - return nil, false -} - -// AsFileHashEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsFileHashEntity() (*FileHashEntity, bool) { - return nil, false -} - -// AsHostEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsHostEntity() (*HostEntity, bool) { - return nil, false -} - -// AsIPEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsIPEntity() (*IPEntity, bool) { - return nil, false -} - -// AsMalwareEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsMalwareEntity() (*MalwareEntity, bool) { - return nil, false -} - -// AsProcessEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsProcessEntity() (*ProcessEntity, bool) { - return nil, false -} - -// AsRegistryKeyEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { - return nil, false -} - -// AsRegistryValueEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { - return nil, false -} - -// AsSecurityAlert is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsSecurityAlert() (*SecurityAlert, bool) { - return nil, false -} - -// AsSecurityGroupEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { - return nil, false -} - -// AsURLEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsURLEntity() (*URLEntity, bool) { - return nil, false -} - -// AsIoTDeviceEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) { - return &itde, true -} - -// AsEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsEntity() (*Entity, bool) { - return nil, false -} - -// AsBasicEntity is the BasicEntity implementation for IoTDeviceEntity. -func (itde IoTDeviceEntity) AsBasicEntity() (BasicEntity, bool) { - return &itde, true -} - -// UnmarshalJSON is the custom unmarshaler for IoTDeviceEntity struct. -func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error { +// UnmarshalJSON is the custom unmarshaler for Incident struct. +func (i *Incident) UnmarshalJSON(body []byte) error { var m map[string]*json.RawMessage err := json.Unmarshal(body, &m) if err != nil { @@ -7093,12 +7084,12 @@ func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error { switch k { case "properties": if v != nil { - var ioTDeviceEntityProperties IoTDeviceEntityProperties - err = json.Unmarshal(*v, &ioTDeviceEntityProperties) + var incidentProperties IncidentProperties + err = json.Unmarshal(*v, &incidentProperties) if err != nil { return err } - itde.IoTDeviceEntityProperties = &ioTDeviceEntityProperties + i.IncidentProperties = &incidentProperties } case "id": if v != nil { @@ -7107,7 +7098,7 @@ func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - itde.ID = &ID + i.ID = &ID } case "name": if v != nil { @@ -7116,7 +7107,7 @@ func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - itde.Name = &name + i.Name = &name } case "type": if v != nil { @@ -7125,16 +7116,16 @@ func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error { if err != nil { return err } - itde.Type = &typeVar + i.Type = &typeVar } - case "kind": + case "etag": if v != nil { - var kind KindBasicEntity - err = json.Unmarshal(*v, &kind) + var etag string + err = json.Unmarshal(*v, &etag) if err != nil { return err } - itde.Kind = kind + i.Etag = &etag } } } @@ -7142,67 +7133,693 @@ func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error { return nil } -// IoTDeviceEntityProperties ioTDevice entity property bag. -type IoTDeviceEntityProperties struct { - // DeviceID - READ-ONLY; The ID of the IoT Device in the IoT Hub - DeviceID *string `json:"deviceId,omitempty"` - // IotSecurityAgentID - READ-ONLY; The ID of the security agent running on the device - IotSecurityAgentID *uuid.UUID `json:"iotSecurityAgentId,omitempty"` - // DeviceType - READ-ONLY; The type of the device - DeviceType *string `json:"deviceType,omitempty"` - // Vendor - READ-ONLY; The vendor of the device - Vendor *string `json:"vendor,omitempty"` - // EdgeID - READ-ONLY; The ID of the edge device - EdgeID *string `json:"edgeId,omitempty"` - // IotHubEntityID - READ-ONLY; The AzureResource entity id of the IoT Hub - IotHubEntityID *string `json:"iotHubEntityId,omitempty"` - // HostEntityID - READ-ONLY; The Host entity id of this device - HostEntityID *string `json:"hostEntityId,omitempty"` - // ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the IoTDevice entity. - ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` -} - -// MarshalJSON is the custom marshaler for IoTDeviceEntityProperties. -func (itdep IoTDeviceEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) +// IncidentAdditionalData incident additional data property bag. +type IncidentAdditionalData struct { + // AlertsCount - READ-ONLY; The number of alerts in the incident + AlertsCount *int32 `json:"alertsCount,omitempty"` + // BookmarksCount - READ-ONLY; The number of bookmarks in the incident + BookmarksCount *int32 `json:"bookmarksCount,omitempty"` + // CommentsCount - READ-ONLY; The number of comments in the incident + CommentsCount *int32 `json:"commentsCount,omitempty"` + // AlertProductNames - READ-ONLY; List of product names of alerts in the incident + AlertProductNames *[]string `json:"alertProductNames,omitempty"` } -// IPEntity represents an ip entity. -type IPEntity struct { - // IPEntityProperties - Ip entity properties - *IPEntityProperties `json:"properties,omitempty"` +// IncidentComment represents an incident comment +type IncidentComment struct { + autorest.Response `json:"-"` + // IncidentCommentProperties - Incident comment properties + *IncidentCommentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` - // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' - Kind KindBasicEntity `json:"kind,omitempty"` } -// MarshalJSON is the custom marshaler for IPEntity. -func (ie IPEntity) MarshalJSON() ([]byte, error) { - ie.Kind = KindIP +// MarshalJSON is the custom marshaler for IncidentComment. +func (ic IncidentComment) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - if ie.IPEntityProperties != nil { - objectMap["properties"] = ie.IPEntityProperties - } - if ie.Kind != "" { - objectMap["kind"] = ie.Kind + if ic.IncidentCommentProperties != nil { + objectMap["properties"] = ic.IncidentCommentProperties } return json.Marshal(objectMap) } -// AsAccountEntity is the BasicEntity implementation for IPEntity. -func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool) { - return nil, false -} +// UnmarshalJSON is the custom unmarshaler for IncidentComment struct. +func (ic *IncidentComment) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var incidentCommentProperties IncidentCommentProperties + err = json.Unmarshal(*v, &incidentCommentProperties) + if err != nil { + return err + } + ic.IncidentCommentProperties = &incidentCommentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ic.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ic.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ic.Type = &typeVar + } + } + } + + return nil +} + +// IncidentCommentList list of incident comments. +type IncidentCommentList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of comments. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of comments. + Value *[]IncidentComment `json:"value,omitempty"` +} + +// IncidentCommentListIterator provides access to a complete listing of IncidentComment values. +type IncidentCommentListIterator struct { + i int + page IncidentCommentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *IncidentCommentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *IncidentCommentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter IncidentCommentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter IncidentCommentListIterator) Response() IncidentCommentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter IncidentCommentListIterator) Value() IncidentComment { + if !iter.page.NotDone() { + return IncidentComment{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the IncidentCommentListIterator type. +func NewIncidentCommentListIterator(page IncidentCommentListPage) IncidentCommentListIterator { + return IncidentCommentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (icl IncidentCommentList) IsEmpty() bool { + return icl.Value == nil || len(*icl.Value) == 0 +} + +// incidentCommentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (icl IncidentCommentList) incidentCommentListPreparer(ctx context.Context) (*http.Request, error) { + if icl.NextLink == nil || len(to.String(icl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(icl.NextLink))) +} + +// IncidentCommentListPage contains a page of IncidentComment values. +type IncidentCommentListPage struct { + fn func(context.Context, IncidentCommentList) (IncidentCommentList, error) + icl IncidentCommentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *IncidentCommentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.icl) + if err != nil { + return err + } + page.icl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *IncidentCommentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page IncidentCommentListPage) NotDone() bool { + return !page.icl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page IncidentCommentListPage) Response() IncidentCommentList { + return page.icl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page IncidentCommentListPage) Values() []IncidentComment { + if page.icl.IsEmpty() { + return nil + } + return *page.icl.Value +} + +// Creates a new instance of the IncidentCommentListPage type. +func NewIncidentCommentListPage(getNextPage func(context.Context, IncidentCommentList) (IncidentCommentList, error)) IncidentCommentListPage { + return IncidentCommentListPage{fn: getNextPage} +} + +// IncidentCommentProperties incident comment property bag. +type IncidentCommentProperties struct { + // CreatedTimeUtc - READ-ONLY; The time the comment was created + CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Message - The comment message + Message *string `json:"message,omitempty"` + // Author - READ-ONLY; Describes the client that created the comment + Author *ClientInfo `json:"author,omitempty"` +} + +// IncidentInfo describes related incident information for the bookmark +type IncidentInfo struct { + // IncidentID - Incident Id + IncidentID *string `json:"incidentId,omitempty"` + // Severity - The severity of the incident. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational' + Severity CaseSeverity `json:"severity,omitempty"` + // Title - The title of the incident + Title *string `json:"title,omitempty"` + // RelationName - Relation Name + RelationName *string `json:"relationName,omitempty"` +} + +// IncidentLabel represents an incident label +type IncidentLabel struct { + // LabelName - The name of the label + LabelName *string `json:"labelName,omitempty"` + // LabelType - READ-ONLY; The type of the label. Possible values include: 'User', 'System' + LabelType IncidentLabelType `json:"labelType,omitempty"` +} + +// IncidentList list all the incidents. +type IncidentList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of incidents. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of incidents. + Value *[]Incident `json:"value,omitempty"` +} + +// IncidentListIterator provides access to a complete listing of Incident values. +type IncidentListIterator struct { + i int + page IncidentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *IncidentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *IncidentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter IncidentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter IncidentListIterator) Response() IncidentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter IncidentListIterator) Value() Incident { + if !iter.page.NotDone() { + return Incident{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the IncidentListIterator type. +func NewIncidentListIterator(page IncidentListPage) IncidentListIterator { + return IncidentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (il IncidentList) IsEmpty() bool { + return il.Value == nil || len(*il.Value) == 0 +} + +// incidentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (il IncidentList) incidentListPreparer(ctx context.Context) (*http.Request, error) { + if il.NextLink == nil || len(to.String(il.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(il.NextLink))) +} + +// IncidentListPage contains a page of Incident values. +type IncidentListPage struct { + fn func(context.Context, IncidentList) (IncidentList, error) + il IncidentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *IncidentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.il) + if err != nil { + return err + } + page.il = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *IncidentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page IncidentListPage) NotDone() bool { + return !page.il.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page IncidentListPage) Response() IncidentList { + return page.il +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page IncidentListPage) Values() []Incident { + if page.il.IsEmpty() { + return nil + } + return *page.il.Value +} + +// Creates a new instance of the IncidentListPage type. +func NewIncidentListPage(getNextPage func(context.Context, IncidentList) (IncidentList, error)) IncidentListPage { + return IncidentListPage{fn: getNextPage} +} + +// IncidentOwnerInfo information on the user an incident is assigned to +type IncidentOwnerInfo struct { + // Email - The email of the user the incident is assigned to. + Email *string `json:"email,omitempty"` + // AssignedTo - The name of the user the incident is assigned to. + AssignedTo *string `json:"assignedTo,omitempty"` + // ObjectID - The object id of the user the incident is assigned to. + ObjectID *uuid.UUID `json:"objectId,omitempty"` + // UserPrincipalName - The user principal name of the user the incident is assigned to. + UserPrincipalName *string `json:"userPrincipalName,omitempty"` +} + +// IncidentProperties describes incident properties +type IncidentProperties struct { + // AdditionalData - READ-ONLY; Additional data on the incident + AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty"` + // Classification - The reason the incident was closed. Possible values include: 'IncidentClassificationUnknown', 'IncidentClassificationTruePositive', 'IncidentClassificationFalsePositive' + Classification IncidentClassification `json:"classification,omitempty"` + // CreatedTimeUtc - READ-ONLY; The time the incident was created + CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Description - The description of the incident + Description *string `json:"description,omitempty"` + // FirstActivityTimeUtc - The time of the first activity in the incident + FirstActivityTimeUtc *date.Time `json:"firstActivityTimeUtc,omitempty"` + // IncidentNumber - READ-ONLY; A sequential number + IncidentNumber *int32 `json:"incidentNumber,omitempty"` + // Labels - List of labels relevant to this incident + Labels *[]IncidentLabel `json:"labels,omitempty"` + // LastActivityTimeUtc - The time of the last activity in the incident + LastActivityTimeUtc *date.Time `json:"lastActivityTimeUtc,omitempty"` + // LastModifiedTimeUtc - READ-ONLY; The last time the incident was updated + LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"` + // Owner - Describes a user that the incident is assigned to + Owner *IncidentOwnerInfo `json:"owner,omitempty"` + // Severity - The severity of the incident. Possible values include: 'IncidentSeverityHigh', 'IncidentSeverityMedium', 'IncidentSeverityLow', 'IncidentSeverityInformational' + Severity IncidentSeverity `json:"severity,omitempty"` + // Status - The status of the incident. Possible values include: 'IncidentStatusNew', 'IncidentStatusActive', 'IncidentStatusClosed' + Status IncidentStatus `json:"status,omitempty"` + // Title - The title of the incident + Title *string `json:"title,omitempty"` +} + +// IoTDeviceEntity represents an IoT device entity. +type IoTDeviceEntity struct { + // IoTDeviceEntityProperties - IoTDevice entity properties + *IoTDeviceEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for IoTDeviceEntity. +func (itde IoTDeviceEntity) MarshalJSON() ([]byte, error) { + itde.Kind = KindIoTDevice + objectMap := make(map[string]interface{}) + if itde.IoTDeviceEntityProperties != nil { + objectMap["properties"] = itde.IoTDeviceEntityProperties + } + if itde.Kind != "" { + objectMap["kind"] = itde.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} + +// AsAzureResourceEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { + return nil, false +} + +// AsCloudApplicationEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) { + return nil, false +} + +// AsDNSEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsDNSEntity() (*DNSEntity, bool) { + return nil, false +} + +// AsFileEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsFileEntity() (*FileEntity, bool) { + return nil, false +} + +// AsFileHashEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsFileHashEntity() (*FileHashEntity, bool) { + return nil, false +} + +// AsHostEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsHostEntity() (*HostEntity, bool) { + return nil, false +} + +// AsIPEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsIPEntity() (*IPEntity, bool) { + return nil, false +} + +// AsMalwareEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsMalwareEntity() (*MalwareEntity, bool) { + return nil, false +} + +// AsProcessEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsProcessEntity() (*ProcessEntity, bool) { + return nil, false +} + +// AsRegistryKeyEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) { + return nil, false +} + +// AsRegistryValueEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) { + return nil, false +} + +// AsSecurityAlert is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsSecurityAlert() (*SecurityAlert, bool) { + return nil, false +} + +// AsSecurityGroupEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) { + return nil, false +} + +// AsURLEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsURLEntity() (*URLEntity, bool) { + return nil, false +} + +// AsIoTDeviceEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) { + return &itde, true +} + +// AsEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for IoTDeviceEntity. +func (itde IoTDeviceEntity) AsBasicEntity() (BasicEntity, bool) { + return &itde, true +} + +// UnmarshalJSON is the custom unmarshaler for IoTDeviceEntity struct. +func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var ioTDeviceEntityProperties IoTDeviceEntityProperties + err = json.Unmarshal(*v, &ioTDeviceEntityProperties) + if err != nil { + return err + } + itde.IoTDeviceEntityProperties = &ioTDeviceEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + itde.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + itde.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + itde.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + itde.Kind = kind + } + } + } + + return nil +} + +// IoTDeviceEntityProperties ioTDevice entity property bag. +type IoTDeviceEntityProperties struct { + // DeviceID - READ-ONLY; The ID of the IoT Device in the IoT Hub + DeviceID *string `json:"deviceId,omitempty"` + // IotSecurityAgentID - READ-ONLY; The ID of the security agent running on the device + IotSecurityAgentID *uuid.UUID `json:"iotSecurityAgentId,omitempty"` + // DeviceType - READ-ONLY; The type of the device + DeviceType *string `json:"deviceType,omitempty"` + // Vendor - READ-ONLY; The vendor of the device + Vendor *string `json:"vendor,omitempty"` + // EdgeID - READ-ONLY; The ID of the edge device + EdgeID *string `json:"edgeId,omitempty"` + // IotHubEntityID - READ-ONLY; The AzureResource entity id of the IoT Hub + IotHubEntityID *string `json:"iotHubEntityId,omitempty"` + // HostEntityID - READ-ONLY; The Host entity id of this device + HostEntityID *string `json:"hostEntityId,omitempty"` + // ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the IoTDevice entity. + ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for IoTDeviceEntityProperties. +func (itdep IoTDeviceEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// IPEntity represents an ip entity. +type IPEntity struct { + // IPEntityProperties - Ip entity properties + *IPEntityProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' + Kind KindBasicEntity `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for IPEntity. +func (ie IPEntity) MarshalJSON() ([]byte, error) { + ie.Kind = KindIP + objectMap := make(map[string]interface{}) + if ie.IPEntityProperties != nil { + objectMap["properties"] = ie.IPEntityProperties + } + if ie.Kind != "" { + objectMap["kind"] = ie.Kind + } + return json.Marshal(objectMap) +} + +// AsAccountEntity is the BasicEntity implementation for IPEntity. +func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool) { + return nil, false +} // AsAzureResourceEntity is the BasicEntity implementation for IPEntity. func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) { @@ -7589,7 +8206,7 @@ type MCASDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -7649,6 +8266,11 @@ func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -7770,7 +8392,7 @@ type MDATPDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -7830,6 +8452,11 @@ func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector. func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -8455,7 +9082,7 @@ type OfficeDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -8515,6 +9142,11 @@ func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return nil, false } +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector. func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -9297,115 +9929,348 @@ func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool) { return nil, false } -// AsIoTDeviceEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) { - return nil, false +// AsIoTDeviceEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) { + return nil, false +} + +// AsEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsEntity() (*Entity, bool) { + return nil, false +} + +// AsBasicEntity is the BasicEntity implementation for RegistryValueEntity. +func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool) { + return &rve, true +} + +// UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct. +func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var registryValueEntityProperties RegistryValueEntityProperties + err = json.Unmarshal(*v, ®istryValueEntityProperties) + if err != nil { + return err + } + rve.RegistryValueEntityProperties = ®istryValueEntityProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + rve.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + rve.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + rve.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicEntity + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + rve.Kind = kind + } + } + } + + return nil +} + +// RegistryValueEntityProperties registryValue entity property bag. +type RegistryValueEntityProperties struct { + // KeyEntityID - READ-ONLY; The registry key entity id. + KeyEntityID *string `json:"keyEntityId,omitempty"` + // ValueData - READ-ONLY; String formatted representation of the value data. + ValueData *string `json:"valueData,omitempty"` + // ValueName - READ-ONLY; The registry value name. + ValueName *string `json:"valueName,omitempty"` + // ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord' + ValueType RegistryValueKind `json:"valueType,omitempty"` + // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData"` + // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty"` +} + +// MarshalJSON is the custom marshaler for RegistryValueEntityProperties. +func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + return json.Marshal(objectMap) +} + +// Relation represents a relation between two resources +type Relation struct { + autorest.Response `json:"-"` + // RelationProperties - Relation properties + *RelationProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for Relation. +func (r Relation) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if r.RelationProperties != nil { + objectMap["properties"] = r.RelationProperties + } + if r.Etag != nil { + objectMap["etag"] = r.Etag + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for Relation struct. +func (r *Relation) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var relationProperties RelationProperties + err = json.Unmarshal(*v, &relationProperties) + if err != nil { + return err + } + r.RelationProperties = &relationProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + r.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + r.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + r.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + r.Etag = &etag + } + } + } + + return nil +} + +// RelationBase represents a relation +type RelationBase struct { + // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' + Kind RelationTypes `json:"kind,omitempty"` + // Etag - ETag for relation + Etag *string `json:"etag,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// RelationList list of relations. +type RelationList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of relations. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of relations. + Value *[]Relation `json:"value,omitempty"` +} + +// RelationListIterator provides access to a complete listing of Relation values. +type RelationListIterator struct { + i int + page RelationListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *RelationListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/RelationListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *RelationListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter RelationListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter RelationListIterator) Response() RelationList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter RelationListIterator) Value() Relation { + if !iter.page.NotDone() { + return Relation{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the RelationListIterator type. +func NewRelationListIterator(page RelationListPage) RelationListIterator { + return RelationListIterator{page: page} } -// AsEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsEntity() (*Entity, bool) { - return nil, false +// IsEmpty returns true if the ListResult contains no values. +func (rl RelationList) IsEmpty() bool { + return rl.Value == nil || len(*rl.Value) == 0 } -// AsBasicEntity is the BasicEntity implementation for RegistryValueEntity. -func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool) { - return &rve, true +// relationListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (rl RelationList) relationListPreparer(ctx context.Context) (*http.Request, error) { + if rl.NextLink == nil || len(to.String(rl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(rl.NextLink))) } -// UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct. -func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error { - var m map[string]*json.RawMessage - err := json.Unmarshal(body, &m) +// RelationListPage contains a page of Relation values. +type RelationListPage struct { + fn func(context.Context, RelationList) (RelationList, error) + rl RelationList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *RelationListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/RelationListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.rl) if err != nil { return err } - for k, v := range m { - switch k { - case "properties": - if v != nil { - var registryValueEntityProperties RegistryValueEntityProperties - err = json.Unmarshal(*v, ®istryValueEntityProperties) - if err != nil { - return err - } - rve.RegistryValueEntityProperties = ®istryValueEntityProperties - } - case "id": - if v != nil { - var ID string - err = json.Unmarshal(*v, &ID) - if err != nil { - return err - } - rve.ID = &ID - } - case "name": - if v != nil { - var name string - err = json.Unmarshal(*v, &name) - if err != nil { - return err - } - rve.Name = &name - } - case "type": - if v != nil { - var typeVar string - err = json.Unmarshal(*v, &typeVar) - if err != nil { - return err - } - rve.Type = &typeVar - } - case "kind": - if v != nil { - var kind KindBasicEntity - err = json.Unmarshal(*v, &kind) - if err != nil { - return err - } - rve.Kind = kind - } - } - } - + page.rl = next return nil } -// RegistryValueEntityProperties registryValue entity property bag. -type RegistryValueEntityProperties struct { - // KeyEntityID - READ-ONLY; The registry key entity id. - KeyEntityID *string `json:"keyEntityId,omitempty"` - // ValueData - READ-ONLY; String formatted representation of the value data. - ValueData *string `json:"valueData,omitempty"` - // ValueName - READ-ONLY; The registry value name. - ValueName *string `json:"valueName,omitempty"` - // ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord' - ValueType RegistryValueKind `json:"valueType,omitempty"` - // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData"` - // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty"` +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *RelationListPage) Next() error { + return page.NextWithContext(context.Background()) } -// MarshalJSON is the custom marshaler for RegistryValueEntityProperties. -func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - return json.Marshal(objectMap) +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page RelationListPage) NotDone() bool { + return !page.rl.IsEmpty() } -// RelationBase represents a relation -type RelationBase struct { - // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' - Kind RelationTypes `json:"kind,omitempty"` - // Etag - ETag for relation - Etag *string `json:"etag,omitempty"` - // ID - READ-ONLY; Azure resource Id - ID *string `json:"id,omitempty"` - // Name - READ-ONLY; Azure resource name - Name *string `json:"name,omitempty"` - // Type - READ-ONLY; Azure resource type - Type *string `json:"type,omitempty"` +// Response returns the raw server response from the last page request. +func (page RelationListPage) Response() RelationList { + return page.rl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page RelationListPage) Values() []Relation { + if page.rl.IsEmpty() { + return nil + } + return *page.rl.Value +} + +// Creates a new instance of the RelationListPage type. +func NewRelationListPage(getNextPage func(context.Context, RelationList) (RelationList, error)) RelationListPage { + return RelationListPage{fn: getNextPage} } // RelationNode relation node @@ -9435,6 +10300,18 @@ func (rn RelationNode) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// RelationProperties relation property bag. +type RelationProperties struct { + // RelatedResourceID - The resource ID of the related resource + RelatedResourceID *string `json:"relatedResourceId,omitempty"` + // RelatedResourceName - The name of the related resource + RelatedResourceName *string `json:"relatedResourceName,omitempty"` + // RelatedResourceType - READ-ONLY; The resource type of the related resource + RelatedResourceType *string `json:"relatedResourceType,omitempty"` + // RelatedResourceKind - READ-ONLY; The resource kind of the related resource + RelatedResourceKind *string `json:"relatedResourceKind,omitempty"` +} + // RelationsModelInput relation input model type RelationsModelInput struct { // RelationsModelInputProperties - Relation input properties @@ -10474,7 +11351,7 @@ type TIDataConnector struct { Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` - // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` } @@ -10534,6 +11411,11 @@ func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { return &tdc, true } +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return nil, false +} + // AsDataConnector is the BasicDataConnector implementation for TIDataConnector. func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { return nil, false @@ -10633,6 +11515,201 @@ type TIDataConnectorProperties struct { TenantID *string `json:"tenantId,omitempty"` } +// TiTaxiiCheckRequirements ti Taxii (Threat Intelligence Taxii) requirements check properties. +type TiTaxiiCheckRequirements struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// TiTaxiiDataConnector represents threat intelligence taxii data connector. +type TiTaxiiDataConnector struct { + // TiTaxiiDataConnectorProperties - Threat intelligence taxii client data connector properties. + *TiTaxiiDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) MarshalJSON() ([]byte, error) { + ttdc.Kind = KindThreatIntelligenceTaxii + objectMap := make(map[string]interface{}) + if ttdc.TiTaxiiDataConnectorProperties != nil { + objectMap["properties"] = ttdc.TiTaxiiDataConnectorProperties + } + if ttdc.Etag != nil { + objectMap["etag"] = ttdc.Etag + } + if ttdc.Kind != "" { + objectMap["kind"] = ttdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsTiTaxiiDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) { + return &ttdc, true +} + +// AsDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector. +func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &ttdc, true +} + +// UnmarshalJSON is the custom unmarshaler for TiTaxiiDataConnector struct. +func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var tiTaxiiDataConnectorProperties TiTaxiiDataConnectorProperties + err = json.Unmarshal(*v, &tiTaxiiDataConnectorProperties) + if err != nil { + return err + } + ttdc.TiTaxiiDataConnectorProperties = &tiTaxiiDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ttdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ttdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ttdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ttdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ttdc.Kind = kind + } + } + } + + return nil +} + +// TiTaxiiDataConnectorDataTypes the available data types for Threat Intelligence taxii client data +// connector. +type TiTaxiiDataConnectorDataTypes struct { + // TaxiiClient - Data type for taxii client. + TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"` +} + +// TiTaxiiDataConnectorDataTypesTaxiiClient data type for taxii client. +type TiTaxiiDataConnectorDataTypesTaxiiClient struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// TiTaxiiDataConnectorProperties threat Intelligence taxii client data connector properties. +type TiTaxiiDataConnectorProperties struct { + // WorkspaceID - The workspace id. + WorkspaceID *string `json:"workspaceId,omitempty"` + // FriendlyName - The friendly name for taxii client connector. + FriendlyName *string `json:"friendlyName,omitempty"` + // TaxiiServer - The API root server for taxii client. + TaxiiServer *string `json:"taxiiServer,omitempty"` + // CollectionID - The taxii collection id. + CollectionID *string `json:"collectionId,omitempty"` + // UserName - The taxii server user name. + UserName *string `json:"userName,omitempty"` + // Password - The taxii server password. + Password *string `json:"password,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + // ToggleSettings settings with single toggle. type ToggleSettings struct { // ToggleSettingsProperties - toggle properties diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go index 374637a85817..b413e4379fea 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go @@ -150,6 +150,21 @@ type EntitiesClientAPI interface { var _ EntitiesClientAPI = (*securityinsight.EntitiesClient)(nil) +// EntitiesRelationsClientAPI contains the set of methods on the EntitiesRelationsClient type. +type EntitiesRelationsClientAPI interface { + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.RelationListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.RelationListIterator, err error) +} + +var _ EntitiesRelationsClientAPI = (*securityinsight.EntitiesRelationsClient)(nil) + +// EntityRelationsClientAPI contains the set of methods on the EntityRelationsClient type. +type EntityRelationsClientAPI interface { + GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, relationName string) (result securityinsight.Relation, err error) +} + +var _ EntityRelationsClientAPI = (*securityinsight.EntityRelationsClient)(nil) + // OfficeConsentsClientAPI contains the set of methods on the OfficeConsentsClient type. type OfficeConsentsClientAPI interface { Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (result autorest.Response, err error) @@ -183,3 +198,35 @@ type EntityQueriesClientAPI interface { } var _ EntityQueriesClientAPI = (*securityinsight.EntityQueriesClient)(nil) + +// IncidentsClientAPI contains the set of methods on the IncidentsClient type. +type IncidentsClientAPI interface { + CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incident securityinsight.Incident) (result securityinsight.Incident, err error) + Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result securityinsight.Incident, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentListIterator, err error) +} + +var _ IncidentsClientAPI = (*securityinsight.IncidentsClient)(nil) + +// IncidentCommentsClientAPI contains the set of methods on the IncidentCommentsClient type. +type IncidentCommentsClientAPI interface { + CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string, incidentComment securityinsight.IncidentComment) (result securityinsight.IncidentComment, err error) + GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result securityinsight.IncidentComment, err error) + ListByIncident(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentCommentListPage, err error) + ListByIncidentComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentCommentListIterator, err error) +} + +var _ IncidentCommentsClientAPI = (*securityinsight.IncidentCommentsClient)(nil) + +// IncidentRelationsClientAPI contains the set of methods on the IncidentRelationsClient type. +type IncidentRelationsClientAPI interface { + CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string, relation securityinsight.Relation) (result securityinsight.Relation, err error) + DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (result autorest.Response, err error) + GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (result securityinsight.Relation, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.RelationListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.RelationListIterator, err error) +} + +var _ IncidentRelationsClientAPI = (*securityinsight.IncidentRelationsClient)(nil)